diff --git a/balancers/balancers.go b/balancers/balancers.go
index 2fe525a53..7c1723df9 100644
--- a/balancers/balancers.go
+++ b/balancers/balancers.go
@@ -1,158 +1,87 @@
package balancers
import (
- "sort"
- "strings"
-
balancerConfig "github.com/ydb-platform/ydb-go-sdk/v3/internal/balancer/config"
"github.com/ydb-platform/ydb-go-sdk/v3/internal/conn"
- "github.com/ydb-platform/ydb-go-sdk/v3/internal/xstring"
)
// Deprecated: RoundRobin is an alias to RandomChoice now
// Will be removed after Oct 2024.
// Read about versioning policy: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#deprecated
func RoundRobin() *balancerConfig.Config {
- return &balancerConfig.Config{}
+ return balancerConfig.New()
}
func RandomChoice() *balancerConfig.Config {
- return &balancerConfig.Config{}
+ return balancerConfig.New()
}
func SingleConn() *balancerConfig.Config {
- return &balancerConfig.Config{
- SingleConn: true,
- }
-}
-
-type filterLocalDC struct{}
-
-func (filterLocalDC) Allow(info balancerConfig.Info, c conn.Conn) bool {
- return c.Endpoint().Location() == info.SelfLocation
-}
-
-func (filterLocalDC) String() string {
- return "LocalDC"
+ return balancerConfig.New(balancerConfig.UseSingleConn())
}
// PreferLocalDC creates balancer which use endpoints only in location such as initial endpoint location
// Balancer "balancer" defines balancing algorithm between endpoints selected with filter by location
// PreferLocalDC balancer try to autodetect local DC from client side.
func PreferLocalDC(balancer *balancerConfig.Config) *balancerConfig.Config {
- balancer.Filter = filterLocalDC{}
- balancer.DetectLocalDC = true
-
- return balancer
+ return balancer.With(
+ balancerConfig.FilterLocalDC(),
+ balancerConfig.DetectLocalDC(),
+ )
}
// PreferLocalDCWithFallBack creates balancer which use endpoints only in location such as initial endpoint location
// Balancer "balancer" defines balancing algorithm between endpoints selected with filter by location
// If filter returned zero endpoints from all discovery endpoints list - used all endpoint instead
func PreferLocalDCWithFallBack(balancer *balancerConfig.Config) *balancerConfig.Config {
- balancer = PreferLocalDC(balancer)
- balancer.AllowFallback = true
-
- return balancer
-}
-
-type filterLocations []string
-
-func (locations filterLocations) Allow(_ balancerConfig.Info, c conn.Conn) bool {
- location := strings.ToUpper(c.Endpoint().Location())
- for _, l := range locations {
- if location == l {
- return true
- }
- }
-
- return false
-}
-
-func (locations filterLocations) String() string {
- buffer := xstring.Buffer()
- defer buffer.Free()
-
- buffer.WriteString("Locations{")
- for i, l := range locations {
- if i != 0 {
- buffer.WriteByte(',')
- }
- buffer.WriteString(l)
- }
- buffer.WriteByte('}')
-
- return buffer.String()
+ return PreferLocalDC(balancer).With(balancerConfig.AllowFallback())
}
// PreferLocations creates balancer which use endpoints only in selected locations (such as "ABC", "DEF", etc.)
// Balancer "balancer" defines balancing algorithm between endpoints selected with filter by location
func PreferLocations(balancer *balancerConfig.Config, locations ...string) *balancerConfig.Config {
- if len(locations) == 0 {
- panic("empty list of locations")
- }
- for i := range locations {
- locations[i] = strings.ToUpper(locations[i])
- }
- sort.Strings(locations)
- balancer.Filter = filterLocations(locations)
-
- return balancer
+ return balancer.With(balancerConfig.FilterLocations(locations...))
}
// PreferLocationsWithFallback creates balancer which use endpoints only in selected locations
// Balancer "balancer" defines balancing algorithm between endpoints selected with filter by location
// If filter returned zero endpoints from all discovery endpoints list - used all endpoint instead
func PreferLocationsWithFallback(balancer *balancerConfig.Config, locations ...string) *balancerConfig.Config {
- balancer = PreferLocations(balancer, locations...)
- balancer.AllowFallback = true
-
- return balancer
+ return balancer.With(
+ balancerConfig.FilterLocations(locations...),
+ balancerConfig.AllowFallback(),
+ )
}
type Endpoint interface {
NodeID() uint32
Address() string
Location() string
-
- // Deprecated: LocalDC check "local" by compare endpoint location with discovery "selflocation" field.
- // It work good only if connection url always point to local dc.
- // Will be removed after Oct 2024.
- // Read about versioning policy: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#deprecated
- LocalDC() bool
-}
-
-type filterFunc func(info balancerConfig.Info, c conn.Conn) bool
-
-func (p filterFunc) Allow(info balancerConfig.Info, c conn.Conn) bool {
- return p(info, c)
-}
-
-func (p filterFunc) String() string {
- return "Custom"
}
// Prefer creates balancer which use endpoints by filter
// Balancer "balancer" defines balancing algorithm between endpoints selected with filter
func Prefer(balancer *balancerConfig.Config, filter func(endpoint Endpoint) bool) *balancerConfig.Config {
- balancer.Filter = filterFunc(func(_ balancerConfig.Info, c conn.Conn) bool {
- return filter(c.Endpoint())
- })
-
- return balancer
+ return balancer.With(
+ balancerConfig.FilterFunc(func(_ balancerConfig.Info, c conn.Info) bool {
+ return filter(c)
+ }),
+ )
}
// PreferWithFallback creates balancer which use endpoints by filter
// Balancer "balancer" defines balancing algorithm between endpoints selected with filter
// If filter returned zero endpoints from all discovery endpoints list - used all endpoint instead
-func PreferWithFallback(balancer *balancerConfig.Config, filter func(endpoint Endpoint) bool) *balancerConfig.Config {
- balancer = Prefer(balancer, filter)
- balancer.AllowFallback = true
-
- return balancer
+func PreferWithFallback(balancer *balancerConfig.Config, filter func(endpoint conn.Info) bool) *balancerConfig.Config {
+ return balancer.With(
+ balancerConfig.FilterFunc(func(_ balancerConfig.Info, c conn.Info) bool {
+ return filter(c)
+ }),
+ balancerConfig.AllowFallback(),
+ )
}
// Default balancer used by default
func Default() *balancerConfig.Config {
- return RandomChoice()
+ return balancerConfig.New()
}
diff --git a/balancers/balancers_test.go b/balancers/balancers_test.go
index 75d0758b0..3368986bf 100644
--- a/balancers/balancers_test.go
+++ b/balancers/balancers_test.go
@@ -4,6 +4,7 @@ import (
"testing"
"github.com/stretchr/testify/require"
+ "google.golang.org/grpc/connectivity"
balancerConfig "github.com/ydb-platform/ydb-go-sdk/v3/internal/balancer/config"
"github.com/ydb-platform/ydb-go-sdk/v3/internal/conn"
@@ -11,58 +12,55 @@ import (
)
func TestPreferLocalDC(t *testing.T) {
- conns := []conn.Conn{
- &mock.Conn{AddrField: "1", LocationField: "1"},
- &mock.Conn{AddrField: "2", State: conn.Online, LocationField: "2"},
- &mock.Conn{AddrField: "3", State: conn.Online, LocationField: "2"},
+ conns := []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "1", LocationField: "1"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "2", LocationField: "2"}, StateField: connectivity.Ready},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "3", LocationField: "2"}, StateField: connectivity.Ready},
}
rr := PreferLocalDC(RandomChoice())
- require.False(t, rr.AllowFallback)
- require.Equal(t, []conn.Conn{conns[1], conns[2]}, applyPreferFilter(balancerConfig.Info{SelfLocation: "2"}, rr, conns))
+ require.False(t, rr.AllowFallback())
+ require.Equal(t, []conn.Info{conns[1], conns[2]}, applyPreferFilter(balancerConfig.Info{SelfLocation: "2"}, rr, conns))
}
func TestPreferLocalDCWithFallBack(t *testing.T) {
- conns := []conn.Conn{
- &mock.Conn{AddrField: "1", LocationField: "1"},
- &mock.Conn{AddrField: "2", State: conn.Online, LocationField: "2"},
- &mock.Conn{AddrField: "3", State: conn.Online, LocationField: "2"},
+ conns := []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "1", LocationField: "1"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "2", LocationField: "2"}, StateField: connectivity.Ready},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "3", LocationField: "2"}, StateField: connectivity.Ready},
}
rr := PreferLocalDCWithFallBack(RandomChoice())
- require.True(t, rr.AllowFallback)
- require.Equal(t, []conn.Conn{conns[1], conns[2]}, applyPreferFilter(balancerConfig.Info{SelfLocation: "2"}, rr, conns))
+ require.True(t, rr.AllowFallback())
+ require.Equal(t, []conn.Info{conns[1], conns[2]}, applyPreferFilter(balancerConfig.Info{SelfLocation: "2"}, rr, conns))
}
func TestPreferLocations(t *testing.T) {
- conns := []conn.Conn{
- &mock.Conn{AddrField: "1", LocationField: "zero", State: conn.Online},
- &mock.Conn{AddrField: "2", State: conn.Online, LocationField: "one"},
- &mock.Conn{AddrField: "3", State: conn.Online, LocationField: "two"},
+ conns := []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "1", LocationField: "zero"}, StateField: connectivity.Ready},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "2", LocationField: "one"}, StateField: connectivity.Ready},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "3", LocationField: "two"}, StateField: connectivity.Ready},
}
rr := PreferLocations(RandomChoice(), "zero", "two")
- require.False(t, rr.AllowFallback)
- require.Equal(t, []conn.Conn{conns[0], conns[2]}, applyPreferFilter(balancerConfig.Info{}, rr, conns))
+ require.False(t, rr.AllowFallback())
+ require.Equal(t, []conn.Info{conns[0], conns[2]}, applyPreferFilter(balancerConfig.Info{}, rr, conns))
}
func TestPreferLocationsWithFallback(t *testing.T) {
- conns := []conn.Conn{
- &mock.Conn{AddrField: "1", LocationField: "zero", State: conn.Online},
- &mock.Conn{AddrField: "2", State: conn.Online, LocationField: "one"},
- &mock.Conn{AddrField: "3", State: conn.Online, LocationField: "two"},
+ conns := []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "1", LocationField: "zero"}, StateField: connectivity.Ready},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "2", LocationField: "one"}, StateField: connectivity.Ready},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "3", LocationField: "two"}, StateField: connectivity.Ready},
}
rr := PreferLocationsWithFallback(RandomChoice(), "zero", "two")
- require.True(t, rr.AllowFallback)
- require.Equal(t, []conn.Conn{conns[0], conns[2]}, applyPreferFilter(balancerConfig.Info{}, rr, conns))
+ require.True(t, rr.AllowFallback())
+ require.Equal(t, []conn.Info{conns[0], conns[2]}, applyPreferFilter(balancerConfig.Info{}, rr, conns))
}
-func applyPreferFilter(info balancerConfig.Info, b *balancerConfig.Config, conns []conn.Conn) []conn.Conn {
- if b.Filter == nil {
- b.Filter = filterFunc(func(info balancerConfig.Info, c conn.Conn) bool { return true })
- }
- res := make([]conn.Conn, 0, len(conns))
+func applyPreferFilter(info balancerConfig.Info, b *balancerConfig.Config, conns []conn.Info) []conn.Info {
+ res := make([]conn.Info, 0, len(conns))
for _, c := range conns {
- if b.Filter.Allow(info, c) {
+ if b.Filter(info, c) {
res = append(res, c)
}
}
diff --git a/balancers/config_test.go b/balancers/config_test.go
index 943e3f123..bf9c0711a 100644
--- a/balancers/config_test.go
+++ b/balancers/config_test.go
@@ -13,55 +13,55 @@ func TestFromConfig(t *testing.T) {
for _, tt := range []struct {
name string
config string
- res balancerConfig.Config
+ res *balancerConfig.Config
fail bool
}{
{
name: "empty",
config: ``,
- res: balancerConfig.Config{},
+ res: balancerConfig.New(),
fail: true,
},
{
name: "disable",
config: `disable`,
- res: balancerConfig.Config{SingleConn: true},
+ res: balancerConfig.New(balancerConfig.UseSingleConn()),
},
{
name: "single",
config: `single`,
- res: balancerConfig.Config{SingleConn: true},
+ res: balancerConfig.New(balancerConfig.UseSingleConn()),
},
{
name: "single/JSON",
config: `{
"type": "single"
}`,
- res: balancerConfig.Config{SingleConn: true},
+ res: balancerConfig.New(balancerConfig.UseSingleConn()),
},
{
name: "round_robin",
config: `round_robin`,
- res: balancerConfig.Config{},
+ res: balancerConfig.New(),
},
{
name: "round_robin/JSON",
config: `{
"type": "round_robin"
}`,
- res: balancerConfig.Config{},
+ res: balancerConfig.New(),
},
{
name: "random_choice",
config: `random_choice`,
- res: balancerConfig.Config{},
+ res: balancerConfig.New(),
},
{
name: "random_choice/JSON",
config: `{
"type": "random_choice"
}`,
- res: balancerConfig.Config{},
+ res: balancerConfig.New(),
},
{
name: "prefer_local_dc",
@@ -69,13 +69,13 @@ func TestFromConfig(t *testing.T) {
"type": "random_choice",
"prefer": "local_dc"
}`,
- res: balancerConfig.Config{
- DetectLocalDC: true,
- Filter: filterFunc(func(info balancerConfig.Info, c conn.Conn) bool {
+ res: balancerConfig.New(
+ balancerConfig.DetectLocalDC(),
+ balancerConfig.FilterFunc(func(info balancerConfig.Info, c conn.Info) bool {
// some non nil func
return false
}),
- },
+ ),
},
{
name: "prefer_unknown_type",
@@ -92,14 +92,14 @@ func TestFromConfig(t *testing.T) {
"prefer": "local_dc",
"fallback": true
}`,
- res: balancerConfig.Config{
- AllowFallback: true,
- DetectLocalDC: true,
- Filter: filterFunc(func(info balancerConfig.Info, c conn.Conn) bool {
+ res: balancerConfig.New(
+ balancerConfig.AllowFallback(),
+ balancerConfig.DetectLocalDC(),
+ balancerConfig.FilterFunc(func(info balancerConfig.Info, c conn.Info) bool {
// some non nil func
return false
}),
- },
+ ),
},
{
name: "prefer_locations",
@@ -108,12 +108,12 @@ func TestFromConfig(t *testing.T) {
"prefer": "locations",
"locations": ["AAA", "BBB", "CCC"]
}`,
- res: balancerConfig.Config{
- Filter: filterFunc(func(info balancerConfig.Info, c conn.Conn) bool {
+ res: balancerConfig.New(
+ balancerConfig.FilterFunc(func(info balancerConfig.Info, c conn.Info) bool {
// some non nil func
return false
}),
- },
+ ),
},
{
name: "prefer_locations_with_fallback",
@@ -123,19 +123,19 @@ func TestFromConfig(t *testing.T) {
"locations": ["AAA", "BBB", "CCC"],
"fallback": true
}`,
- res: balancerConfig.Config{
- AllowFallback: true,
- Filter: filterFunc(func(info balancerConfig.Info, c conn.Conn) bool {
+ res: balancerConfig.New(
+ balancerConfig.AllowFallback(),
+ balancerConfig.FilterFunc(func(info balancerConfig.Info, c conn.Info) bool {
// some non nil func
return false
}),
- },
+ ),
},
} {
t.Run(tt.name, func(t *testing.T) {
var (
actErr error
- fallback = &balancerConfig.Config{}
+ fallback = balancerConfig.New()
)
b := FromConfig(
tt.config,
@@ -155,13 +155,10 @@ func TestFromConfig(t *testing.T) {
}
// function pointers can check equal to nil only
- if tt.res.Filter != nil {
- require.NotNil(t, b.Filter)
- b.Filter = nil
- tt.res.Filter = nil
- }
+ b = b.With(balancerConfig.FilterFunc(nil))
+ tt.res = tt.res.With(balancerConfig.FilterFunc(nil))
- require.Equal(t, tt.res, *b)
+ require.Equal(t, tt.res, b)
})
}
}
diff --git a/config/config.go b/config/config.go
index 28ffd0f90..1817cc99e 100644
--- a/config/config.go
+++ b/config/config.go
@@ -117,6 +117,7 @@ func WithInternalDNSResolver() Option {
func WithEndpoint(endpoint string) Option {
return func(c *Config) {
c.endpoint = endpoint
+ c.balancerConfig = c.balancerConfig.With(balancerConfig.WithEndpoint(endpoint))
}
}
@@ -132,6 +133,7 @@ func WithSecure(secure bool) Option {
func WithDatabase(database string) Option {
return func(c *Config) {
c.database = database
+ c.balancerConfig = c.balancerConfig.With(balancerConfig.WithDatabase(database))
}
}
@@ -154,6 +156,7 @@ func WithTLSConfig(tlsConfig *tls.Config) Option {
func WithTrace(t trace.Driver, opts ...trace.DriverComposeOption) Option { //nolint:gocritic
return func(c *Config) {
c.trace = c.trace.Compose(&t, opts...)
+ c.balancerConfig = c.balancerConfig.With(balancerConfig.WithTrace(c.trace))
}
}
@@ -190,6 +193,7 @@ func WithConnectionTTL(ttl time.Duration) Option {
func WithCredentials(credentials credentials.Credentials) Option {
return func(c *Config) {
c.credentials = credentials
+ c.balancerConfig = c.balancerConfig.With(balancerConfig.WithCredentials(credentials))
}
}
@@ -234,6 +238,7 @@ func WithPanicCallback(panicCallback func(e interface{})) Option {
func WithDialTimeout(timeout time.Duration) Option {
return func(c *Config) {
c.dialTimeout = timeout
+ c.balancerConfig = c.balancerConfig.With(balancerConfig.WithDialTimeout(timeout))
}
}
@@ -289,6 +294,7 @@ func New(opts ...Option) *Config {
}
c.meta = meta.New(c.database, c.credentials, c.trace, c.metaOptions...)
+ c.balancerConfig = c.balancerConfig.With(balancerConfig.WithMeta(c.meta))
return c
}
@@ -306,6 +312,7 @@ func (c *Config) With(opts ...Option) *Config {
c.trace,
c.metaOptions...,
)
+ c.balancerConfig = c.balancerConfig.With(balancerConfig.WithMeta(c.meta))
return c
}
diff --git a/config/defaults.go b/config/defaults.go
index e63867808..7856f205f 100644
--- a/config/defaults.go
+++ b/config/defaults.go
@@ -10,8 +10,8 @@ import (
"google.golang.org/grpc/credentials/insecure"
"google.golang.org/grpc/keepalive"
- "github.com/ydb-platform/ydb-go-sdk/v3/balancers"
"github.com/ydb-platform/ydb-go-sdk/v3/credentials"
+ balancerConfig "github.com/ydb-platform/ydb-go-sdk/v3/internal/balancer/config"
"github.com/ydb-platform/ydb-go-sdk/v3/internal/stack"
"github.com/ydb-platform/ydb-go-sdk/v3/internal/xresolver"
"github.com/ydb-platform/ydb-go-sdk/v3/trace"
@@ -89,7 +89,7 @@ func defaultConfig() (c *Config) {
credentials: credentials.NewAnonymousCredentials(
credentials.WithSourceInfo(stack.Record(0)),
),
- balancerConfig: balancers.Default(),
+ balancerConfig: balancerConfig.New(),
tlsConfig: defaultTLSConfig(),
dialTimeout: DefaultDialTimeout,
trace: &trace.Driver{},
diff --git a/discovery/discovery.go b/discovery/discovery.go
index 37adc01cc..c7e0ff6a4 100644
--- a/discovery/discovery.go
+++ b/discovery/discovery.go
@@ -18,6 +18,6 @@ func (w WhoAmI) String() string {
}
type Client interface {
- Discover(ctx context.Context) ([]endpoint.Endpoint, error)
+ Discover(ctx context.Context) ([]endpoint.Info, error)
WhoAmI(ctx context.Context) (*WhoAmI, error)
}
diff --git a/driver.go b/driver.go
index 592466443..a8e7d4420 100644
--- a/driver.go
+++ b/driver.go
@@ -152,7 +152,7 @@ func (d *Driver) Close(ctx context.Context) (finalErr error) {
d.query.Close,
d.topic.Close,
d.balancer.Close,
- d.pool.Release,
+ d.pool.Detach,
)
var issues []error
diff --git a/internal/balancer/balancer.go b/internal/balancer/balancer.go
index f69ec11e2..f6d561886 100644
--- a/internal/balancer/balancer.go
+++ b/internal/balancer/balancer.go
@@ -4,8 +4,10 @@ import (
"context"
"fmt"
"sort"
+ "sync/atomic"
"google.golang.org/grpc"
+ grpcCodes "google.golang.org/grpc/codes"
"github.com/ydb-platform/ydb-go-sdk/v3/config"
balancerConfig "github.com/ydb-platform/ydb-go-sdk/v3/internal/balancer/config"
@@ -19,62 +21,44 @@ import (
"github.com/ydb-platform/ydb-go-sdk/v3/internal/stack"
"github.com/ydb-platform/ydb-go-sdk/v3/internal/xcontext"
"github.com/ydb-platform/ydb-go-sdk/v3/internal/xerrors"
- "github.com/ydb-platform/ydb-go-sdk/v3/internal/xsync"
"github.com/ydb-platform/ydb-go-sdk/v3/retry"
"github.com/ydb-platform/ydb-go-sdk/v3/trace"
)
var ErrNoEndpoints = xerrors.Wrap(fmt.Errorf("no endpoints"))
-type discoveryClient interface {
- closer.Closer
+type (
+ discoveryClient interface {
+ closer.Closer
- Discover(ctx context.Context) ([]endpoint.Endpoint, error)
-}
+ Discover(ctx context.Context) ([]endpoint.Info, error)
+ }
+ Balancer struct {
+ config *balancerConfig.Config
+ pool connPool
+ discoveryClient discoveryClient
+ discoveryRepeater repeater.Repeater
+ localDCDetector func(ctx context.Context, endpoints []endpoint.Info) (string, error)
-type Balancer struct {
- driverConfig *config.Config
- config balancerConfig.Config
- pool *conn.Pool
- discoveryClient discoveryClient
- discoveryRepeater repeater.Repeater
- localDCDetector func(ctx context.Context, endpoints []endpoint.Endpoint) (string, error)
+ connChilds map[string]*xcontext.CancelsGuard
- mu xsync.RWMutex
- connectionsState *connectionsState
+ connections atomic.Pointer[connections[conn.Conn]]
- onApplyDiscoveredEndpoints []func(ctx context.Context, endpoints []endpoint.Info)
-}
+ closed chan struct{}
-func (b *Balancer) HasNode(id uint32) bool {
- if b.config.SingleConn {
- return true
+ onApplyDiscoveredEndpoints []func(ctx context.Context, endpoints []endpoint.Info)
}
- b.mu.RLock()
- defer b.mu.RUnlock()
- if _, has := b.connectionsState.connByNodeID[id]; has {
- return true
- }
-
- return false
-}
-
-func (b *Balancer) OnUpdate(onApplyDiscoveredEndpoints func(ctx context.Context, endpoints []endpoint.Info)) {
- b.mu.WithLock(func() {
- b.onApplyDiscoveredEndpoints = append(b.onApplyDiscoveredEndpoints, onApplyDiscoveredEndpoints)
- })
-}
+)
-func (b *Balancer) clusterDiscovery(ctx context.Context) (err error) {
- return retry.Retry(
- repeater.WithEvent(ctx, repeater.EventInit),
+func (b *Balancer) clusterDiscovery(ctx context.Context, opts ...retry.Option) (err error) {
+ return retry.Retry(repeater.WithEvent(ctx, repeater.EventInit),
func(childCtx context.Context) (err error) {
if err = b.clusterDiscoveryAttempt(childCtx); err != nil {
if credentials.IsAccessError(err) {
return credentials.AccessError("cluster discovery failed", err,
- credentials.WithEndpoint(b.driverConfig.Endpoint()),
- credentials.WithDatabase(b.driverConfig.Database()),
- credentials.WithCredentials(b.driverConfig.Credentials()),
+ credentials.WithEndpoint(b.config.Endpoint()),
+ credentials.WithDatabase(b.config.Database()),
+ credentials.WithCredentials(b.config.Credentials()),
)
}
// if got err but parent context is not done - mark error as retryable
@@ -86,22 +70,20 @@ func (b *Balancer) clusterDiscovery(ctx context.Context) (err error) {
}
return nil
- },
- retry.WithIdempotent(true),
- retry.WithTrace(b.driverConfig.TraceRetry()),
+ }, opts...,
)
}
func (b *Balancer) clusterDiscoveryAttempt(ctx context.Context) (err error) {
var (
- address = "ydb:///" + b.driverConfig.Endpoint()
+ address = "ydb:///" + b.config.Endpoint()
onDone = trace.DriverOnBalancerClusterDiscoveryAttempt(
- b.driverConfig.Trace(), &ctx,
+ b.config.Trace(), &ctx,
stack.FunctionID(
"github.com/ydb-platform/ydb-go-sdk/3/internal/balancer.(*Balancer).clusterDiscoveryAttempt"),
address,
)
- endpoints []endpoint.Endpoint
+ endpoints []endpoint.Info
localDC string
cancel context.CancelFunc
)
@@ -109,7 +91,7 @@ func (b *Balancer) clusterDiscoveryAttempt(ctx context.Context) (err error) {
onDone(err)
}()
- if dialTimeout := b.driverConfig.DialTimeout(); dialTimeout > 0 {
+ if dialTimeout := b.config.DialTimeout(); dialTimeout > 0 {
ctx, cancel = xcontext.WithTimeout(ctx, dialTimeout)
} else {
ctx, cancel = xcontext.WithCancel(ctx)
@@ -121,7 +103,7 @@ func (b *Balancer) clusterDiscoveryAttempt(ctx context.Context) (err error) {
return xerrors.WithStackTrace(err)
}
- if b.config.DetectLocalDC {
+ if b.config.DetectLocalDC() {
localDC, err = b.localDCDetector(ctx, endpoints)
if err != nil {
return xerrors.WithStackTrace(err)
@@ -133,86 +115,93 @@ func (b *Balancer) clusterDiscoveryAttempt(ctx context.Context) (err error) {
return nil
}
-func endpointsDiff(newestEndpoints []endpoint.Endpoint, previousConns []conn.Conn) (
- nodes []trace.EndpointInfo,
- added []trace.EndpointInfo,
- dropped []trace.EndpointInfo,
-) {
- nodes = make([]trace.EndpointInfo, 0, len(newestEndpoints))
- added = make([]trace.EndpointInfo, 0, len(previousConns))
- dropped = make([]trace.EndpointInfo, 0, len(previousConns))
+func endpointsDiff[T endpoint.Info](newest, previous []T) (nodes, added, dropped []T) {
+ nodes = make([]T, 0, len(newest))
+ added = make([]T, 0, len(previous))
+ dropped = make([]T, 0, len(previous))
var (
- newestMap = make(map[string]struct{}, len(newestEndpoints))
- previousMap = make(map[string]struct{}, len(previousConns))
+ newestMap = make(map[string]struct{}, len(newest))
+ previousMap = make(map[string]struct{}, len(previous))
)
- sort.Slice(newestEndpoints, func(i, j int) bool {
- return newestEndpoints[i].Address() < newestEndpoints[j].Address()
+ sort.Slice(newest, func(i, j int) bool {
+ return newest[i].Address() < newest[j].Address()
})
- sort.Slice(previousConns, func(i, j int) bool {
- return previousConns[i].Endpoint().Address() < previousConns[j].Endpoint().Address()
+ sort.Slice(previous, func(i, j int) bool {
+ return previous[i].Address() < previous[j].Address()
})
- for _, e := range previousConns {
- previousMap[e.Endpoint().Address()] = struct{}{}
+ for _, c := range previous {
+ previousMap[c.Address()] = struct{}{}
}
- for _, e := range newestEndpoints {
- nodes = append(nodes, e.Copy())
- newestMap[e.Address()] = struct{}{}
- if _, has := previousMap[e.Address()]; !has {
- added = append(added, e.Copy())
+ for _, c := range newest {
+ nodes = append(nodes, c)
+ newestMap[c.Address()] = struct{}{}
+ if _, has := previousMap[c.Address()]; !has {
+ added = append(added, c)
}
}
- for _, c := range previousConns {
- if _, has := newestMap[c.Endpoint().Address()]; !has {
- dropped = append(dropped, c.Endpoint().Copy())
+ for _, c := range previous {
+ if _, has := newestMap[c.Address()]; !has {
+ dropped = append(dropped, c)
}
}
return nodes, added, dropped
}
-func (b *Balancer) applyDiscoveredEndpoints(ctx context.Context, endpoints []endpoint.Endpoint, localDC string) {
- var (
- onDone = trace.DriverOnBalancerUpdate(
- b.driverConfig.Trace(), &ctx,
- stack.FunctionID(
- "github.com/ydb-platform/ydb-go-sdk/3/internal/balancer.(*Balancer).applyDiscoveredEndpoints"),
- b.config.DetectLocalDC,
- )
- previousConns []conn.Conn
+func toTraceEndpointInfo[T endpoint.Info](in []T) (out []trace.EndpointInfo) {
+ out = make([]trace.EndpointInfo, 0, len(in))
+ for _, e := range in {
+ out = append(out, e)
+ }
+
+ return out
+}
+
+func (b *Balancer) applyDiscoveredEndpoints(ctx context.Context, endpoints []endpoint.Info, localDC string) {
+ onDone := trace.DriverOnBalancerUpdate(
+ b.config.Trace(), &ctx,
+ stack.FunctionID(
+ "github.com/ydb-platform/ydb-go-sdk/3/internal/balancer.(*Balancer).applyDiscoveredEndpoints"),
+ b.config.DetectLocalDC(),
)
- defer func() {
- nodes, added, dropped := endpointsDiff(endpoints, previousConns)
- onDone(nodes, added, dropped, localDC)
- }()
- connections := endpointsToConnections(b.pool, endpoints)
- for _, c := range connections {
- b.pool.Allow(ctx, c)
- c.Endpoint().Touch()
- }
+ conns := endpointsToConnections(b.pool, endpoints)
info := balancerConfig.Info{SelfLocation: localDC}
- state := newConnectionsState(connections, b.config.Filter, info, b.config.AllowFallback)
-
- endpointsInfo := make([]endpoint.Info, len(endpoints))
- for i, e := range endpoints {
- endpointsInfo[i] = e
- }
+ newestConnections := newConnections(conns, b.config.Filter, info, b.config.AllowFallback())
+ previousConnections := b.connections.Swap(newestConnections)
+ defer func() {
+ nodes, added, dropped := endpointsDiff(
+ newestConnections.all,
+ func() []conn.Conn {
+ if previousConnections != nil {
+ return previousConnections.all
+ }
- b.mu.WithLock(func() {
- if b.connectionsState != nil {
- previousConns = b.connectionsState.all
- }
- b.connectionsState = state
- for _, onApplyDiscoveredEndpoints := range b.onApplyDiscoveredEndpoints {
- onApplyDiscoveredEndpoints(ctx, endpointsInfo)
+ return nil
+ }(),
+ )
+ for _, e := range dropped {
+ b.connChilds[e.Address()].Cancel()
+ delete(b.connChilds, e.Address())
}
- })
+ onDone(
+ toTraceEndpointInfo(nodes),
+ toTraceEndpointInfo(added),
+ toTraceEndpointInfo(dropped),
+ localDC,
+ )
+ }()
+ for _, onApplyDiscoveredEndpoints := range b.onApplyDiscoveredEndpoints {
+ onApplyDiscoveredEndpoints(ctx, endpoints)
+ }
}
func (b *Balancer) Close(ctx context.Context) (err error) {
+ close(b.closed)
+
onDone := trace.DriverOnBalancerClose(
- b.driverConfig.Trace(), &ctx,
+ b.config.Trace(), &ctx,
stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/balancer.(*Balancer).Close"),
)
defer func() {
@@ -223,6 +212,8 @@ func (b *Balancer) Close(ctx context.Context) (err error) {
b.discoveryRepeater.Stop()
}
+ b.applyDiscoveredEndpoints(ctx, nil, "")
+
if err = b.discoveryClient.Close(ctx); err != nil {
return xerrors.WithStackTrace(err)
}
@@ -230,6 +221,67 @@ func (b *Balancer) Close(ctx context.Context) (err error) {
return nil
}
+func (b *Balancer) markConnAsBad(ctx context.Context, cc conn.Conn, cause error) {
+ if !xerrors.IsTransportError(cause,
+ grpcCodes.ResourceExhausted,
+ grpcCodes.Unavailable,
+ // grpcCodes.OK,
+ // grpcCodes.Canceled,
+ // grpcCodes.Unknown,
+ // grpcCodes.InvalidArgument,
+ // grpcCodes.DeadlineExceeded,
+ // grpcCodes.NotFound,
+ // grpcCodes.AlreadyExists,
+ // grpcCodes.PermissionDenied,
+ // grpcCodes.FailedPrecondition,
+ // grpcCodes.Aborted,
+ // grpcCodes.OutOfRange,
+ // grpcCodes.Unimplemented,
+ // grpcCodes.Internal,
+ // grpcCodes.DataLoss,
+ // grpcCodes.Unauthenticated,
+ ) {
+ return
+ }
+
+ newestConnections, changed := b.connections.Load().withBadConn(cc)
+
+ if changed {
+ onDone := trace.DriverOnBalancerMarkConnAsBad(
+ b.config.Trace(), &ctx,
+ stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/balancer.(*Balancer).markConnAsBad"),
+ cc, cause,
+ )
+
+ b.connections.Store(newestConnections)
+
+ onDone(toTraceEndpointInfo(newestConnections.prefer), toTraceEndpointInfo(newestConnections.fallback))
+ }
+}
+
+type newBalancerOption func(b *Balancer) error
+
+func newBalancer(
+ config *balancerConfig.Config,
+ pool connPool,
+ opts ...newBalancerOption,
+) (b *Balancer, finalErr error) {
+ b = &Balancer{
+ config: config,
+ pool: pool,
+ localDCDetector: detectLocalDC,
+ connChilds: make(map[string]*xcontext.CancelsGuard),
+ closed: make(chan struct{}),
+ }
+ for _, opt := range opts {
+ if err := opt(b); err != nil {
+ return nil, xerrors.WithStackTrace(err)
+ }
+ }
+
+ return b, nil
+}
+
func New(
ctx context.Context,
driverConfig *config.Config,
@@ -254,40 +306,41 @@ func New(
onDone(finalErr)
}()
- b = &Balancer{
- driverConfig: driverConfig,
- pool: pool,
- localDCDetector: detectLocalDC,
- }
- d := internalDiscovery.New(ctx, pool.Get(
- endpoint.New(driverConfig.Endpoint()),
- ), discoveryConfig)
-
- b.discoveryClient = d
-
- if config := driverConfig.Balancer(); config == nil {
- b.config = balancerConfig.Config{}
- } else {
- b.config = *config
- }
+ b, err := newBalancer(driverConfig.Balancer(), pool,
+ func(b *Balancer) error {
+ b.discoveryClient = internalDiscovery.New(ctx, pool.Get(
+ endpoint.New(driverConfig.Endpoint()),
+ ), discoveryConfig)
+ if config := driverConfig.Balancer(); config != nil {
+ b.config = config
+ }
+ if b.config.SingleConn() {
+ b.applyDiscoveredEndpoints(ctx, []endpoint.Info{
+ endpoint.New(driverConfig.Endpoint()),
+ }, "")
+ } else {
+ // initialization of balancer state
+ if err := b.clusterDiscovery(ctx,
+ retry.WithIdempotent(true),
+ retry.WithTrace(driverConfig.TraceRetry()),
+ ); err != nil {
+ return xerrors.WithStackTrace(err)
+ }
+ // run background discovering
+ if d := discoveryConfig.Interval(); d > 0 {
+ b.discoveryRepeater = repeater.New(xcontext.ValueOnly(ctx),
+ d, b.clusterDiscoveryAttempt,
+ repeater.WithName("discovery"),
+ repeater.WithTrace(b.config.Trace()),
+ )
+ }
+ }
- if b.config.SingleConn {
- b.applyDiscoveredEndpoints(ctx, []endpoint.Endpoint{
- endpoint.New(driverConfig.Endpoint()),
- }, "")
- } else {
- // initialization of balancer state
- if err := b.clusterDiscovery(ctx); err != nil {
- return nil, xerrors.WithStackTrace(err)
- }
- // run background discovering
- if d := discoveryConfig.Interval(); d > 0 {
- b.discoveryRepeater = repeater.New(xcontext.ValueOnly(ctx),
- d, b.clusterDiscoveryAttempt,
- repeater.WithName("discovery"),
- repeater.WithTrace(b.driverConfig.Trace()),
- )
- }
+ return nil
+ },
+ )
+ if err != nil {
+ return nil, xerrors.WithStackTrace(err)
}
return b, nil
@@ -300,9 +353,14 @@ func (b *Balancer) Invoke(
reply interface{},
opts ...grpc.CallOption,
) error {
- return b.wrapCall(ctx, func(ctx context.Context, cc conn.Conn) error {
- return cc.Invoke(ctx, method, args, reply, opts...)
- })
+ select {
+ case <-b.closed:
+ return xerrors.WithStackTrace(errBalancerClosed)
+ default:
+ return b.wrapCall(ctx, func(ctx context.Context, cc conn.Conn) error {
+ return cc.Invoke(ctx, method, args, reply, opts...)
+ })
+ }
}
func (b *Balancer) NewStream(
@@ -311,36 +369,38 @@ func (b *Balancer) NewStream(
method string,
opts ...grpc.CallOption,
) (_ grpc.ClientStream, err error) {
- var client grpc.ClientStream
- err = b.wrapCall(ctx, func(ctx context.Context, cc conn.Conn) error {
- client, err = cc.NewStream(ctx, desc, method, opts...)
+ select {
+ case <-b.closed:
+ return nil, xerrors.WithStackTrace(errBalancerClosed)
+ default:
+ var client grpc.ClientStream
- return err
- })
- if err == nil {
- return client, nil
- }
+ err = b.wrapCall(ctx, func(ctx context.Context, cc conn.Conn) error {
+ client, err = cc.NewStream(ctx, desc, method, opts...)
- return nil, err
+ return err
+ })
+ if err == nil {
+ return client, nil
+ }
+
+ return nil, err
+ }
}
-func (b *Balancer) wrapCall(ctx context.Context, f func(ctx context.Context, cc conn.Conn) error) (err error) {
+func (b *Balancer) wrapCall(ctx context.Context, f func(ctx context.Context, cc conn.Conn) error) (finalErr error) {
cc, err := b.getConn(ctx)
if err != nil {
return xerrors.WithStackTrace(err)
}
defer func() {
- if err == nil {
- if cc.GetState() == conn.Banned {
- b.pool.Allow(ctx, cc)
- }
- } else if xerrors.MustPessimizeEndpoint(err, b.driverConfig.ExcludeGRPCCodesForPessimization()...) {
- b.pool.Ban(ctx, cc, err)
+ if finalErr != nil {
+ b.markConnAsBad(ctx, cc, err)
}
}()
- if ctx, err = b.driverConfig.Meta().Context(ctx); err != nil {
+ if ctx, err = b.config.Meta().Context(ctx); err != nil {
return xerrors.WithStackTrace(err)
}
@@ -348,9 +408,9 @@ func (b *Balancer) wrapCall(ctx context.Context, f func(ctx context.Context, cc
if conn.UseWrapping(ctx) {
if credentials.IsAccessError(err) {
err = credentials.AccessError("no access", err,
- credentials.WithAddress(cc.Endpoint().String()),
- credentials.WithNodeID(cc.Endpoint().NodeID()),
- credentials.WithCredentials(b.driverConfig.Credentials()),
+ credentials.WithAddress(cc.Address()),
+ credentials.WithNodeID(cc.NodeID()),
+ credentials.WithCredentials(b.config.Credentials()),
)
}
@@ -363,21 +423,17 @@ func (b *Balancer) wrapCall(ctx context.Context, f func(ctx context.Context, cc
return nil
}
-func (b *Balancer) connections() *connectionsState {
- b.mu.RLock()
- defer b.mu.RUnlock()
-
- return b.connectionsState
-}
-
func (b *Balancer) getConn(ctx context.Context) (c conn.Conn, err error) {
- onDone := trace.DriverOnBalancerChooseEndpoint(
- b.driverConfig.Trace(), &ctx,
+ onDone := trace.DriverOnBalancerGetConn(
+ b.config.Trace(), &ctx,
stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/balancer.(*Balancer).getConn"),
)
defer func() {
if err == nil {
- onDone(c.Endpoint(), nil)
+ if _, has := b.connChilds[c.Address()]; !has {
+ b.connChilds[c.Address()] = xcontext.NewCancelsGuard()
+ }
+ onDone(c, nil)
} else {
onDone(nil, err)
}
@@ -388,27 +444,31 @@ func (b *Balancer) getConn(ctx context.Context) (c conn.Conn, err error) {
}
var (
- state = b.connections()
+ connections = b.connections.Load()
failedCount int
)
defer func() {
- if failedCount*2 > state.PreferredCount() && b.discoveryRepeater != nil {
+ if failedCount*2 > connections.PreferredCount() && b.discoveryRepeater != nil {
b.discoveryRepeater.Force()
}
}()
- c, failedCount = state.GetConnection(ctx)
+ c, failedCount = connections.GetConn(ctx)
if c == nil {
return nil, xerrors.WithStackTrace(
- fmt.Errorf("%w: cannot get connection from Balancer after %d attempts", ErrNoEndpoints, failedCount),
+ fmt.Errorf("cannot get connection from Balancer after %d attempts: %w", failedCount, ErrNoEndpoints),
)
}
return c, nil
}
-func endpointsToConnections(p *conn.Pool, endpoints []endpoint.Endpoint) []conn.Conn {
+type connPool interface {
+ Get(e endpoint.Info) conn.Conn
+}
+
+func endpointsToConnections(p connPool, endpoints []endpoint.Info) []conn.Conn {
conns := make([]conn.Conn, 0, len(endpoints))
for _, e := range endpoints {
conns = append(conns, p.Get(e))
diff --git a/internal/balancer/balancer_test.go b/internal/balancer/balancer_test.go
index 356952f38..6459b46b9 100644
--- a/internal/balancer/balancer_test.go
+++ b/internal/balancer/balancer_test.go
@@ -1,117 +1,124 @@
package balancer
import (
+ "context"
"testing"
"github.com/stretchr/testify/require"
+ "google.golang.org/grpc"
+ grpcCodes "google.golang.org/grpc/codes"
+ "google.golang.org/grpc/connectivity"
+ grpcStatus "google.golang.org/grpc/status"
+ balancerConfig "github.com/ydb-platform/ydb-go-sdk/v3/internal/balancer/config"
"github.com/ydb-platform/ydb-go-sdk/v3/internal/conn"
"github.com/ydb-platform/ydb-go-sdk/v3/internal/endpoint"
"github.com/ydb-platform/ydb-go-sdk/v3/internal/mock"
+ "github.com/ydb-platform/ydb-go-sdk/v3/internal/xerrors"
"github.com/ydb-platform/ydb-go-sdk/v3/internal/xtest"
"github.com/ydb-platform/ydb-go-sdk/v3/trace"
)
func TestEndpointsDiff(t *testing.T) {
for _, tt := range []struct {
- newestEndpoints []endpoint.Endpoint
- previousConns []conn.Conn
+ newestEndpoints []trace.EndpointInfo
+ previousConns []trace.EndpointInfo
nodes []trace.EndpointInfo
added []trace.EndpointInfo
dropped []trace.EndpointInfo
}{
{
- newestEndpoints: []endpoint.Endpoint{
- &mock.Endpoint{AddrField: "1"},
- &mock.Endpoint{AddrField: "3"},
- &mock.Endpoint{AddrField: "2"},
- &mock.Endpoint{AddrField: "0"},
- },
- previousConns: []conn.Conn{
- &mock.Conn{AddrField: "2"},
- &mock.Conn{AddrField: "1"},
- &mock.Conn{AddrField: "0"},
- &mock.Conn{AddrField: "3"},
+ newestEndpoints: []trace.EndpointInfo{
+ &mock.Endpoint{AddressField: "1"},
+ &mock.Endpoint{AddressField: "3"},
+ &mock.Endpoint{AddressField: "2"},
+ &mock.Endpoint{AddressField: "0"},
+ },
+ previousConns: []trace.EndpointInfo{
+ &mock.Endpoint{AddressField: "2"},
+ &mock.Endpoint{AddressField: "1"},
+ &mock.Endpoint{AddressField: "0"},
+ &mock.Endpoint{AddressField: "3"},
},
nodes: []trace.EndpointInfo{
- &mock.Endpoint{AddrField: "0"},
- &mock.Endpoint{AddrField: "1"},
- &mock.Endpoint{AddrField: "2"},
- &mock.Endpoint{AddrField: "3"},
+ &mock.Endpoint{AddressField: "0"},
+ &mock.Endpoint{AddressField: "1"},
+ &mock.Endpoint{AddressField: "2"},
+ &mock.Endpoint{AddressField: "3"},
},
added: []trace.EndpointInfo{},
dropped: []trace.EndpointInfo{},
},
{
- newestEndpoints: []endpoint.Endpoint{
- &mock.Endpoint{AddrField: "1"},
- &mock.Endpoint{AddrField: "3"},
- &mock.Endpoint{AddrField: "2"},
- &mock.Endpoint{AddrField: "0"},
+ newestEndpoints: []trace.EndpointInfo{
+ &mock.Endpoint{AddressField: "1"},
+ &mock.Endpoint{AddressField: "3"},
+ &mock.Endpoint{AddressField: "2"},
+ &mock.Endpoint{AddressField: "0"},
},
- previousConns: []conn.Conn{
- &mock.Conn{AddrField: "1"},
- &mock.Conn{AddrField: "0"},
- &mock.Conn{AddrField: "3"},
+ previousConns: []trace.EndpointInfo{
+ &mock.Endpoint{AddressField: "1"},
+ &mock.Endpoint{AddressField: "0"},
+ &mock.Endpoint{AddressField: "3"},
},
nodes: []trace.EndpointInfo{
- &mock.Endpoint{AddrField: "0"},
- &mock.Endpoint{AddrField: "1"},
- &mock.Endpoint{AddrField: "2"},
- &mock.Endpoint{AddrField: "3"},
+ &mock.Endpoint{AddressField: "0"},
+ &mock.Endpoint{AddressField: "1"},
+ &mock.Endpoint{AddressField: "2"},
+ &mock.Endpoint{AddressField: "3"},
},
added: []trace.EndpointInfo{
- &mock.Endpoint{AddrField: "2"},
+ &mock.Endpoint{AddressField: "2"},
},
dropped: []trace.EndpointInfo{},
},
{
- newestEndpoints: []endpoint.Endpoint{
- &mock.Endpoint{AddrField: "1"},
- &mock.Endpoint{AddrField: "3"},
- &mock.Endpoint{AddrField: "0"},
+ newestEndpoints: []trace.EndpointInfo{
+ &mock.Endpoint{AddressField: "1"},
+ &mock.Endpoint{AddressField: "3"},
+ &mock.Endpoint{AddressField: "0"},
},
- previousConns: []conn.Conn{
- &mock.Conn{AddrField: "1"},
- &mock.Conn{AddrField: "2"},
- &mock.Conn{AddrField: "0"},
- &mock.Conn{AddrField: "3"},
+ previousConns: []trace.EndpointInfo{
+ &mock.Endpoint{AddressField: "1"},
+ &mock.Endpoint{AddressField: "2"},
+ &mock.Endpoint{AddressField: "0"},
+ &mock.Endpoint{AddressField: "3"},
},
nodes: []trace.EndpointInfo{
- &mock.Endpoint{AddrField: "0"},
- &mock.Endpoint{AddrField: "1"},
- &mock.Endpoint{AddrField: "3"},
+ &mock.Endpoint{AddressField: "0"},
+ &mock.Endpoint{AddressField: "1"},
+ &mock.Endpoint{AddressField: "3"},
},
added: []trace.EndpointInfo{},
dropped: []trace.EndpointInfo{
- &mock.Endpoint{AddrField: "2"},
+ &mock.Endpoint{AddressField: "2"},
},
},
{
- newestEndpoints: []endpoint.Endpoint{
- &mock.Endpoint{AddrField: "1"},
- &mock.Endpoint{AddrField: "3"},
- &mock.Endpoint{AddrField: "0"},
+ newestEndpoints: []trace.EndpointInfo{
+ &mock.Endpoint{AddressField: "1"},
+ &mock.Endpoint{AddressField: "3"},
+ &mock.Endpoint{AddressField: "0"},
},
- previousConns: []conn.Conn{
- &mock.Conn{AddrField: "4"},
- &mock.Conn{AddrField: "7"},
- &mock.Conn{AddrField: "8"},
+ previousConns: []trace.EndpointInfo{
+ &mock.Endpoint{AddressField: "4"},
+ &mock.Endpoint{AddressField: "7"},
+ &mock.Endpoint{AddressField: "8"},
},
nodes: []trace.EndpointInfo{
- &mock.Endpoint{AddrField: "0"},
- &mock.Endpoint{AddrField: "1"},
- &mock.Endpoint{AddrField: "3"},
+ &mock.Endpoint{AddressField: "0"},
+ &mock.Endpoint{AddressField: "1"},
+ &mock.Endpoint{AddressField: "3"},
},
added: []trace.EndpointInfo{
- &mock.Endpoint{AddrField: "0"},
- &mock.Endpoint{AddrField: "1"},
- &mock.Endpoint{AddrField: "3"},
+ &mock.Endpoint{AddressField: "0"},
+ &mock.Endpoint{AddressField: "1"},
+ &mock.Endpoint{AddressField: "3"},
},
dropped: []trace.EndpointInfo{
- &mock.Endpoint{AddrField: "4"},
- &mock.Endpoint{AddrField: "7"},
- &mock.Endpoint{AddrField: "8"},
+ &mock.Endpoint{AddressField: "4"},
+ &mock.Endpoint{AddressField: "7"},
+ &mock.Endpoint{AddressField: "8"},
},
},
} {
@@ -123,3 +130,106 @@ func TestEndpointsDiff(t *testing.T) {
})
}
}
+
+var _ connPool = poolFunc(nil)
+
+type poolFunc func(e endpoint.Info) conn.Conn
+
+func (f poolFunc) Get(e endpoint.Info) conn.Conn {
+ return f(e)
+}
+
+var _ conn.Conn = (*connMock)(nil)
+
+type connMock struct {
+ mock.Conn
+}
+
+func (c connMock) Close(ctx context.Context) error {
+ panic("implement me")
+}
+
+func (c connMock) Invoke(context.Context, string, any, any, ...grpc.CallOption) error {
+ panic("implement me")
+}
+
+func (c connMock) NewStream(context.Context, *grpc.StreamDesc, string, ...grpc.CallOption) (grpc.ClientStream, error) {
+ panic("implement me")
+}
+
+func TestBalancerWrapCall(t *testing.T) {
+ ctx := xtest.Context(t)
+ b, err := newBalancer(&balancerConfig.Config{}, poolFunc(func(e endpoint.Info) conn.Conn {
+ return &connMock{mock.Conn{EndpointField: e}}
+ }), func(b *Balancer) error {
+ b.applyDiscoveredEndpoints(ctx, []endpoint.Info{
+ &mock.Endpoint{AddressField: "1", LocationField: "a", NodeIDField: 1},
+ &mock.Endpoint{AddressField: "2", LocationField: "b", NodeIDField: 2},
+ &mock.Endpoint{AddressField: "3", LocationField: "c", NodeIDField: 3},
+ }, "")
+
+ return nil
+ })
+ require.NoError(t, err)
+ require.Equal(t, []conn.Conn{
+ &connMock{mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "1", LocationField: "a", NodeIDField: 1},
+ }},
+ &connMock{mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "2", LocationField: "b", NodeIDField: 2},
+ }},
+ &connMock{mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "3", LocationField: "c", NodeIDField: 3},
+ }},
+ }, b.connections.Load().prefer)
+ for i := range make([]struct{}, 3) {
+ err = b.wrapCall(ctx, func(ctx context.Context, cc conn.Conn) error {
+ return xerrors.Transport(grpcStatus.Error(grpcCodes.Unavailable, ""))
+ })
+ require.Error(t, err)
+ require.True(t, xerrors.IsTransportError(err, grpcCodes.Unavailable))
+ require.Len(t, b.connections.Load().prefer, 2-i)
+ require.Len(t, b.connections.Load().fallback, i+1)
+ }
+ require.Empty(t, b.connections.Load().prefer)
+ err = b.wrapCall(ctx, func(ctx context.Context, cc conn.Conn) error {
+ return xerrors.Transport(grpcStatus.Error(grpcCodes.Unavailable, ""))
+ })
+ require.Error(t, err)
+ require.True(t, xerrors.IsTransportError(err, grpcCodes.Unavailable))
+}
+
+func TestEndpointsToConnections(t *testing.T) {
+ p := poolFunc(func(e endpoint.Info) conn.Conn {
+ return &connMock{
+ mock.Conn{
+ EndpointField: &mock.Endpoint{
+ AddressField: e.Address(),
+ LocationField: e.Location(),
+ NodeIDField: e.NodeID(),
+ },
+ StateField: connectivity.Ready,
+ },
+ }
+ })
+ endpoints := []endpoint.Info{
+ &mock.Endpoint{
+ AddressField: "1",
+ LocationField: "a",
+ NodeIDField: 1,
+ },
+ &mock.Endpoint{
+ AddressField: "2",
+ LocationField: "b",
+ NodeIDField: 2,
+ },
+ &mock.Endpoint{
+ AddressField: "3",
+ LocationField: "c",
+ NodeIDField: 3,
+ },
+ }
+ conns := endpointsToConnections(p, endpoints)
+ require.Len(t, conns, len(endpoints))
+ require.True(t, endpoint.Equals(conns[0], endpoints[0]))
+}
diff --git a/internal/balancer/config/config.go b/internal/balancer/config/config.go
new file mode 100644
index 000000000..5a9e99536
--- /dev/null
+++ b/internal/balancer/config/config.go
@@ -0,0 +1,279 @@
+package config
+
+import (
+ "fmt"
+ "sort"
+ "strings"
+ "time"
+
+ "github.com/ydb-platform/ydb-go-sdk/v3/internal/conn"
+ "github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials"
+ "github.com/ydb-platform/ydb-go-sdk/v3/internal/meta"
+ "github.com/ydb-platform/ydb-go-sdk/v3/internal/xstring"
+ "github.com/ydb-platform/ydb-go-sdk/v3/trace"
+)
+
+// Dedicated package need for prevent cyclo dependencies config -> balancer -> config
+
+type Config struct {
+ filter Filter
+ allowFallback bool
+ singleConn bool
+ detectLocalDC bool
+
+ endpoint string
+ database string
+ credentials credentials.Credentials
+ trace trace.Driver
+ dialTimeout time.Duration
+ meta meta.Meta
+}
+
+var defaultConfig = &Config{
+ filter: func(info Info, c conn.Info) bool { return true },
+ allowFallback: false,
+ singleConn: false,
+ detectLocalDC: false,
+ endpoint: "",
+ database: "",
+ credentials: nil,
+ trace: trace.Driver{},
+ dialTimeout: 0,
+ meta: meta.Meta{},
+}
+
+func New(opts ...Option) *Config {
+ config := *defaultConfig
+ for _, opt := range opts {
+ opt(&config)
+ }
+
+ return &config
+}
+
+// Endpoint is a required starting endpoint for connect
+func (c *Config) Endpoint() string {
+ if c == nil {
+ return defaultConfig.endpoint
+ }
+
+ return c.endpoint
+}
+
+// Database is a required database name.
+func (c *Config) Database() string {
+ if c == nil {
+ return defaultConfig.database
+ }
+
+ return c.database
+}
+
+func (c *Config) Credentials() credentials.Credentials {
+ if c == nil {
+ return defaultConfig.credentials
+ }
+
+ return c.credentials
+}
+
+func (c *Config) Filter(info Info, cc conn.Info) bool {
+ if c == nil || c.filter == nil {
+ return true
+ }
+
+ return c.filter(info, cc)
+}
+
+func (c *Config) SingleConn() bool {
+ if c == nil {
+ return defaultConfig.singleConn
+ }
+
+ return c.singleConn
+}
+
+func (c *Config) DetectLocalDC() bool {
+ if c == nil {
+ return defaultConfig.detectLocalDC
+ }
+
+ return c.detectLocalDC
+}
+
+func (c *Config) AllowFallback() bool {
+ if c == nil {
+ return defaultConfig.allowFallback
+ }
+
+ return c.allowFallback
+}
+
+// Trace contains driver tracing options.
+func (c *Config) Trace() *trace.Driver {
+ if c == nil {
+ return &defaultConfig.trace
+ }
+
+ return &c.trace
+}
+
+// Meta reports meta information about database connection
+func (c *Config) Meta() *meta.Meta {
+ if c == nil {
+ return &defaultConfig.meta
+ }
+
+ return &c.meta
+}
+
+// DialTimeout is the maximum amount of time a dial will wait for a connect to
+// complete.
+//
+// If DialTimeout is zero then no timeout is used.
+func (c *Config) DialTimeout() time.Duration {
+ if c == nil {
+ return defaultConfig.dialTimeout
+ }
+
+ return c.dialTimeout
+}
+
+func (c *Config) String() string {
+ if c == nil {
+ return defaultConfig.String()
+ }
+
+ if c.SingleConn() {
+ return "SingleConn"
+ }
+
+ buffer := xstring.Buffer()
+ defer buffer.Free()
+
+ buffer.WriteString("RandomChoice{")
+
+ buffer.WriteString("DetectLocalDC=")
+ fmt.Fprintf(buffer, "%t", c.DetectLocalDC())
+
+ buffer.WriteString(",AllowFallback=")
+ fmt.Fprintf(buffer, "%t", c.AllowFallback())
+
+ buffer.WriteByte('}')
+
+ return buffer.String()
+}
+
+type Option func(c *Config)
+
+func WithEndpoint(endpoint string) Option {
+ return func(c *Config) {
+ c.endpoint = endpoint
+ }
+}
+
+func FilterFunc(f func(info Info, c conn.Info) bool) Option {
+ return func(c *Config) {
+ c.filter = f
+ }
+}
+
+func FilterLocalDC() Option {
+ return func(c *Config) {
+ c.filter = func(info Info, c conn.Info) bool {
+ return c.Location() == info.SelfLocation
+ }
+ }
+}
+
+func FilterLocations(locations ...string) Option {
+ if len(locations) == 0 {
+ panic("empty list of locations")
+ }
+
+ for i := range locations {
+ locations[i] = strings.ToUpper(locations[i])
+ }
+
+ sort.Strings(locations)
+
+ return func(c *Config) {
+ c.filter = func(_ Info, c conn.Info) bool {
+ location := strings.ToUpper(c.Location())
+ for _, l := range locations {
+ if location == l {
+ return true
+ }
+ }
+
+ return false
+ }
+ }
+}
+
+func AllowFallback() Option {
+ return func(c *Config) {
+ c.allowFallback = true
+ }
+}
+
+func DetectLocalDC() Option {
+ return func(c *Config) {
+ c.detectLocalDC = true
+ }
+}
+
+func UseSingleConn() Option {
+ return func(c *Config) {
+ c.singleConn = true
+ }
+}
+
+func WithDatabase(database string) Option {
+ return func(c *Config) {
+ c.database = database
+ }
+}
+
+func WithCredentials(credentials credentials.Credentials) Option {
+ return func(c *Config) {
+ c.credentials = credentials
+ }
+}
+
+func WithTrace(trace *trace.Driver) Option {
+ return func(c *Config) {
+ c.trace = *trace
+ }
+}
+
+func WithDialTimeout(dialTimeout time.Duration) Option {
+ return func(c *Config) {
+ c.dialTimeout = dialTimeout
+ }
+}
+
+func WithMeta(meta *meta.Meta) Option {
+ return func(c *Config) {
+ c.meta = *meta
+ }
+}
+
+func (c *Config) With(opts ...Option) *Config {
+ if c == nil {
+ c = defaultConfig
+ }
+ config := *c
+ for _, opt := range opts {
+ opt(&config)
+ }
+
+ return &config
+}
+
+type (
+ Info struct {
+ SelfLocation string
+ }
+ Filter func(info Info, c conn.Info) bool
+)
diff --git a/internal/balancer/config/routerconfig.go b/internal/balancer/config/routerconfig.go
deleted file mode 100644
index 0d1eb6703..000000000
--- a/internal/balancer/config/routerconfig.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package config
-
-import (
- "fmt"
-
- "github.com/ydb-platform/ydb-go-sdk/v3/internal/conn"
- "github.com/ydb-platform/ydb-go-sdk/v3/internal/xstring"
-)
-
-// Dedicated package need for prevent cyclo dependencies config -> balancer -> config
-
-type Config struct {
- Filter Filter
- AllowFallback bool
- SingleConn bool
- DetectLocalDC bool
-}
-
-func (c Config) String() string {
- if c.SingleConn {
- return "SingleConn"
- }
-
- buffer := xstring.Buffer()
- defer buffer.Free()
-
- buffer.WriteString("RandomChoice{")
-
- buffer.WriteString("DetectLocalDC=")
- fmt.Fprintf(buffer, "%t", c.DetectLocalDC)
-
- buffer.WriteString(",AllowFallback=")
- fmt.Fprintf(buffer, "%t", c.AllowFallback)
-
- if c.Filter != nil {
- buffer.WriteString(",Filter=")
- fmt.Fprint(buffer, c.Filter.String())
- }
-
- buffer.WriteByte('}')
-
- return buffer.String()
-}
-
-type Info struct {
- SelfLocation string
-}
-
-type Filter interface {
- Allow(info Info, c conn.Conn) bool
- String() string
-}
diff --git a/internal/balancer/connections.go b/internal/balancer/connections.go
new file mode 100644
index 000000000..f0c825712
--- /dev/null
+++ b/internal/balancer/connections.go
@@ -0,0 +1,181 @@
+package balancer
+
+import (
+ "context"
+
+ balancerConfig "github.com/ydb-platform/ydb-go-sdk/v3/internal/balancer/config"
+ "github.com/ydb-platform/ydb-go-sdk/v3/internal/conn"
+ "github.com/ydb-platform/ydb-go-sdk/v3/internal/endpoint"
+ "github.com/ydb-platform/ydb-go-sdk/v3/internal/xrand"
+)
+
+type (
+ connections[T conn.Info] struct {
+ connByNodeID map[uint32]T
+
+ prefer []T
+ fallback []T
+ all []T
+
+ rand xrand.Rand
+ }
+)
+
+func newConnections[T conn.Info](
+ conns []T,
+ filter balancerConfig.Filter,
+ info balancerConfig.Info,
+ allowFallback bool,
+) (s *connections[T]) {
+ s = &connections[T]{
+ connByNodeID: connsToNodeIDMap(conns),
+ rand: xrand.New(xrand.WithLock()),
+ }
+
+ s.prefer, s.fallback = sortPreferConnections(conns, filter, info, allowFallback)
+ if allowFallback {
+ s.all = conns
+ } else {
+ s.all = s.prefer
+ }
+
+ return s
+}
+
+func (s *connections[T]) withBadConn(badConn T) (ss *connections[T], changed bool) {
+ ss = &connections[T]{
+ connByNodeID: s.connByNodeID,
+ rand: s.rand,
+ prefer: make([]T, 0, len(s.prefer)),
+ fallback: make([]T, 0, len(s.fallback)+1),
+ all: s.all,
+ }
+
+ for _, rhs := range s.prefer {
+ if !endpoint.Equals(badConn, rhs) {
+ ss.prefer = append(ss.prefer, rhs)
+ } else {
+ changed = true
+ ss.fallback = append(ss.fallback, badConn)
+ }
+ }
+ ss.fallback = append(ss.fallback, s.fallback...)
+
+ return ss, changed
+}
+
+func (s *connections[T]) PreferredCount() int {
+ return len(s.prefer)
+}
+
+func (s *connections[T]) GetConn(ctx context.Context) (nilConn T, failedCount int) {
+ if err := ctx.Err(); err != nil {
+ return nilConn, 0
+ }
+
+ if cc, has := s.preferConnection(ctx); has {
+ return cc, 0
+ }
+
+ cc, tryCount, has := selectRandomConnection(s.rand, s.prefer, false)
+ failedCount += tryCount
+ if has {
+ return cc, failedCount
+ }
+
+ cc, tryCount, has = selectRandomConnection(s.rand, s.fallback, false)
+ failedCount += tryCount
+ if has {
+ return cc, failedCount
+ }
+
+ cc, tryCount, has = selectRandomConnection(s.rand, s.all, true)
+ failedCount += tryCount
+ if has {
+ return cc, failedCount
+ }
+
+ return nilConn, failedCount
+}
+
+func (s *connections[T]) preferConnection(ctx context.Context) (nilConn T, has bool) {
+ if e, hasPreferEndpoint := ContextEndpoint(ctx); hasPreferEndpoint {
+ cc, ok := s.connByNodeID[e.NodeID()]
+ if ok && cc.Ready() {
+ return cc, true
+ }
+ }
+
+ return nilConn, false
+}
+
+func selectRandomConnection[T conn.Info](
+ r xrand.Rand, conns []T, notReadyIsOk bool,
+) (nilConn T, failedConns int, has bool) {
+ connCount := len(conns)
+ if connCount == 0 {
+ // return for empty list need for prevent panic in fast path
+ return nilConn, 0, false
+ }
+
+ // fast path
+ if cc := conns[r.Int(connCount)]; cc.Ready() {
+ return cc, 0, true
+ }
+
+ // shuffled indexes slices need for guarantee about every connection will check
+ indexes := make([]int, connCount)
+ for index := range indexes {
+ indexes[index] = index
+ }
+ r.Shuffle(connCount, func(i, j int) {
+ indexes[i], indexes[j] = indexes[j], indexes[i]
+ })
+
+ for _, index := range indexes {
+ if cc := conns[index]; notReadyIsOk || cc.Ready() {
+ return cc, 0, true
+ }
+ failedConns++
+ }
+
+ return nilConn, failedConns, false
+}
+
+func connsToNodeIDMap[T conn.Info](conns []T) (nodes map[uint32]T) {
+ if len(conns) == 0 {
+ return nil
+ }
+ nodes = make(map[uint32]T, len(conns))
+ for _, c := range conns {
+ nodes[c.NodeID()] = c
+ }
+
+ return nodes
+}
+
+func sortPreferConnections[T conn.Info](
+ conns []T,
+ filter balancerConfig.Filter,
+ info balancerConfig.Info,
+ allowFallback bool,
+) (prefer, fallback []T) {
+ if filter == nil {
+ return conns, nil
+ }
+
+ prefer = make([]T, 0, len(conns))
+ if allowFallback {
+ fallback = make([]T, 0, len(conns))
+ }
+
+ for _, c := range conns {
+ if filter(info, c) {
+ prefer = append(prefer, c)
+ } else if allowFallback {
+ fallback = append(fallback, c)
+ }
+ }
+
+ return prefer, fallback
+}
diff --git a/internal/balancer/connections_state.go b/internal/balancer/connections_state.go
deleted file mode 100644
index e9196ead7..000000000
--- a/internal/balancer/connections_state.go
+++ /dev/null
@@ -1,165 +0,0 @@
-package balancer
-
-import (
- "context"
-
- balancerConfig "github.com/ydb-platform/ydb-go-sdk/v3/internal/balancer/config"
- "github.com/ydb-platform/ydb-go-sdk/v3/internal/conn"
- "github.com/ydb-platform/ydb-go-sdk/v3/internal/xrand"
-)
-
-type connectionsState struct {
- connByNodeID map[uint32]conn.Conn
-
- prefer []conn.Conn
- fallback []conn.Conn
- all []conn.Conn
-
- rand xrand.Rand
-}
-
-func newConnectionsState(
- conns []conn.Conn,
- filter balancerConfig.Filter,
- info balancerConfig.Info,
- allowFallback bool,
-) *connectionsState {
- res := &connectionsState{
- connByNodeID: connsToNodeIDMap(conns),
- rand: xrand.New(xrand.WithLock()),
- }
-
- res.prefer, res.fallback = sortPreferConnections(conns, filter, info, allowFallback)
- if allowFallback {
- res.all = conns
- } else {
- res.all = res.prefer
- }
-
- return res
-}
-
-func (s *connectionsState) PreferredCount() int {
- return len(s.prefer)
-}
-
-func (s *connectionsState) GetConnection(ctx context.Context) (_ conn.Conn, failedCount int) {
- if err := ctx.Err(); err != nil {
- return nil, 0
- }
-
- if c := s.preferConnection(ctx); c != nil {
- return c, 0
- }
-
- try := func(conns []conn.Conn) conn.Conn {
- c, tryFailed := s.selectRandomConnection(conns, false)
- failedCount += tryFailed
-
- return c
- }
-
- if c := try(s.prefer); c != nil {
- return c, failedCount
- }
-
- if c := try(s.fallback); c != nil {
- return c, failedCount
- }
-
- c, _ := s.selectRandomConnection(s.all, true)
-
- return c, failedCount
-}
-
-func (s *connectionsState) preferConnection(ctx context.Context) conn.Conn {
- if e, hasPreferEndpoint := ContextEndpoint(ctx); hasPreferEndpoint {
- c := s.connByNodeID[e.NodeID()]
- if c != nil && isOkConnection(c, true) {
- return c
- }
- }
-
- return nil
-}
-
-func (s *connectionsState) selectRandomConnection(conns []conn.Conn, allowBanned bool) (c conn.Conn, failedConns int) {
- connCount := len(conns)
- if connCount == 0 {
- // return for empty list need for prevent panic in fast path
- return nil, 0
- }
-
- // fast path
- if c := conns[s.rand.Int(connCount)]; isOkConnection(c, allowBanned) {
- return c, 0
- }
-
- // shuffled indexes slices need for guarantee about every connection will check
- indexes := make([]int, connCount)
- for index := range indexes {
- indexes[index] = index
- }
- s.rand.Shuffle(connCount, func(i, j int) {
- indexes[i], indexes[j] = indexes[j], indexes[i]
- })
-
- for _, index := range indexes {
- c := conns[index]
- if isOkConnection(c, allowBanned) {
- return c, 0
- }
- failedConns++
- }
-
- return nil, failedConns
-}
-
-func connsToNodeIDMap(conns []conn.Conn) (nodes map[uint32]conn.Conn) {
- if len(conns) == 0 {
- return nil
- }
- nodes = make(map[uint32]conn.Conn, len(conns))
- for _, c := range conns {
- nodes[c.Endpoint().NodeID()] = c
- }
-
- return nodes
-}
-
-func sortPreferConnections(
- conns []conn.Conn,
- filter balancerConfig.Filter,
- info balancerConfig.Info,
- allowFallback bool,
-) (prefer, fallback []conn.Conn) {
- if filter == nil {
- return conns, nil
- }
-
- prefer = make([]conn.Conn, 0, len(conns))
- if allowFallback {
- fallback = make([]conn.Conn, 0, len(conns))
- }
-
- for _, c := range conns {
- if filter.Allow(info, c) {
- prefer = append(prefer, c)
- } else if allowFallback {
- fallback = append(fallback, c)
- }
- }
-
- return prefer, fallback
-}
-
-func isOkConnection(c conn.Conn, bannedIsOk bool) bool {
- switch c.GetState() {
- case conn.Online, conn.Created, conn.Offline:
- return true
- case conn.Banned:
- return bannedIsOk
- default:
- return false
- }
-}
diff --git a/internal/balancer/connections_state_test.go b/internal/balancer/connections_state_test.go
deleted file mode 100644
index b052b3933..000000000
--- a/internal/balancer/connections_state_test.go
+++ /dev/null
@@ -1,463 +0,0 @@
-package balancer
-
-import (
- "context"
- "strings"
- "testing"
-
- "github.com/stretchr/testify/require"
-
- balancerConfig "github.com/ydb-platform/ydb-go-sdk/v3/internal/balancer/config"
- "github.com/ydb-platform/ydb-go-sdk/v3/internal/conn"
- "github.com/ydb-platform/ydb-go-sdk/v3/internal/mock"
-)
-
-func TestConnsToNodeIDMap(t *testing.T) {
- table := []struct {
- name string
- source []conn.Conn
- res map[uint32]conn.Conn
- }{
- {
- name: "Empty",
- source: nil,
- res: nil,
- },
- {
- name: "Zero",
- source: []conn.Conn{
- &mock.Conn{NodeIDField: 0},
- },
- res: map[uint32]conn.Conn{
- 0: &mock.Conn{NodeIDField: 0},
- },
- },
- {
- name: "NonZero",
- source: []conn.Conn{
- &mock.Conn{NodeIDField: 1},
- &mock.Conn{NodeIDField: 10},
- },
- res: map[uint32]conn.Conn{
- 1: &mock.Conn{NodeIDField: 1},
- 10: &mock.Conn{NodeIDField: 10},
- },
- },
- {
- name: "Combined",
- source: []conn.Conn{
- &mock.Conn{NodeIDField: 1},
- &mock.Conn{NodeIDField: 0},
- &mock.Conn{NodeIDField: 10},
- },
- res: map[uint32]conn.Conn{
- 0: &mock.Conn{NodeIDField: 0},
- 1: &mock.Conn{NodeIDField: 1},
- 10: &mock.Conn{NodeIDField: 10},
- },
- },
- }
-
- for _, test := range table {
- t.Run(test.name, func(t *testing.T) {
- require.Equal(t, test.res, connsToNodeIDMap(test.source))
- })
- }
-}
-
-type filterFunc func(info balancerConfig.Info, c conn.Conn) bool
-
-func (f filterFunc) Allow(info balancerConfig.Info, c conn.Conn) bool {
- return f(info, c)
-}
-
-func (f filterFunc) String() string {
- return "Custom"
-}
-
-func TestSortPreferConnections(t *testing.T) {
- table := []struct {
- name string
- source []conn.Conn
- allowFallback bool
- filter balancerConfig.Filter
- prefer []conn.Conn
- fallback []conn.Conn
- }{
- {
- name: "Empty",
- source: nil,
- allowFallback: false,
- filter: nil,
- prefer: nil,
- fallback: nil,
- },
- {
- name: "NilFilter",
- source: []conn.Conn{
- &mock.Conn{AddrField: "1"},
- &mock.Conn{AddrField: "2"},
- },
- allowFallback: false,
- filter: nil,
- prefer: []conn.Conn{
- &mock.Conn{AddrField: "1"},
- &mock.Conn{AddrField: "2"},
- },
- fallback: nil,
- },
- {
- name: "FilterNoFallback",
- source: []conn.Conn{
- &mock.Conn{AddrField: "t1"},
- &mock.Conn{AddrField: "f1"},
- &mock.Conn{AddrField: "t2"},
- &mock.Conn{AddrField: "f2"},
- },
- allowFallback: false,
- filter: filterFunc(func(_ balancerConfig.Info, c conn.Conn) bool {
- return strings.HasPrefix(c.Endpoint().Address(), "t")
- }),
- prefer: []conn.Conn{
- &mock.Conn{AddrField: "t1"},
- &mock.Conn{AddrField: "t2"},
- },
- fallback: nil,
- },
- {
- name: "FilterWithFallback",
- source: []conn.Conn{
- &mock.Conn{AddrField: "t1"},
- &mock.Conn{AddrField: "f1"},
- &mock.Conn{AddrField: "t2"},
- &mock.Conn{AddrField: "f2"},
- },
- allowFallback: true,
- filter: filterFunc(func(_ balancerConfig.Info, c conn.Conn) bool {
- return strings.HasPrefix(c.Endpoint().Address(), "t")
- }),
- prefer: []conn.Conn{
- &mock.Conn{AddrField: "t1"},
- &mock.Conn{AddrField: "t2"},
- },
- fallback: []conn.Conn{
- &mock.Conn{AddrField: "f1"},
- &mock.Conn{AddrField: "f2"},
- },
- },
- }
-
- for _, test := range table {
- t.Run(test.name, func(t *testing.T) {
- prefer, fallback := sortPreferConnections(test.source, test.filter, balancerConfig.Info{}, test.allowFallback)
- require.Equal(t, test.prefer, prefer)
- require.Equal(t, test.fallback, fallback)
- })
- }
-}
-
-func TestSelectRandomConnection(t *testing.T) {
- s := newConnectionsState(nil, nil, balancerConfig.Info{}, false)
-
- t.Run("Empty", func(t *testing.T) {
- c, failedCount := s.selectRandomConnection(nil, false)
- require.Nil(t, c)
- require.Equal(t, 0, failedCount)
- })
-
- t.Run("One", func(t *testing.T) {
- for _, goodState := range []conn.State{conn.Online, conn.Offline, conn.Created} {
- c, failedCount := s.selectRandomConnection([]conn.Conn{&mock.Conn{AddrField: "asd", State: goodState}}, false)
- require.Equal(t, &mock.Conn{AddrField: "asd", State: goodState}, c)
- require.Equal(t, 0, failedCount)
- }
- })
- t.Run("OneBanned", func(t *testing.T) {
- c, failedCount := s.selectRandomConnection([]conn.Conn{&mock.Conn{AddrField: "asd", State: conn.Banned}}, false)
- require.Nil(t, c)
- require.Equal(t, 1, failedCount)
-
- c, failedCount = s.selectRandomConnection([]conn.Conn{&mock.Conn{AddrField: "asd", State: conn.Banned}}, true)
- require.Equal(t, &mock.Conn{AddrField: "asd", State: conn.Banned}, c)
- require.Equal(t, 0, failedCount)
- })
- t.Run("Two", func(t *testing.T) {
- conns := []conn.Conn{
- &mock.Conn{AddrField: "1", State: conn.Online},
- &mock.Conn{AddrField: "2", State: conn.Online},
- }
- first := 0
- second := 0
- for i := 0; i < 100; i++ {
- c, _ := s.selectRandomConnection(conns, false)
- if c.Endpoint().Address() == "1" {
- first++
- } else {
- second++
- }
- }
- require.Equal(t, 100, first+second)
- require.InDelta(t, 50, first, 21)
- require.InDelta(t, 50, second, 21)
- })
- t.Run("TwoBanned", func(t *testing.T) {
- conns := []conn.Conn{
- &mock.Conn{AddrField: "1", State: conn.Banned},
- &mock.Conn{AddrField: "2", State: conn.Banned},
- }
- totalFailed := 0
- for i := 0; i < 100; i++ {
- c, failed := s.selectRandomConnection(conns, false)
- require.Nil(t, c)
- totalFailed += failed
- }
- require.Equal(t, 200, totalFailed)
- })
- t.Run("ThreeWithBanned", func(t *testing.T) {
- conns := []conn.Conn{
- &mock.Conn{AddrField: "1", State: conn.Online},
- &mock.Conn{AddrField: "2", State: conn.Online},
- &mock.Conn{AddrField: "3", State: conn.Banned},
- }
- first := 0
- second := 0
- failed := 0
- for i := 0; i < 100; i++ {
- c, checkFailed := s.selectRandomConnection(conns, false)
- failed += checkFailed
- switch c.Endpoint().Address() {
- case "1":
- first++
- case "2":
- second++
- default:
- t.Errorf(c.Endpoint().Address())
- }
- }
- require.Equal(t, 100, first+second)
- require.InDelta(t, 50, first, 21)
- require.InDelta(t, 50, second, 21)
- require.Greater(t, 10, failed)
- })
-}
-
-func TestNewState(t *testing.T) {
- table := []struct {
- name string
- state *connectionsState
- res *connectionsState
- }{
- {
- name: "Empty",
- state: newConnectionsState(nil, nil, balancerConfig.Info{}, false),
- res: &connectionsState{
- connByNodeID: nil,
- prefer: nil,
- fallback: nil,
- all: nil,
- },
- },
- {
- name: "NoFilter",
- state: newConnectionsState([]conn.Conn{
- &mock.Conn{AddrField: "1", NodeIDField: 1},
- &mock.Conn{AddrField: "2", NodeIDField: 2},
- }, nil, balancerConfig.Info{}, false),
- res: &connectionsState{
- connByNodeID: map[uint32]conn.Conn{
- 1: &mock.Conn{AddrField: "1", NodeIDField: 1},
- 2: &mock.Conn{AddrField: "2", NodeIDField: 2},
- },
- prefer: []conn.Conn{
- &mock.Conn{AddrField: "1", NodeIDField: 1},
- &mock.Conn{AddrField: "2", NodeIDField: 2},
- },
- fallback: nil,
- all: []conn.Conn{
- &mock.Conn{AddrField: "1", NodeIDField: 1},
- &mock.Conn{AddrField: "2", NodeIDField: 2},
- },
- },
- },
- {
- name: "FilterDenyFallback",
- state: newConnectionsState([]conn.Conn{
- &mock.Conn{AddrField: "t1", NodeIDField: 1, LocationField: "t"},
- &mock.Conn{AddrField: "f1", NodeIDField: 2, LocationField: "f"},
- &mock.Conn{AddrField: "t2", NodeIDField: 3, LocationField: "t"},
- &mock.Conn{AddrField: "f2", NodeIDField: 4, LocationField: "f"},
- }, filterFunc(func(info balancerConfig.Info, c conn.Conn) bool {
- return info.SelfLocation == c.Endpoint().Location()
- }), balancerConfig.Info{SelfLocation: "t"}, false),
- res: &connectionsState{
- connByNodeID: map[uint32]conn.Conn{
- 1: &mock.Conn{AddrField: "t1", NodeIDField: 1, LocationField: "t"},
- 2: &mock.Conn{AddrField: "f1", NodeIDField: 2, LocationField: "f"},
- 3: &mock.Conn{AddrField: "t2", NodeIDField: 3, LocationField: "t"},
- 4: &mock.Conn{AddrField: "f2", NodeIDField: 4, LocationField: "f"},
- },
- prefer: []conn.Conn{
- &mock.Conn{AddrField: "t1", NodeIDField: 1, LocationField: "t"},
- &mock.Conn{AddrField: "t2", NodeIDField: 3, LocationField: "t"},
- },
- fallback: nil,
- all: []conn.Conn{
- &mock.Conn{AddrField: "t1", NodeIDField: 1, LocationField: "t"},
- &mock.Conn{AddrField: "t2", NodeIDField: 3, LocationField: "t"},
- },
- },
- },
- {
- name: "FilterAllowFallback",
- state: newConnectionsState([]conn.Conn{
- &mock.Conn{AddrField: "t1", NodeIDField: 1, LocationField: "t"},
- &mock.Conn{AddrField: "f1", NodeIDField: 2, LocationField: "f"},
- &mock.Conn{AddrField: "t2", NodeIDField: 3, LocationField: "t"},
- &mock.Conn{AddrField: "f2", NodeIDField: 4, LocationField: "f"},
- }, filterFunc(func(info balancerConfig.Info, c conn.Conn) bool {
- return info.SelfLocation == c.Endpoint().Location()
- }), balancerConfig.Info{SelfLocation: "t"}, true),
- res: &connectionsState{
- connByNodeID: map[uint32]conn.Conn{
- 1: &mock.Conn{AddrField: "t1", NodeIDField: 1, LocationField: "t"},
- 2: &mock.Conn{AddrField: "f1", NodeIDField: 2, LocationField: "f"},
- 3: &mock.Conn{AddrField: "t2", NodeIDField: 3, LocationField: "t"},
- 4: &mock.Conn{AddrField: "f2", NodeIDField: 4, LocationField: "f"},
- },
- prefer: []conn.Conn{
- &mock.Conn{AddrField: "t1", NodeIDField: 1, LocationField: "t"},
- &mock.Conn{AddrField: "t2", NodeIDField: 3, LocationField: "t"},
- },
- fallback: []conn.Conn{
- &mock.Conn{AddrField: "f1", NodeIDField: 2, LocationField: "f"},
- &mock.Conn{AddrField: "f2", NodeIDField: 4, LocationField: "f"},
- },
- all: []conn.Conn{
- &mock.Conn{AddrField: "t1", NodeIDField: 1, LocationField: "t"},
- &mock.Conn{AddrField: "f1", NodeIDField: 2, LocationField: "f"},
- &mock.Conn{AddrField: "t2", NodeIDField: 3, LocationField: "t"},
- &mock.Conn{AddrField: "f2", NodeIDField: 4, LocationField: "f"},
- },
- },
- },
- {
- name: "WithNodeID",
- state: newConnectionsState([]conn.Conn{
- &mock.Conn{AddrField: "t1", NodeIDField: 1, LocationField: "t"},
- &mock.Conn{AddrField: "f1", NodeIDField: 2, LocationField: "f"},
- &mock.Conn{AddrField: "t2", NodeIDField: 3, LocationField: "t"},
- &mock.Conn{AddrField: "f2", NodeIDField: 4, LocationField: "f"},
- }, filterFunc(func(info balancerConfig.Info, c conn.Conn) bool {
- return info.SelfLocation == c.Endpoint().Location()
- }), balancerConfig.Info{SelfLocation: "t"}, true),
- res: &connectionsState{
- connByNodeID: map[uint32]conn.Conn{
- 1: &mock.Conn{AddrField: "t1", NodeIDField: 1, LocationField: "t"},
- 2: &mock.Conn{AddrField: "f1", NodeIDField: 2, LocationField: "f"},
- 3: &mock.Conn{AddrField: "t2", NodeIDField: 3, LocationField: "t"},
- 4: &mock.Conn{AddrField: "f2", NodeIDField: 4, LocationField: "f"},
- },
- prefer: []conn.Conn{
- &mock.Conn{AddrField: "t1", NodeIDField: 1, LocationField: "t"},
- &mock.Conn{AddrField: "t2", NodeIDField: 3, LocationField: "t"},
- },
- fallback: []conn.Conn{
- &mock.Conn{AddrField: "f1", NodeIDField: 2, LocationField: "f"},
- &mock.Conn{AddrField: "f2", NodeIDField: 4, LocationField: "f"},
- },
- all: []conn.Conn{
- &mock.Conn{AddrField: "t1", NodeIDField: 1, LocationField: "t"},
- &mock.Conn{AddrField: "f1", NodeIDField: 2, LocationField: "f"},
- &mock.Conn{AddrField: "t2", NodeIDField: 3, LocationField: "t"},
- &mock.Conn{AddrField: "f2", NodeIDField: 4, LocationField: "f"},
- },
- },
- },
- }
-
- for _, test := range table {
- t.Run(test.name, func(t *testing.T) {
- require.NotNil(t, test.state.rand)
- test.state.rand = nil
- require.Equal(t, test.res, test.state)
- })
- }
-}
-
-func TestConnection(t *testing.T) {
- t.Run("Empty", func(t *testing.T) {
- s := newConnectionsState(nil, nil, balancerConfig.Info{}, false)
- c, failed := s.GetConnection(context.Background())
- require.Nil(t, c)
- require.Equal(t, 0, failed)
- })
- t.Run("AllGood", func(t *testing.T) {
- s := newConnectionsState([]conn.Conn{
- &mock.Conn{AddrField: "1", State: conn.Online},
- &mock.Conn{AddrField: "2", State: conn.Online},
- }, nil, balancerConfig.Info{}, false)
- c, failed := s.GetConnection(context.Background())
- require.NotNil(t, c)
- require.Equal(t, 0, failed)
- })
- t.Run("WithBanned", func(t *testing.T) {
- s := newConnectionsState([]conn.Conn{
- &mock.Conn{AddrField: "1", State: conn.Online},
- &mock.Conn{AddrField: "2", State: conn.Banned},
- }, nil, balancerConfig.Info{}, false)
- c, _ := s.GetConnection(context.Background())
- require.Equal(t, &mock.Conn{AddrField: "1", State: conn.Online}, c)
- })
- t.Run("AllBanned", func(t *testing.T) {
- s := newConnectionsState([]conn.Conn{
- &mock.Conn{AddrField: "t1", State: conn.Banned, LocationField: "t"},
- &mock.Conn{AddrField: "f2", State: conn.Banned, LocationField: "f"},
- }, filterFunc(func(info balancerConfig.Info, c conn.Conn) bool {
- return c.Endpoint().Location() == info.SelfLocation
- }), balancerConfig.Info{}, true)
- preferred := 0
- fallback := 0
- for i := 0; i < 100; i++ {
- c, failed := s.GetConnection(context.Background())
- require.NotNil(t, c)
- require.Equal(t, 2, failed)
- if c.Endpoint().Address() == "t1" {
- preferred++
- } else {
- fallback++
- }
- }
- require.Equal(t, 100, preferred+fallback)
- require.InDelta(t, 50, preferred, 21)
- require.InDelta(t, 50, fallback, 21)
- })
- t.Run("PreferBannedWithFallback", func(t *testing.T) {
- s := newConnectionsState([]conn.Conn{
- &mock.Conn{AddrField: "t1", State: conn.Banned, LocationField: "t"},
- &mock.Conn{AddrField: "f2", State: conn.Online, LocationField: "f"},
- }, filterFunc(func(info balancerConfig.Info, c conn.Conn) bool {
- return c.Endpoint().Location() == info.SelfLocation
- }), balancerConfig.Info{SelfLocation: "t"}, true)
- c, failed := s.GetConnection(context.Background())
- require.Equal(t, &mock.Conn{AddrField: "f2", State: conn.Online, LocationField: "f"}, c)
- require.Equal(t, 1, failed)
- })
- t.Run("PreferNodeID", func(t *testing.T) {
- s := newConnectionsState([]conn.Conn{
- &mock.Conn{AddrField: "1", State: conn.Online, NodeIDField: 1},
- &mock.Conn{AddrField: "2", State: conn.Online, NodeIDField: 2},
- }, nil, balancerConfig.Info{}, false)
- c, failed := s.GetConnection(WithEndpoint(context.Background(), &mock.Endpoint{AddrField: "2", NodeIDField: 2}))
- require.Equal(t, &mock.Conn{AddrField: "2", State: conn.Online, NodeIDField: 2}, c)
- require.Equal(t, 0, failed)
- })
- t.Run("PreferNodeIDWithBadState", func(t *testing.T) {
- s := newConnectionsState([]conn.Conn{
- &mock.Conn{AddrField: "1", State: conn.Online, NodeIDField: 1},
- &mock.Conn{AddrField: "2", State: conn.Unknown, NodeIDField: 2},
- }, nil, balancerConfig.Info{}, false)
- c, failed := s.GetConnection(WithEndpoint(context.Background(), &mock.Endpoint{AddrField: "2", NodeIDField: 2}))
- require.Equal(t, &mock.Conn{AddrField: "1", State: conn.Online, NodeIDField: 1}, c)
- require.Equal(t, 0, failed)
- })
-}
diff --git a/internal/balancer/connections_test.go b/internal/balancer/connections_test.go
new file mode 100644
index 000000000..dbff96048
--- /dev/null
+++ b/internal/balancer/connections_test.go
@@ -0,0 +1,586 @@
+package balancer
+
+import (
+ "context"
+ "strings"
+ "testing"
+
+ "github.com/stretchr/testify/require"
+ "google.golang.org/grpc/connectivity"
+
+ balancerConfig "github.com/ydb-platform/ydb-go-sdk/v3/internal/balancer/config"
+ "github.com/ydb-platform/ydb-go-sdk/v3/internal/conn"
+ "github.com/ydb-platform/ydb-go-sdk/v3/internal/mock"
+ "github.com/ydb-platform/ydb-go-sdk/v3/internal/xrand"
+)
+
+func TestConnsToNodeIDMap(t *testing.T) {
+ table := []struct {
+ name string
+ source []conn.Info
+ res map[uint32]conn.Info
+ }{
+ {
+ name: "Empty",
+ source: nil,
+ res: nil,
+ },
+ {
+ name: "Zero",
+ source: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{NodeIDField: 0}},
+ },
+ res: map[uint32]conn.Info{
+ 0: &mock.Conn{EndpointField: &mock.Endpoint{NodeIDField: 0}},
+ },
+ },
+ {
+ name: "NonZero",
+ source: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{NodeIDField: 1}},
+ &mock.Conn{EndpointField: &mock.Endpoint{NodeIDField: 10}},
+ },
+ res: map[uint32]conn.Info{
+ 1: &mock.Conn{EndpointField: &mock.Endpoint{NodeIDField: 1}},
+ 10: &mock.Conn{EndpointField: &mock.Endpoint{NodeIDField: 10}},
+ },
+ },
+ {
+ name: "Combined",
+ source: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{NodeIDField: 1}},
+ &mock.Conn{EndpointField: &mock.Endpoint{NodeIDField: 0}},
+ &mock.Conn{EndpointField: &mock.Endpoint{NodeIDField: 10}},
+ },
+ res: map[uint32]conn.Info{
+ 0: &mock.Conn{EndpointField: &mock.Endpoint{NodeIDField: 0}},
+ 1: &mock.Conn{EndpointField: &mock.Endpoint{NodeIDField: 1}},
+ 10: &mock.Conn{EndpointField: &mock.Endpoint{NodeIDField: 10}},
+ },
+ },
+ }
+
+ for _, test := range table {
+ t.Run(test.name, func(t *testing.T) {
+ require.Equal(t, test.res, connsToNodeIDMap(test.source))
+ })
+ }
+}
+
+type filterFunc func(info balancerConfig.Info, c conn.Info) bool
+
+func (f filterFunc) Allow(info balancerConfig.Info, c conn.Info) bool {
+ return f(info, c)
+}
+
+func (f filterFunc) String() string {
+ return "Custom"
+}
+
+func TestSortPreferConnections(t *testing.T) {
+ table := []struct {
+ name string
+ source []conn.Info
+ allowFallback bool
+ filter balancerConfig.Filter
+ prefer []conn.Info
+ fallback []conn.Info
+ }{
+ {
+ name: "Empty",
+ source: nil,
+ allowFallback: false,
+ filter: nil,
+ prefer: nil,
+ fallback: nil,
+ },
+ {
+ name: "NilFilter",
+ source: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "1"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "2"}},
+ },
+ allowFallback: false,
+ filter: nil,
+ prefer: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "1"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "2"}},
+ },
+ fallback: nil,
+ },
+ {
+ name: "FilterNoFallback",
+ source: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t1"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f1"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t2"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f2"}},
+ },
+ allowFallback: false,
+ filter: func(_ balancerConfig.Info, c conn.Info) bool {
+ return strings.HasPrefix(c.Address(), "t")
+ },
+ prefer: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t1"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t2"}},
+ },
+ fallback: nil,
+ },
+ {
+ name: "FilterWithFallback",
+ source: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t1"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f1"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t2"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f2"}},
+ },
+ allowFallback: true,
+ filter: func(_ balancerConfig.Info, c conn.Info) bool {
+ return strings.HasPrefix(c.Address(), "t")
+ },
+ prefer: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t1"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t2"}},
+ },
+ fallback: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f1"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f2"}},
+ },
+ },
+ }
+
+ for _, test := range table {
+ t.Run(test.name, func(t *testing.T) {
+ prefer, fallback := sortPreferConnections(test.source, test.filter, balancerConfig.Info{}, test.allowFallback)
+ require.Equal(t, test.prefer, prefer)
+ require.Equal(t, test.fallback, fallback)
+ })
+ }
+}
+
+func TestSelectRandomConnection(t *testing.T) {
+ r := xrand.New(xrand.WithLock())
+
+ t.Run("Empty", func(t *testing.T) {
+ c, failedCount, has := selectRandomConnection[conn.Info](r, nil, true)
+ require.False(t, has)
+ require.Nil(t, c)
+ require.Equal(t, 0, failedCount)
+ })
+
+ t.Run("One", func(t *testing.T) {
+ for _, goodState := range []conn.State{connectivity.Ready, connectivity.Idle, connectivity.Connecting} {
+ c, failedCount, has := selectRandomConnection(r,
+ []conn.Info{
+ &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "asd"},
+ StateField: goodState,
+ },
+ }, true,
+ )
+ require.True(t, has)
+ require.NotNil(t, c)
+ require.Equal(t, &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "asd"},
+ StateField: goodState,
+ }, c)
+ require.Equal(t, 0, failedCount)
+ }
+ })
+ t.Run("OneBanned", func(t *testing.T) {
+ c, failedCount, has := selectRandomConnection(r,
+ []conn.Info{&mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "asd"},
+ StateField: connectivity.TransientFailure,
+ }}, false,
+ )
+ require.False(t, has)
+ require.Nil(t, c)
+ require.Equal(t, 1, failedCount)
+
+ c, failedCount, has = selectRandomConnection(r,
+ []conn.Info{&mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "asd"},
+ StateField: connectivity.TransientFailure,
+ }}, true,
+ )
+ require.True(t, has)
+ require.Equal(t, &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "asd"},
+ StateField: connectivity.TransientFailure,
+ }, c)
+ require.Equal(t, 0, failedCount)
+ })
+ t.Run("Two", func(t *testing.T) {
+ conns := []conn.Info{
+ &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "1"},
+ StateField: connectivity.Ready,
+ },
+ &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "2"},
+ StateField: connectivity.Ready,
+ },
+ }
+ first := 0
+ second := 0
+ for i := 0; i < 100; i++ {
+ c, _, has := selectRandomConnection(r, conns, false)
+ require.True(t, has)
+ require.NotNil(t, c)
+ if c.Address() == "1" {
+ first++
+ } else {
+ second++
+ }
+ }
+ require.Equal(t, 100, first+second)
+ require.InDelta(t, 50, first, 21)
+ require.InDelta(t, 50, second, 21)
+ })
+ t.Run("TwoBanned", func(t *testing.T) {
+ conns := []conn.Info{
+ &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "1"},
+ StateField: connectivity.TransientFailure,
+ },
+ &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "2"},
+ StateField: connectivity.TransientFailure,
+ },
+ }
+ totalFailed := 0
+ for i := 0; i < 100; i++ {
+ c, failed, has := selectRandomConnection(r, conns, false)
+ require.False(t, has)
+ require.Nil(t, c)
+ totalFailed += failed
+ }
+ require.Equal(t, 200, totalFailed)
+ })
+ t.Run("ThreeWithBanned", func(t *testing.T) {
+ conns := []conn.Info{
+ &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "1"},
+ StateField: connectivity.Ready,
+ },
+ &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "2"},
+ StateField: connectivity.Ready,
+ },
+ &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "3"},
+ StateField: connectivity.TransientFailure,
+ },
+ }
+ first := 0
+ second := 0
+ failed := 0
+ for i := 0; i < 100; i++ {
+ c, checkFailed, has := selectRandomConnection(r, conns, false)
+ failed += checkFailed
+ require.True(t, has)
+ require.NotNil(t, c)
+ switch c.Address() {
+ case "1":
+ first++
+ case "2":
+ second++
+ default:
+ t.Errorf(c.Address())
+ }
+ }
+ require.Equal(t, 100, first+second)
+ require.InDelta(t, 50, first, 21)
+ require.InDelta(t, 50, second, 21)
+ require.Greater(t, 10, failed)
+ })
+}
+
+func TestNewConnections(t *testing.T) {
+ table := []struct {
+ name string
+ state *connections[conn.Info]
+ res *connections[conn.Info]
+ }{
+ {
+ name: "Empty",
+ state: newConnections[conn.Info](nil, nil, balancerConfig.Info{}, false),
+ res: &connections[conn.Info]{
+ connByNodeID: nil,
+ prefer: nil,
+ fallback: nil,
+ all: nil,
+ },
+ },
+ {
+ name: "NoFilter",
+ state: newConnections([]conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "1", NodeIDField: 1}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "2", NodeIDField: 2}},
+ }, nil, balancerConfig.Info{}, false),
+ res: &connections[conn.Info]{
+ connByNodeID: map[uint32]conn.Info{
+ 1: &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "1", NodeIDField: 1}},
+ 2: &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "2", NodeIDField: 2}},
+ },
+ prefer: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "1", NodeIDField: 1}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "2", NodeIDField: 2}},
+ },
+ fallback: nil,
+ all: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "1", NodeIDField: 1}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "2", NodeIDField: 2}},
+ },
+ },
+ },
+ {
+ name: "FilterDenyFallback",
+ state: newConnections([]conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t1", NodeIDField: 1, LocationField: "t"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f1", NodeIDField: 2, LocationField: "f"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t2", NodeIDField: 3, LocationField: "t"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f2", NodeIDField: 4, LocationField: "f"}},
+ }, func(info balancerConfig.Info, c conn.Info) bool {
+ return info.SelfLocation == c.Location()
+ }, balancerConfig.Info{SelfLocation: "t"}, false),
+ res: &connections[conn.Info]{
+ connByNodeID: map[uint32]conn.Info{
+ 1: &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t1", NodeIDField: 1, LocationField: "t"}},
+ 2: &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f1", NodeIDField: 2, LocationField: "f"}},
+ 3: &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t2", NodeIDField: 3, LocationField: "t"}},
+ 4: &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f2", NodeIDField: 4, LocationField: "f"}},
+ },
+ prefer: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t1", NodeIDField: 1, LocationField: "t"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t2", NodeIDField: 3, LocationField: "t"}},
+ },
+ fallback: nil,
+ all: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t1", NodeIDField: 1, LocationField: "t"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t2", NodeIDField: 3, LocationField: "t"}},
+ },
+ },
+ },
+ {
+ name: "FilterAllowFallback",
+ state: newConnections([]conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t1", NodeIDField: 1, LocationField: "t"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f1", NodeIDField: 2, LocationField: "f"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t2", NodeIDField: 3, LocationField: "t"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f2", NodeIDField: 4, LocationField: "f"}},
+ }, func(info balancerConfig.Info, c conn.Info) bool {
+ return info.SelfLocation == c.Location()
+ }, balancerConfig.Info{SelfLocation: "t"}, true),
+ res: &connections[conn.Info]{
+ connByNodeID: map[uint32]conn.Info{
+ 1: &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t1", NodeIDField: 1, LocationField: "t"}},
+ 2: &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f1", NodeIDField: 2, LocationField: "f"}},
+ 3: &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t2", NodeIDField: 3, LocationField: "t"}},
+ 4: &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f2", NodeIDField: 4, LocationField: "f"}},
+ },
+ prefer: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t1", NodeIDField: 1, LocationField: "t"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t2", NodeIDField: 3, LocationField: "t"}},
+ },
+ fallback: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f1", NodeIDField: 2, LocationField: "f"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f2", NodeIDField: 4, LocationField: "f"}},
+ },
+ all: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t1", NodeIDField: 1, LocationField: "t"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f1", NodeIDField: 2, LocationField: "f"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t2", NodeIDField: 3, LocationField: "t"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f2", NodeIDField: 4, LocationField: "f"}},
+ },
+ },
+ },
+ {
+ name: "WithNodeID",
+ state: newConnections([]conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t1", NodeIDField: 1, LocationField: "t"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f1", NodeIDField: 2, LocationField: "f"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t2", NodeIDField: 3, LocationField: "t"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f2", NodeIDField: 4, LocationField: "f"}},
+ }, func(info balancerConfig.Info, c conn.Info) bool {
+ return info.SelfLocation == c.Location()
+ }, balancerConfig.Info{SelfLocation: "t"}, true),
+ res: &connections[conn.Info]{
+ connByNodeID: map[uint32]conn.Info{
+ 1: &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t1", NodeIDField: 1, LocationField: "t"}},
+ 2: &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f1", NodeIDField: 2, LocationField: "f"}},
+ 3: &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t2", NodeIDField: 3, LocationField: "t"}},
+ 4: &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f2", NodeIDField: 4, LocationField: "f"}},
+ },
+ prefer: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t1", NodeIDField: 1, LocationField: "t"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t2", NodeIDField: 3, LocationField: "t"}},
+ },
+ fallback: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f1", NodeIDField: 2, LocationField: "f"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f2", NodeIDField: 4, LocationField: "f"}},
+ },
+ all: []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t1", NodeIDField: 1, LocationField: "t"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f1", NodeIDField: 2, LocationField: "f"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "t2", NodeIDField: 3, LocationField: "t"}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "f2", NodeIDField: 4, LocationField: "f"}},
+ },
+ },
+ },
+ }
+
+ for _, test := range table {
+ t.Run(test.name, func(t *testing.T) {
+ require.NotNil(t, test.state.rand)
+ test.state.rand = nil
+ require.Equal(t, test.res, test.state)
+ })
+ }
+}
+
+func TestConnection(t *testing.T) {
+ t.Run("Empty", func(t *testing.T) {
+ s := newConnections[conn.Info](nil, nil, balancerConfig.Info{}, false)
+ c, failed := s.GetConn(context.Background())
+ require.Nil(t, c)
+ require.Equal(t, 0, failed)
+ })
+ t.Run("AllGood", func(t *testing.T) {
+ s := newConnections([]conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "1"}, StateField: connectivity.Ready},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "2"}, StateField: connectivity.Ready},
+ }, nil, balancerConfig.Info{}, false)
+ c, failed := s.GetConn(context.Background())
+ require.NotNil(t, c)
+ require.Equal(t, 0, failed)
+ })
+ t.Run("WithBanned", func(t *testing.T) {
+ s := newConnections([]conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "1"}, StateField: connectivity.Ready},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "2"}, StateField: connectivity.TransientFailure},
+ }, nil, balancerConfig.Info{}, false)
+ c, _ := s.GetConn(context.Background())
+ require.Equal(t, &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "1"},
+ StateField: connectivity.Ready,
+ }, c)
+ })
+ t.Run("AllBanned", func(t *testing.T) {
+ s := newConnections([]conn.Info{
+ &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "t1", LocationField: "t"},
+ StateField: connectivity.TransientFailure,
+ },
+ &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "f2", LocationField: "f"},
+ StateField: connectivity.TransientFailure,
+ },
+ }, func(info balancerConfig.Info, c conn.Info) bool {
+ return c.Location() == info.SelfLocation
+ }, balancerConfig.Info{}, true)
+ preferred := 0
+ fallback := 0
+ for i := 0; i < 100; i++ {
+ c, failed := s.GetConn(context.Background())
+ require.NotNil(t, c)
+ require.Equal(t, 2, failed)
+ if c.Address() == "t1" {
+ preferred++
+ } else {
+ fallback++
+ }
+ }
+ require.Equal(t, 100, preferred+fallback)
+ require.InDelta(t, 50, preferred, 21)
+ require.InDelta(t, 50, fallback, 21)
+ })
+ t.Run("PreferBannedWithFallback", func(t *testing.T) {
+ s := newConnections([]conn.Info{
+ &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "t1", LocationField: "t"},
+ StateField: connectivity.TransientFailure,
+ },
+ &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "f2", LocationField: "f"},
+ StateField: connectivity.Ready,
+ },
+ }, func(info balancerConfig.Info, c conn.Info) bool {
+ return c.Location() == info.SelfLocation
+ }, balancerConfig.Info{SelfLocation: "t"}, true)
+ c, failed := s.GetConn(context.Background())
+ require.Equal(t, &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "f2", LocationField: "f"},
+ StateField: connectivity.Ready,
+ }, c)
+ require.Equal(t, 1, failed)
+ })
+ t.Run("PreferNodeID", func(t *testing.T) {
+ s := newConnections([]conn.Info{
+ &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "1", NodeIDField: 1},
+ StateField: connectivity.Ready,
+ },
+ &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "2", NodeIDField: 2},
+ StateField: connectivity.Ready,
+ },
+ }, nil, balancerConfig.Info{}, false)
+ c, failed := s.GetConn(WithEndpoint(
+ context.Background(),
+ &mock.Endpoint{AddressField: "2", NodeIDField: 2},
+ ))
+ require.Equal(t, &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "2", NodeIDField: 2},
+ StateField: connectivity.Ready,
+ }, c)
+ require.Equal(t, 0, failed)
+ })
+ t.Run("PreferNodeIDWithBadState", func(t *testing.T) {
+ s := newConnections([]conn.Info{
+ &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "1", NodeIDField: 1},
+ StateField: connectivity.Ready,
+ },
+ &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "2", NodeIDField: 2},
+ StateField: connectivity.TransientFailure,
+ },
+ }, nil, balancerConfig.Info{}, false)
+ c, failed := s.GetConn(WithEndpoint(context.Background(), &mock.Endpoint{AddressField: "2", NodeIDField: 2}))
+ require.Equal(t, &mock.Conn{
+ EndpointField: &mock.Endpoint{AddressField: "1", NodeIDField: 1},
+ StateField: connectivity.Ready,
+ }, c)
+ require.Equal(t, 0, failed)
+ })
+}
+
+func TestWithBadConn(t *testing.T) {
+ s := newConnections([]conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "1", NodeIDField: 1}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "2", NodeIDField: 2}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "3", NodeIDField: 3}},
+ }, nil, balancerConfig.Info{}, false)
+ require.Equal(t, []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "1", NodeIDField: 1}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "2", NodeIDField: 2}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "3", NodeIDField: 3}},
+ }, s.all)
+ require.Equal(t, []conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "1", NodeIDField: 1}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "2", NodeIDField: 2}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "3", NodeIDField: 3}},
+ }, s.prefer)
+ require.Empty(t, s.fallback)
+ s, has := s.withBadConn(&mock.Conn{EndpointField: &mock.Endpoint{AddressField: "1", NodeIDField: 1}})
+ require.True(t, has)
+ require.Equal(t, newConnections([]conn.Info{
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "1", NodeIDField: 1}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "2", NodeIDField: 2}},
+ &mock.Conn{EndpointField: &mock.Endpoint{AddressField: "3", NodeIDField: 3}},
+ }, func(info balancerConfig.Info, c conn.Info) bool {
+ return c.NodeID() != 1
+ }, balancerConfig.Info{}, true), s)
+}
diff --git a/internal/balancer/ctx.go b/internal/balancer/context.go
similarity index 94%
rename from internal/balancer/ctx.go
rename to internal/balancer/context.go
index 9b4aeb209..ec4ed7859 100644
--- a/internal/balancer/ctx.go
+++ b/internal/balancer/context.go
@@ -1,6 +1,8 @@
package balancer
-import "context"
+import (
+ "context"
+)
type (
ctxEndpointKey struct{}
diff --git a/internal/balancer/errors.go b/internal/balancer/errors.go
new file mode 100644
index 000000000..190507489
--- /dev/null
+++ b/internal/balancer/errors.go
@@ -0,0 +1,9 @@
+package balancer
+
+import (
+ "errors"
+
+ "github.com/ydb-platform/ydb-go-sdk/v3/internal/xerrors"
+)
+
+var errBalancerClosed = xerrors.Wrap(errors.New("balancer closed"))
diff --git a/internal/balancer/local_dc.go b/internal/balancer/local_dc.go
index b1ee2e086..be6ce337f 100644
--- a/internal/balancer/local_dc.go
+++ b/internal/balancer/local_dc.go
@@ -112,7 +112,7 @@ func detectFastestEndpoint(ctx context.Context, endpoints []endpoint.Endpoint) (
return addressToEndpoint[fastestAddress], nil
}
-func detectLocalDC(ctx context.Context, endpoints []endpoint.Endpoint) (string, error) {
+func detectLocalDC(ctx context.Context, endpoints []endpoint.Info) (string, error) {
if len(endpoints) == 0 {
return "", xerrors.WithStackTrace(ErrNoEndpoints)
}
@@ -174,7 +174,7 @@ func getRandomEndpoints(endpoints []endpoint.Endpoint, count int) []endpoint.End
return res
}
-func splitEndpointsByLocation(endpoints []endpoint.Endpoint) map[string][]endpoint.Endpoint {
+func splitEndpointsByLocation(endpoints []endpoint.Info) map[string][]endpoint.Endpoint {
res := make(map[string][]endpoint.Endpoint)
for _, ep := range endpoints {
location := ep.Location()
diff --git a/internal/balancer/local_dc_test.go b/internal/balancer/local_dc_test.go
index 2eab1e9a8..9f599ca0e 100644
--- a/internal/balancer/local_dc_test.go
+++ b/internal/balancer/local_dc_test.go
@@ -18,7 +18,7 @@ import (
var localIP = net.IPv4(127, 0, 0, 1)
type discoveryMock struct {
- endpoints []endpoint.Endpoint
+ endpoints []endpoint.Info
}
// implement discovery.Client
@@ -26,7 +26,7 @@ func (d discoveryMock) Close(ctx context.Context) error {
return nil
}
-func (d discoveryMock) Discover(ctx context.Context) ([]endpoint.Endpoint, error) {
+func (d discoveryMock) Discover(ctx context.Context) ([]endpoint.Info, error) {
return d.endpoints, nil
}
@@ -106,9 +106,9 @@ func TestDetectLocalDC(t *testing.T) {
listen2Addr := listen2.Addr().String()
_ = listen2.Close() // force close, for not accept tcp connections
- dc, err := detectLocalDC(ctx, []endpoint.Endpoint{
- &mock.Endpoint{LocationField: "a", AddrField: "grpc://" + listen1.Addr().String()},
- &mock.Endpoint{LocationField: "b", AddrField: "grpc://" + listen2Addr},
+ dc, err := detectLocalDC(ctx, []endpoint.Info{
+ &mock.Endpoint{LocationField: "a", AddressField: "grpc://" + listen1.Addr().String()},
+ &mock.Endpoint{LocationField: "b", AddressField: "grpc://" + listen2Addr},
})
require.NoError(t, err)
require.Equal(t, "a", dc)
@@ -119,7 +119,7 @@ func TestDetectLocalDC(t *testing.T) {
require.Error(t, err)
})
t.Run("OneDC", func(t *testing.T) {
- res, err := detectLocalDC(ctx, []endpoint.Endpoint{
+ res, err := detectLocalDC(ctx, []endpoint.Info{
&mock.Endpoint{LocationField: "a"},
&mock.Endpoint{LocationField: "a"},
})
@@ -134,15 +134,14 @@ func TestLocalDCDiscovery(t *testing.T) {
config.WithBalancer(balancers.PreferLocalDC(balancers.Default())),
)
r := &Balancer{
- driverConfig: cfg,
- config: *cfg.Balancer(),
- pool: conn.NewPool(context.Background(), cfg),
- discoveryClient: discoveryMock{endpoints: []endpoint.Endpoint{
- &mock.Endpoint{AddrField: "a:123", LocationField: "a"},
- &mock.Endpoint{AddrField: "b:234", LocationField: "b"},
- &mock.Endpoint{AddrField: "c:456", LocationField: "c"},
+ config: cfg.Balancer(),
+ pool: conn.NewPool(context.Background(), cfg),
+ discoveryClient: discoveryMock{endpoints: []endpoint.Info{
+ &mock.Endpoint{AddressField: "a:123", LocationField: "a"},
+ &mock.Endpoint{AddressField: "b:234", LocationField: "b"},
+ &mock.Endpoint{AddressField: "c:456", LocationField: "c"},
}},
- localDCDetector: func(ctx context.Context, endpoints []endpoint.Endpoint) (string, error) {
+ localDCDetector: func(ctx context.Context, endpoints []endpoint.Info) (string, error) {
return "b", nil
},
}
@@ -151,9 +150,9 @@ func TestLocalDCDiscovery(t *testing.T) {
require.NoError(t, err)
for i := 0; i < 100; i++ {
- conn, _ := r.connections().GetConnection(ctx)
- require.Equal(t, "b:234", conn.Endpoint().Address())
- require.Equal(t, "b", conn.Endpoint().Location())
+ conn, _ := r.connections.Load().GetConn(ctx)
+ require.Equal(t, "b:234", conn.Address())
+ require.Equal(t, "b", conn.Location())
}
}
@@ -210,9 +209,9 @@ func TestExtractHostPort(t *testing.T) {
func TestGetRandomEndpoints(t *testing.T) {
source := []endpoint.Endpoint{
- &mock.Endpoint{AddrField: "a"},
- &mock.Endpoint{AddrField: "b"},
- &mock.Endpoint{AddrField: "c"},
+ &mock.Endpoint{AddressField: "a"},
+ &mock.Endpoint{AddressField: "b"},
+ &mock.Endpoint{AddressField: "c"},
}
t.Run("ReturnSource", func(t *testing.T) {
diff --git a/internal/conn/cc_guard.go b/internal/conn/cc_guard.go
new file mode 100644
index 000000000..01ea755b3
--- /dev/null
+++ b/internal/conn/cc_guard.go
@@ -0,0 +1,81 @@
+package conn
+
+import (
+ "context"
+ "sync"
+
+ "google.golang.org/grpc"
+ "google.golang.org/grpc/connectivity"
+
+ "github.com/ydb-platform/ydb-go-sdk/v3/internal/xerrors"
+)
+
+type ccGuard struct {
+ dial func(ctx context.Context) (cc *grpc.ClientConn, err error)
+ cc *grpc.ClientConn
+ mu sync.RWMutex
+}
+
+func newCcGuard(dial func(ctx context.Context) (cc *grpc.ClientConn, err error)) *ccGuard {
+ return &ccGuard{
+ dial: dial,
+ }
+}
+
+func (g *ccGuard) Get(ctx context.Context) (*grpc.ClientConn, error) {
+ g.mu.Lock()
+ defer g.mu.Unlock()
+
+ if g.cc != nil {
+ return g.cc, nil
+ }
+
+ cc, err := g.dial(ctx)
+ if err != nil {
+ return nil, xerrors.WithStackTrace(err)
+ }
+
+ g.cc = cc
+
+ return cc, nil
+}
+
+func (g *ccGuard) Ready() bool {
+ g.mu.Lock()
+ defer g.mu.Unlock()
+
+ return g.ready()
+}
+
+func (g *ccGuard) ready() bool {
+ return g.cc != nil && g.cc.GetState() == connectivity.Ready
+}
+
+func (g *ccGuard) State() State {
+ g.mu.RLock()
+ defer g.mu.RUnlock()
+
+ if g.cc == nil {
+ return connectivity.Idle
+ }
+
+ return g.cc.GetState()
+}
+
+func (g *ccGuard) Close(ctx context.Context) error {
+ g.mu.Lock()
+ defer g.mu.Unlock()
+
+ if g.cc == nil {
+ return nil
+ }
+
+ err := g.cc.Close()
+ g.cc = nil
+
+ if err != nil {
+ return xerrors.WithStackTrace(err)
+ }
+
+ return nil
+}
diff --git a/internal/conn/conn.go b/internal/conn/conn.go
index 8192e38e7..a357043b8 100644
--- a/internal/conn/conn.go
+++ b/internal/conn/conn.go
@@ -3,13 +3,11 @@ package conn
import (
"context"
"fmt"
- "sync"
"sync/atomic"
"time"
"github.com/ydb-platform/ydb-go-genproto/protos/Ydb"
"google.golang.org/grpc"
- "google.golang.org/grpc/connectivity"
"google.golang.org/grpc/metadata"
"google.golang.org/grpc/stats"
@@ -29,112 +27,85 @@ var (
// errClosedConnection specified error when connection are closed early
errClosedConnection = xerrors.Wrap(fmt.Errorf("connection closed early"))
-
- // errUnavailableConnection specified error when connection are closed early
- errUnavailableConnection = xerrors.Wrap(fmt.Errorf("connection unavailable"))
)
-type Conn interface {
- grpc.ClientConnInterface
+type (
+ Info interface {
+ endpoint.Info
- Endpoint() endpoint.Endpoint
+ State() State
+ Ready() bool
+ }
+ Conn interface {
+ grpc.ClientConnInterface
+ Info
+ }
+)
- LastUsage() time.Time
+type lazyConn struct {
+ config Config // ro access
+ endpoint endpoint.Info // ro access
- Ping(ctx context.Context) error
- IsState(states ...State) bool
- GetState() State
- SetState(ctx context.Context, state State) State
- Unban(ctx context.Context) State
-}
+ cc *ccGuard
-type conn struct {
- mtx sync.RWMutex
- config Config // ro access
- cc *grpc.ClientConn
- done chan struct{}
- endpoint endpoint.Endpoint // ro access
- closed bool
- state atomic.Uint32
- childStreams *xcontext.CancelsGuard
- lastUsage xsync.LastUsage
- onClose []func(*conn)
- onTransportErrors []func(ctx context.Context, cc Conn, cause error)
-}
+ inUse inUseGuard
-func (c *conn) Address() string {
- return c.endpoint.Address()
-}
+ childStreams *xcontext.CancelsGuard
-func (c *conn) Ping(ctx context.Context) error {
- cc, err := c.realConn(ctx)
- if err != nil {
- return c.wrapError(err)
- }
- if !isAvailable(cc) {
- return c.wrapError(errUnavailableConnection)
- }
+ lastUsage xsync.LastUsage
- return nil
+ onClose []func(*lazyConn)
}
-func (c *conn) LastUsage() time.Time {
- c.mtx.RLock()
- defer c.mtx.RUnlock()
+func (c *lazyConn) String() string {
+ return c.endpoint.String()
+}
- return c.lastUsage.Get()
+func (c *lazyConn) Location() string {
+ return c.endpoint.Location()
}
-func (c *conn) IsState(states ...State) bool {
- state := State(c.state.Load())
- for _, s := range states {
- if s == state {
- return true
- }
- }
+func (c *lazyConn) LastUpdated() time.Time {
+ return c.endpoint.LastUpdated()
+}
- return false
+func (c *lazyConn) LoadFactor() float32 {
+ return c.endpoint.LoadFactor()
}
-func (c *conn) NodeID() uint32 {
- if c != nil {
- return c.endpoint.NodeID()
- }
+func (c *lazyConn) Address() string {
+ return c.endpoint.Address()
+}
- return 0
+func (c *lazyConn) NodeID() uint32 {
+ return c.endpoint.NodeID()
}
-func (c *conn) park(ctx context.Context) (err error) {
+func (c *lazyConn) park(ctx context.Context) (finalErr error) {
onDone := trace.DriverOnConnPark(
c.config.Trace(), &ctx,
- stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*conn).park"),
+ stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*lazyConn).park"),
c.Endpoint(),
)
defer func() {
- onDone(err)
+ onDone(finalErr)
}()
- c.mtx.Lock()
- defer c.mtx.Unlock()
-
- if c.closed {
+ locked, unlock := c.inUse.TryLock()
+ if !locked {
return nil
}
+ defer unlock()
- if c.cc == nil {
- return nil
- }
-
- err = c.close(ctx)
-
+ err := c.cc.Close(ctx)
if err != nil {
- return c.wrapError(err)
+ return xerrors.WithStackTrace(err)
}
return nil
}
-func (c *conn) Endpoint() endpoint.Endpoint {
+func (c *lazyConn) Endpoint() endpoint.Info {
if c != nil {
return c.endpoint
}
@@ -142,164 +113,40 @@ func (c *conn) Endpoint() endpoint.Endpoint {
return nil
}
-func (c *conn) SetState(ctx context.Context, s State) State {
- return c.setState(ctx, s)
-}
-
-func (c *conn) setState(ctx context.Context, s State) State {
- if state := State(c.state.Swap(uint32(s))); state != s {
- trace.DriverOnConnStateChange(
- c.config.Trace(), &ctx,
- stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*conn).setState"),
- c.endpoint.Copy(), state,
- )(s)
- }
-
- return s
-}
-
-func (c *conn) Unban(ctx context.Context) State {
- var newState State
- c.mtx.RLock()
- cc := c.cc
- c.mtx.RUnlock()
- if isAvailable(cc) {
- newState = Online
- } else {
- newState = Offline
- }
-
- c.setState(ctx, newState)
-
- return newState
-}
-
-func (c *conn) GetState() (s State) {
- return State(c.state.Load())
-}
-
-func (c *conn) realConn(ctx context.Context) (cc *grpc.ClientConn, err error) {
- if c.isClosed() {
- return nil, c.wrapError(errClosedConnection)
- }
-
- c.mtx.Lock()
- defer c.mtx.Unlock()
-
- if c.cc != nil {
- return c.cc, nil
- }
-
- if dialTimeout := c.config.DialTimeout(); dialTimeout > 0 {
- var cancel context.CancelFunc
- ctx, cancel = xcontext.WithTimeout(ctx, dialTimeout)
- defer cancel()
- }
-
- onDone := trace.DriverOnConnDial(
- c.config.Trace(), &ctx,
- stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*conn).realConn"),
- c.endpoint.Copy(),
- )
- defer func() {
- onDone(err)
- }()
-
- // prepend "ydb" scheme for grpc dns-resolver to find the proper scheme
- // three slashes in "ydb:///" is ok. It needs for good parse scheme in grpc resolver.
- address := "ydb:///" + c.endpoint.Address()
-
- cc, err = grpc.DialContext(ctx, address, append(
- []grpc.DialOption{
- grpc.WithStatsHandler(statsHandler{}),
- }, c.config.GrpcDialOptions()...,
- )...)
- if err != nil {
- if xerrors.IsContextError(err) {
- return nil, xerrors.WithStackTrace(err)
- }
-
- defer func() {
- c.onTransportError(ctx, err)
- }()
-
- err = xerrors.Transport(err,
- xerrors.WithAddress(address),
- )
-
- return nil, c.wrapError(
- xerrors.Retryable(err,
- xerrors.WithName("realConn"),
- ),
- )
- }
-
- c.cc = cc
- c.setState(ctx, Online)
-
- return c.cc, nil
-}
-
-func (c *conn) onTransportError(ctx context.Context, cause error) {
- for _, onTransportError := range c.onTransportErrors {
- onTransportError(ctx, c, cause)
- }
+func (c *lazyConn) Ready() bool {
+ return Ready(c.cc.State())
}
-func isAvailable(raw *grpc.ClientConn) bool {
- return raw != nil && raw.GetState() == connectivity.Ready
+func (c *lazyConn) State() State {
+ return c.cc.State()
}
-// conn must be locked
-func (c *conn) close(ctx context.Context) (err error) {
- if c.cc == nil {
- return nil
- }
- err = c.cc.Close()
- c.cc = nil
- c.setState(ctx, Offline)
-
- return c.wrapError(err)
-}
-
-func (c *conn) isClosed() bool {
- c.mtx.RLock()
- defer c.mtx.RUnlock()
-
- return c.closed
-}
-
-func (c *conn) Close(ctx context.Context) (err error) {
- c.mtx.Lock()
- defer c.mtx.Unlock()
-
- if c.closed {
- return nil
- }
-
+func (c *lazyConn) Close(ctx context.Context) (finalErr error) {
onDone := trace.DriverOnConnClose(
c.config.Trace(), &ctx,
- stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*conn).Close"),
+ stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*lazyConn).Close"),
c.Endpoint(),
)
defer func() {
- onDone(err)
+ onDone(finalErr)
}()
- c.closed = true
-
- err = c.close(ctx)
-
- c.setState(ctx, Destroyed)
+ defer func() {
+ for _, onClose := range c.onClose {
+ onClose(c)
+ }
+ c.inUse.Stop()
+ }()
- for _, onClose := range c.onClose {
- onClose(c)
+ err := c.cc.Close(ctx)
+ if err != nil {
+ return xerrors.WithStackTrace(err)
}
- return c.wrapError(err)
+ return nil
}
-func (c *conn) Invoke(
+func (c *lazyConn) Invoke(
ctx context.Context,
method string,
req interface{},
@@ -312,7 +159,7 @@ func (c *conn) Invoke(
useWrapping = UseWrapping(ctx)
onDone = trace.DriverOnConnInvoke(
c.config.Trace(), &ctx,
- stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*conn).Invoke"),
+ stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*lazyConn).Invoke"),
c.endpoint, trace.Method(method),
)
cc *grpc.ClientConn
@@ -320,10 +167,16 @@ func (c *conn) Invoke(
)
defer func() {
meta.CallTrailerCallback(ctx, md)
- onDone(err, issues, opID, c.GetState(), md)
+ onDone(err, issues, opID, c.State(), md)
}()
- cc, err = c.realConn(ctx)
+ locked, unlock := c.inUse.TryLock()
+ if !locked {
+ return xerrors.WithStackTrace(errClosedConnection)
+ }
+ defer unlock()
+
+ cc, err = c.cc.Get(ctx)
if err != nil {
return c.wrapError(err)
}
@@ -340,15 +193,7 @@ func (c *conn) Invoke(
err = cc.Invoke(ctx, method, req, res, append(opts, grpc.Trailer(&md))...)
if err != nil {
- if xerrors.IsContextError(err) {
- return xerrors.WithStackTrace(err)
- }
-
- defer func() {
- c.onTransportError(ctx, err)
- }()
-
- if useWrapping {
+ if xerrors.IsTransportError(err) && useWrapping {
err = xerrors.Transport(err,
xerrors.WithAddress(c.Address()),
xerrors.WithTraceID(traceID),
@@ -360,7 +205,7 @@ func (c *conn) Invoke(
return c.wrapError(err)
}
- return err
+ return xerrors.WithStackTrace(err)
}
if o, ok := res.(response.Response); ok {
@@ -389,7 +234,7 @@ func (c *conn) Invoke(
}
//nolint:funlen
-func (c *conn) NewStream(
+func (c *lazyConn) NewStream(
ctx context.Context,
desc *grpc.StreamDesc,
method string,
@@ -398,17 +243,23 @@ func (c *conn) NewStream(
var (
onDone = trace.DriverOnConnNewStream(
c.config.Trace(), &ctx,
- stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*conn).NewStream"),
- c.endpoint.Copy(), trace.Method(method),
+ stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*lazyConn).NewStream"),
+ c.endpoint, trace.Method(method),
)
useWrapping = UseWrapping(ctx)
)
defer func() {
- onDone(finalErr, c.GetState())
+ onDone(finalErr, c.State())
}()
- cc, err := c.realConn(ctx)
+ locked, unlock := c.inUse.TryLock()
+ if !locked {
+ return nil, xerrors.WithStackTrace(errClosedConnection)
+ }
+ defer unlock()
+
+ cc, err := c.cc.Get(ctx)
if err != nil {
return nil, c.wrapError(err)
}
@@ -437,15 +288,7 @@ func (c *conn) NewStream(
c.childStreams.Forget(&cancel)
}))...)
if err != nil {
- if xerrors.IsContextError(err) {
- return nil, xerrors.WithStackTrace(err)
- }
-
- defer func() {
- c.onTransportError(ctx, err)
- }()
-
- if useWrapping {
+ if xerrors.IsTransportError(err) && useWrapping {
err = xerrors.Transport(err,
xerrors.WithAddress(c.Address()),
xerrors.WithTraceID(traceID),
@@ -457,7 +300,7 @@ func (c *conn) NewStream(
return s, c.wrapError(err)
}
- return s, err
+ return nil, xerrors.WithStackTrace(err)
}
return &grpcClientStream{
@@ -473,7 +316,7 @@ func (c *conn) NewStream(
}, nil
}
-func (c *conn) wrapError(err error) error {
+func (c *lazyConn) wrapError(err error) error {
if err == nil {
return nil
}
@@ -482,49 +325,93 @@ func (c *conn) wrapError(err error) error {
return xerrors.WithStackTrace(nodeErr, xerrors.WithSkipDepth(1))
}
-type option func(c *conn)
+type option func(c *lazyConn)
-func withOnClose(onClose func(*conn)) option {
- return func(c *conn) {
+func withOnClose(onClose func(*lazyConn)) option {
+ return func(c *lazyConn) {
if onClose != nil {
c.onClose = append(c.onClose, onClose)
}
}
}
-func withOnTransportError(onTransportError func(ctx context.Context, cc Conn, cause error)) option {
- return func(c *conn) {
- if onTransportError != nil {
- c.onTransportErrors = append(c.onTransportErrors, onTransportError)
- }
+func dial(
+ ctx context.Context,
+ t *trace.Driver,
+ e endpoint.Info,
+ opts ...grpc.DialOption,
+) (_ *grpc.ClientConn, finalErr error) {
+ onDone := trace.DriverOnConnDial(
+ t, &ctx,
+ stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.dial"),
+ e,
+ )
+ defer func() {
+ onDone(finalErr)
+ }()
+
+ // prepend "ydb" scheme for grpc dns-resolver to find the proper scheme
+ // three slashes in "ydb:///" is ok. It needs for good parse scheme in grpc resolver.
+ address := "ydb:///" + e.Address()
+
+ cc, err := grpc.DialContext(ctx, address, append(
+ []grpc.DialOption{
+ grpc.WithStatsHandler(statsHandler{}),
+ }, opts...,
+ )...)
+ if err != nil {
+ return nil, xerrors.WithStackTrace(err)
}
+
+ return cc, nil
}
-func newConn(e endpoint.Endpoint, config Config, opts ...option) *conn {
- c := &conn{
+func newConn(e endpoint.Info, config Config, opts ...option) *lazyConn {
+ c := &lazyConn{
endpoint: e,
config: config,
- done: make(chan struct{}),
lastUsage: xsync.NewLastUsage(),
childStreams: xcontext.NewCancelsGuard(),
- onClose: []func(*conn){
- func(c *conn) {
+ onClose: []func(*lazyConn){
+ func(c *lazyConn) {
c.childStreams.Cancel()
+ c.inUse.Stop()
},
},
}
- c.state.Store(uint32(Created))
for _, opt := range opts {
if opt != nil {
opt(c)
}
}
+ c.cc = newCcGuard(func(ctx context.Context) (*grpc.ClientConn, error) {
+ if dialTimeout := c.config.DialTimeout(); dialTimeout > 0 {
+ var cancel context.CancelFunc
+ ctx, cancel = xcontext.WithTimeout(ctx, dialTimeout)
+ defer cancel()
+ }
- return c
-}
+ cc, err := dial(ctx, c.config.Trace(), c.endpoint, c.config.GrpcDialOptions()...)
+ if err != nil {
+ if xerrors.IsTransportError(err) {
+ return nil, xerrors.WithStackTrace(
+ xerrors.Retryable(
+ xerrors.Transport(err,
+ xerrors.WithAddress(c.endpoint.Address()),
+ ),
+ ),
+ )
+ }
+
+ return nil, xerrors.WithStackTrace(
+ xerrors.Retryable(err, xerrors.WithName("dial")),
+ )
+ }
-func New(e endpoint.Endpoint, config Config, opts ...option) Conn {
- return newConn(e, config, opts...)
+ return cc, nil
+ })
+
+ return c
}
var _ stats.Handler = statsHandler{}
diff --git a/internal/conn/grpc_client_stream.go b/internal/conn/grpc_client_stream.go
index 32377e5ab..58e63eebe 100644
--- a/internal/conn/grpc_client_stream.go
+++ b/internal/conn/grpc_client_stream.go
@@ -17,134 +17,159 @@ import (
type grpcClientStream struct {
grpc.ClientStream
ctx context.Context
- c *conn
+ c *lazyConn
wrapping bool
traceID string
sentMark *modificationMark
onDone func(ctx context.Context, md metadata.MD)
}
-func (s *grpcClientStream) CloseSend() (err error) {
+func (s *grpcClientStream) CloseSend() (finalErr error) {
onDone := trace.DriverOnConnStreamCloseSend(s.c.config.Trace(), &s.ctx,
stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*grpcClientStream).CloseSend"),
)
defer func() {
- onDone(err)
+ onDone(finalErr)
}()
+ locked, unlock := s.c.inUse.TryLock()
+ if !locked {
+ return xerrors.WithStackTrace(errClosedConnection)
+ }
+ defer unlock()
+
stop := s.c.lastUsage.Start()
defer stop()
- err = s.ClientStream.CloseSend()
-
+ err := s.ClientStream.CloseSend()
if err != nil {
- if xerrors.IsContextError(err) {
+ if !s.wrapping {
+ return err
+ }
+
+ if !xerrors.IsTransportError(err) {
return xerrors.WithStackTrace(err)
}
- if s.wrapping {
+ if s.sentMark.canRetry() {
return s.wrapError(
- xerrors.Transport(
- err,
- xerrors.WithAddress(s.c.Address()),
- xerrors.WithTraceID(s.traceID),
+ xerrors.Retryable(
+ xerrors.Transport(err,
+ xerrors.WithAddress(s.c.Address()),
+ xerrors.WithTraceID(s.traceID),
+ ),
+ xerrors.WithName("CloseSend"),
),
)
}
- return s.wrapError(err)
+ return s.wrapError(xerrors.Transport(err,
+ xerrors.WithAddress(s.c.Address()),
+ xerrors.WithTraceID(s.traceID),
+ ))
}
return nil
}
-func (s *grpcClientStream) SendMsg(m interface{}) (err error) {
+func (s *grpcClientStream) SendMsg(m interface{}) (finalErr error) {
onDone := trace.DriverOnConnStreamSendMsg(s.c.config.Trace(), &s.ctx,
stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*grpcClientStream).SendMsg"),
)
defer func() {
- onDone(err)
+ onDone(finalErr)
}()
+ locked, unlock := s.c.inUse.TryLock()
+ if !locked {
+ return xerrors.WithStackTrace(errClosedConnection)
+ }
+ defer unlock()
+
stop := s.c.lastUsage.Start()
defer stop()
- err = s.ClientStream.SendMsg(m)
-
+ err := s.ClientStream.SendMsg(m)
if err != nil {
- if xerrors.IsContextError(err) {
- return xerrors.WithStackTrace(err)
+ if !s.wrapping {
+ return err
}
- defer func() {
- s.c.onTransportError(s.Context(), err)
- }()
+ if !xerrors.IsTransportError(err) {
+ return xerrors.WithStackTrace(err)
+ }
- if s.wrapping {
- err = xerrors.Transport(err,
- xerrors.WithAddress(s.c.Address()),
- xerrors.WithTraceID(s.traceID),
- )
- if s.sentMark.canRetry() {
- return s.wrapError(xerrors.Retryable(err,
+ if s.sentMark.canRetry() {
+ return s.wrapError(
+ xerrors.Retryable(
+ xerrors.Transport(err,
+ xerrors.WithAddress(s.c.Address()),
+ xerrors.WithTraceID(s.traceID),
+ ),
xerrors.WithName("SendMsg"),
- ))
- }
-
- return s.wrapError(err)
+ ),
+ )
}
- return err
+ return s.wrapError(xerrors.Transport(err,
+ xerrors.WithAddress(s.c.Address()),
+ xerrors.WithTraceID(s.traceID),
+ ))
}
return nil
}
-func (s *grpcClientStream) RecvMsg(m interface{}) (err error) {
+func (s *grpcClientStream) RecvMsg(m interface{}) (finalErr error) {
onDone := trace.DriverOnConnStreamRecvMsg(s.c.config.Trace(), &s.ctx,
stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*grpcClientStream).RecvMsg"),
)
defer func() {
- onDone(err)
+ onDone(finalErr)
}()
+ locked, unlock := s.c.inUse.TryLock()
+ if !locked {
+ return xerrors.WithStackTrace(errClosedConnection)
+ }
+ defer unlock()
+
stop := s.c.lastUsage.Start()
defer stop()
defer func() {
- if err != nil {
+ if finalErr != nil {
md := s.ClientStream.Trailer()
s.onDone(s.ctx, md)
}
}()
- err = s.ClientStream.RecvMsg(m)
+ err := s.ClientStream.RecvMsg(m)
+ if err != nil {
+ if xerrors.Is(err, io.EOF) || !s.wrapping {
+ return io.EOF
+ }
- if err != nil { //nolint:nestif
- if xerrors.IsContextError(err) {
+ if !xerrors.IsTransportError(err) {
return xerrors.WithStackTrace(err)
}
- defer func() {
- if !xerrors.Is(err, io.EOF) {
- s.c.onTransportError(s.Context(), err)
- }
- }()
-
- if s.wrapping {
- err = xerrors.Transport(err,
- xerrors.WithAddress(s.c.Address()),
- )
- if s.sentMark.canRetry() {
- return s.wrapError(xerrors.Retryable(err,
+ if s.sentMark.canRetry() {
+ return s.wrapError(
+ xerrors.Retryable(
+ xerrors.Transport(err,
+ xerrors.WithAddress(s.c.Address()),
+ xerrors.WithTraceID(s.traceID),
+ ),
xerrors.WithName("RecvMsg"),
- ))
- }
-
- return s.wrapError(err)
+ ),
+ )
}
- return err
+ return s.wrapError(xerrors.Transport(err,
+ xerrors.WithAddress(s.c.Address()),
+ xerrors.WithTraceID(s.traceID),
+ ))
}
if s.wrapping {
@@ -154,6 +179,7 @@ func (s *grpcClientStream) RecvMsg(m interface{}) (err error) {
xerrors.Operation(
xerrors.FromOperation(operation),
xerrors.WithAddress(s.c.Address()),
+ xerrors.WithTraceID(s.traceID),
),
)
}
diff --git a/internal/conn/in_use_quard.go b/internal/conn/in_use_quard.go
new file mode 100644
index 000000000..d1bd4b1b8
--- /dev/null
+++ b/internal/conn/in_use_quard.go
@@ -0,0 +1,35 @@
+package conn
+
+import "sync"
+
+type inUseGuard struct {
+ usages sync.WaitGroup
+ mu sync.Mutex
+ stopped bool
+}
+
+func (g *inUseGuard) TryLock() (locked bool, unlock func()) {
+ g.mu.Lock()
+ defer g.mu.Unlock()
+
+ if g.stopped {
+ return false, nil
+ }
+
+ g.usages.Add(1)
+
+ return true, sync.OnceFunc(func() {
+ g.usages.Done()
+ })
+}
+
+func (g *inUseGuard) Stop() {
+ g.mu.Lock()
+ defer g.mu.Unlock()
+
+ g.stopped = true
+
+ g.usages.Wait()
+
+ g.stopped = true
+}
diff --git a/internal/conn/in_use_quard_test.go b/internal/conn/in_use_quard_test.go
new file mode 100644
index 000000000..e49e53f3e
--- /dev/null
+++ b/internal/conn/in_use_quard_test.go
@@ -0,0 +1,52 @@
+package conn
+
+import (
+ "testing"
+ "time"
+
+ "github.com/stretchr/testify/require"
+
+ "github.com/ydb-platform/ydb-go-sdk/v3/internal/xtest"
+)
+
+func TestInUseGuard(t *testing.T) {
+ xtest.TestManyTimes(t, func(t testing.TB) {
+ g := &inUseGuard{}
+ ch := make(chan struct{})
+ unlockFuncs := make([]func(), 10)
+ for i := range unlockFuncs {
+ locked, unlock := g.TryLock()
+ require.True(t, locked)
+ require.NotNil(t, unlock)
+ unlockFuncs[i] = func() {
+ <-ch
+ unlock()
+ }
+ }
+ waitStop := make(chan struct{})
+ go func() {
+ defer func() {
+ close(waitStop)
+ }()
+ g.Stop()
+ }()
+ for i := range unlockFuncs {
+ go func(i int) {
+ unlockFuncs[i]()
+ }(i)
+ }
+ for range unlockFuncs {
+ select {
+ case <-waitStop:
+ require.Fail(t, "unexpected stop signal")
+ case ch <- struct{}{}:
+ }
+ }
+ close(ch)
+ select {
+ case <-waitStop:
+ case <-time.After(time.Second):
+ require.Fail(t, "not stopped after 1 second")
+ }
+ })
+}
diff --git a/internal/conn/pool.go b/internal/conn/pool.go
index 783b7a880..2cc13b016 100644
--- a/internal/conn/pool.go
+++ b/internal/conn/pool.go
@@ -2,14 +2,13 @@ package conn
import (
"context"
- "sync"
"sync/atomic"
"time"
+ "golang.org/x/sync/errgroup"
"google.golang.org/grpc"
- grpcCodes "google.golang.org/grpc/codes"
+ "google.golang.org/grpc/connectivity"
- "github.com/ydb-platform/ydb-go-sdk/v3/internal/closer"
"github.com/ydb-platform/ydb-go-sdk/v3/internal/endpoint"
"github.com/ydb-platform/ydb-go-sdk/v3/internal/stack"
"github.com/ydb-platform/ydb-go-sdk/v3/internal/xcontext"
@@ -18,138 +17,61 @@ import (
"github.com/ydb-platform/ydb-go-sdk/v3/trace"
)
-type connsKey struct {
- address string
- nodeID uint32
-}
-
-type Pool struct {
- usages int64
- config Config
- mtx xsync.RWMutex
- opts []grpc.DialOption
- conns map[connsKey]*conn
- done chan struct{}
-}
+type (
+ Pool struct {
+ usages int64
+ config Config
+ mtx xsync.RWMutex
+ opts []grpc.DialOption
+ conns map[string]*lazyConn
+ done chan struct{}
+ }
+)
-func (p *Pool) Get(endpoint endpoint.Endpoint) Conn {
+func (p *Pool) Get(endpoint endpoint.Info) Conn {
p.mtx.Lock()
defer p.mtx.Unlock()
var (
- address = endpoint.Address()
- cc *conn
- has bool
+ cc *lazyConn
+ has bool
)
- key := connsKey{address, endpoint.NodeID()}
+ address := endpoint.Address()
- if cc, has = p.conns[key]; has {
+ if cc, has = p.conns[address]; has {
return cc
}
- cc = newConn(
- endpoint,
- p.config,
- withOnClose(p.remove),
- withOnTransportError(p.Ban),
- )
+ cc = newConn(endpoint, p.config, withOnClose(p.remove))
- p.conns[key] = cc
+ p.conns[address] = cc
return cc
}
-func (p *Pool) remove(c *conn) {
+func (p *Pool) remove(c *lazyConn) {
p.mtx.Lock()
defer p.mtx.Unlock()
- delete(p.conns, connsKey{c.Endpoint().Address(), c.Endpoint().NodeID()})
-}
-
-func (p *Pool) isClosed() bool {
- select {
- case <-p.done:
- return true
- default:
- return false
- }
-}
-
-func (p *Pool) Ban(ctx context.Context, cc Conn, cause error) {
- if p.isClosed() {
- return
- }
-
- if !xerrors.IsTransportError(cause,
- grpcCodes.ResourceExhausted,
- grpcCodes.Unavailable,
- // grpcCodes.OK,
- // grpcCodes.Canceled,
- // grpcCodes.Unknown,
- // grpcCodes.InvalidArgument,
- // grpcCodes.DeadlineExceeded,
- // grpcCodes.NotFound,
- // grpcCodes.AlreadyExists,
- // grpcCodes.PermissionDenied,
- // grpcCodes.FailedPrecondition,
- // grpcCodes.Aborted,
- // grpcCodes.OutOfRange,
- // grpcCodes.Unimplemented,
- // grpcCodes.Internal,
- // grpcCodes.DataLoss,
- // grpcCodes.Unauthenticated,
- ) {
- return
- }
-
- e := cc.Endpoint().Copy()
-
- p.mtx.RLock()
- defer p.mtx.RUnlock()
-
- cc, ok := p.conns[connsKey{e.Address(), e.NodeID()}]
- if !ok {
- return
- }
-
- trace.DriverOnConnBan(
- p.config.Trace(), &ctx,
- stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*Pool).Ban"),
- e, cc.GetState(), cause,
- )(cc.SetState(ctx, Banned))
+ delete(p.conns, c.Endpoint().Address())
}
-func (p *Pool) Allow(ctx context.Context, cc Conn) {
- if p.isClosed() {
- return
- }
-
- e := cc.Endpoint().Copy()
-
- p.mtx.RLock()
- defer p.mtx.RUnlock()
-
- cc, ok := p.conns[connsKey{e.Address(), e.NodeID()}]
- if !ok {
- return
- }
-
- trace.DriverOnConnAllow(
- p.config.Trace(), &ctx,
- stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*Pool).Allow"),
- e, cc.GetState(),
- )(cc.Unban(ctx))
-}
+func (p *Pool) Attach(ctx context.Context) (finalErr error) {
+ onDone := trace.DriverOnPoolAttach(p.config.Trace(), &ctx,
+ stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*Pool).Attach"),
+ )
+ defer func() {
+ onDone(finalErr)
+ }()
-func (p *Pool) Take(context.Context) error {
atomic.AddInt64(&p.usages, 1)
return nil
}
-func (p *Pool) Release(ctx context.Context) (finalErr error) {
+func (p *Pool) Detach(ctx context.Context) (finalErr error) {
onDone := trace.DriverOnPoolRelease(p.config.Trace(), &ctx,
- stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*Pool).Release"),
+ stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/conn.(*Pool).Detach"),
)
defer func() {
onDone(finalErr)
@@ -161,38 +83,18 @@ func (p *Pool) Release(ctx context.Context) (finalErr error) {
close(p.done)
- var conns []closer.Closer
+ var g errgroup.Group
p.mtx.WithRLock(func() {
- conns = make([]closer.Closer, 0, len(p.conns))
- for _, c := range p.conns {
- conns = append(conns, c)
+ for key := range p.conns {
+ conn := p.conns[key]
+ g.Go(func() error {
+ return conn.Close(ctx)
+ })
}
})
- var (
- errCh = make(chan error, len(conns))
- wg sync.WaitGroup
- )
-
- wg.Add(len(conns))
- for _, c := range conns {
- go func(c closer.Closer) {
- defer wg.Done()
- if err := c.Close(ctx); err != nil {
- errCh <- err
- }
- }(c)
- }
- wg.Wait()
- close(errCh)
-
- issues := make([]error, 0, len(conns))
- for err := range errCh {
- issues = append(issues, err)
- }
-
- if len(issues) > 0 {
- return xerrors.WithStackTrace(xerrors.NewWithIssues("connection pool close failed", issues...))
+ if err := g.Wait(); err != nil {
+ return xerrors.WithStackTrace(err)
}
return nil
@@ -207,9 +109,9 @@ func (p *Pool) connParker(ctx context.Context, ttl, interval time.Duration) {
return
case <-ticker.C:
for _, c := range p.collectConns() {
- if time.Since(c.LastUsage()) > ttl {
- switch c.GetState() {
- case Online, Banned:
+ if time.Since(c.lastUsage.Get()) > ttl {
+ switch c.State() {
+ case connectivity.TransientFailure:
_ = c.park(ctx)
default:
// nop
@@ -220,10 +122,10 @@ func (p *Pool) connParker(ctx context.Context, ttl, interval time.Duration) {
}
}
-func (p *Pool) collectConns() []*conn {
+func (p *Pool) collectConns() []*lazyConn {
p.mtx.RLock()
defer p.mtx.RUnlock()
- conns := make([]*conn, 0, len(p.conns))
+ conns := make([]*lazyConn, 0, len(p.conns))
for _, c := range p.conns {
conns = append(conns, c)
}
@@ -241,7 +143,7 @@ func NewPool(ctx context.Context, config Config) *Pool {
usages: 1,
config: config,
opts: config.GrpcDialOptions(),
- conns: make(map[connsKey]*conn),
+ conns: make(map[string]*lazyConn),
done: make(chan struct{}),
}
diff --git a/internal/conn/state.go b/internal/conn/state.go
index e0c67f73e..b4412bd38 100644
--- a/internal/conn/state.go
+++ b/internal/conn/state.go
@@ -1,40 +1,12 @@
package conn
-type State int8
+import "google.golang.org/grpc/connectivity"
-const (
- Unknown = State(iota)
- Created
- Online
- Banned
- Offline
- Destroyed
-)
+type State = connectivity.State
-func (s State) Code() int {
- return int(s)
-}
-
-func (s State) String() string {
- switch s {
- case Created:
- return "created"
- case Online:
- return "online"
- case Banned:
- return "banned"
- case Offline:
- return "offline"
- case Destroyed:
- return "destroyed"
- default:
- return "unknown"
- }
-}
-
-func (s State) IsValid() bool {
+func Ready(s State) bool {
switch s {
- case Online, Offline, Banned:
+ case connectivity.Idle, connectivity.Ready:
return true
default:
return false
diff --git a/internal/discovery/discovery.go b/internal/discovery/discovery.go
index dfda2660c..1aec9f23c 100644
--- a/internal/discovery/discovery.go
+++ b/internal/discovery/discovery.go
@@ -36,7 +36,7 @@ type Client struct {
}
// Discover cluster endpoints
-func (c *Client) Discover(ctx context.Context) (endpoints []endpoint.Endpoint, err error) {
+func (c *Client) Discover(ctx context.Context) (endpoints []endpoint.Info, err error) {
var (
onDone = trace.DiscoveryOnDiscover(
c.config.Trace(), &ctx,
@@ -53,7 +53,7 @@ func (c *Client) Discover(ctx context.Context) (endpoints []endpoint.Endpoint, e
defer func() {
nodes := make([]trace.EndpointInfo, 0, len(endpoints))
for _, e := range endpoints {
- nodes = append(nodes, e.Copy())
+ nodes = append(nodes, e)
}
onDone(location, nodes, err)
}()
@@ -79,8 +79,7 @@ func (c *Client) Discover(ctx context.Context) (endpoints []endpoint.Endpoint, e
return nil, xerrors.WithStackTrace(err)
}
- location = result.GetSelfLocation()
- endpoints = make([]endpoint.Endpoint, 0, len(result.GetEndpoints()))
+ endpoints = make([]endpoint.Info, 0, len(result.GetEndpoints()))
for _, e := range result.GetEndpoints() {
if e.GetSsl() == c.config.Secure() {
endpoints = append(endpoints, endpoint.New(
@@ -88,7 +87,6 @@ func (c *Client) Discover(ctx context.Context) (endpoints []endpoint.Endpoint, e
endpoint.WithLocation(e.GetLocation()),
endpoint.WithID(e.GetNodeId()),
endpoint.WithLoadFactor(e.GetLoadFactor()),
- endpoint.WithLocalDC(e.GetLocation() == location),
endpoint.WithServices(e.GetService()),
))
}
diff --git a/internal/endpoint/endpoint.go b/internal/endpoint/endpoint.go
index 37a889b81..1991a59d2 100644
--- a/internal/endpoint/endpoint.go
+++ b/internal/endpoint/endpoint.go
@@ -2,128 +2,79 @@ package endpoint
import (
"fmt"
- "sync"
+ "sync/atomic"
"time"
)
-type Info interface {
- NodeID() uint32
- Address() string
- Location() string
- LastUpdated() time.Time
- LoadFactor() float32
-
- // Deprecated: LocalDC check "local" by compare endpoint location with discovery "selflocation" field.
- // It work good only if connection url always point to local dc.
- // Will be removed after Oct 2024.
- // Read about versioning policy: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#deprecated
- LocalDC() bool
+type (
+ Info interface {
+ fmt.Stringer
+
+ NodeID() uint32
+ Address() string
+ Location() string
+ LastUpdated() time.Time
+ LoadFactor() float32
+ }
+)
+
+func Equals(rhs, lhs Info) bool {
+ if rhs.Address() != lhs.Address() {
+ return false
+ }
+ if rhs.NodeID() != lhs.NodeID() {
+ return false
+ }
+ if rhs.Location() != lhs.Location() {
+ return false
+ }
+
+ return true
}
type Endpoint interface {
Info
-
- String() string
- Copy() Endpoint
- Touch(opts ...Option)
}
-type endpoint struct { //nolint:maligned
- mu sync.RWMutex
+type endpoint struct {
id uint32
address string
location string
services []string
- loadFactor float32
- lastUpdated time.Time
+ loadFactor atomic.Pointer[float32]
- local bool
-}
-
-func (e *endpoint) Copy() Endpoint {
- e.mu.RLock()
- defer e.mu.RUnlock()
-
- return &endpoint{
- id: e.id,
- address: e.address,
- location: e.location,
- services: append(make([]string, 0, len(e.services)), e.services...),
- loadFactor: e.loadFactor,
- local: e.local,
- lastUpdated: e.lastUpdated,
- }
+ lastUpdated atomic.Pointer[time.Time]
}
func (e *endpoint) String() string {
- e.mu.RLock()
- defer e.mu.RUnlock()
-
- return fmt.Sprintf(`{id:%d,address:%q,local:%t,location:%q,loadFactor:%f,lastUpdated:%q}`,
+ return fmt.Sprintf(`{id:%d,address:%q,location:%q,loadFactor:%f,lastUpdated:%q}`,
e.id,
e.address,
- e.local,
e.location,
- e.loadFactor,
- e.lastUpdated.Format(time.RFC3339),
+ *e.loadFactor.Load(),
+ e.lastUpdated.Load().Format(time.RFC3339),
)
}
func (e *endpoint) NodeID() uint32 {
- e.mu.RLock()
- defer e.mu.RUnlock()
-
return e.id
}
func (e *endpoint) Address() (address string) {
- e.mu.RLock()
- defer e.mu.RUnlock()
-
return e.address
}
func (e *endpoint) Location() string {
- e.mu.RLock()
- defer e.mu.RUnlock()
-
return e.location
}
-// Deprecated: LocalDC check "local" by compare endpoint location with discovery "selflocation" field.
-// It work good only if connection url always point to local dc.
-// Will be removed after Oct 2024.
-// Read about versioning policy: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#deprecated
-func (e *endpoint) LocalDC() bool {
- e.mu.RLock()
- defer e.mu.RUnlock()
-
- return e.local
-}
-
func (e *endpoint) LoadFactor() float32 {
- e.mu.RLock()
- defer e.mu.RUnlock()
-
- return e.loadFactor
+ return *e.loadFactor.Load()
}
func (e *endpoint) LastUpdated() time.Time {
- e.mu.RLock()
- defer e.mu.RUnlock()
-
- return e.lastUpdated
-}
-
-func (e *endpoint) Touch(opts ...Option) {
- e.mu.Lock()
- defer e.mu.Unlock()
- for _, opt := range append([]Option{withLastUpdated(time.Now())}, opts...) {
- if opt != nil {
- opt(e)
- }
- }
+ return *e.lastUpdated.Load()
}
type Option func(e *endpoint)
@@ -140,15 +91,15 @@ func WithLocation(location string) Option {
}
}
-func WithLocalDC(local bool) Option {
+func WithLoadFactor(loadFactor float32) Option {
return func(e *endpoint) {
- e.local = local
+ e.loadFactor.Store(&loadFactor)
}
}
-func WithLoadFactor(loadFactor float32) Option {
+func WithLastUpdated(lastUpdated time.Time) Option {
return func(e *endpoint) {
- e.loadFactor = loadFactor
+ e.lastUpdated.Store(&lastUpdated)
}
}
@@ -158,17 +109,12 @@ func WithServices(services []string) Option {
}
}
-func withLastUpdated(ts time.Time) Option {
- return func(e *endpoint) {
- e.lastUpdated = ts
- }
-}
-
func New(address string, opts ...Option) *endpoint {
e := &endpoint{
- address: address,
- lastUpdated: time.Now(),
+ address: address,
}
+ t := time.Now()
+ e.lastUpdated.Store(&t)
for _, opt := range opts {
if opt != nil {
opt(e)
diff --git a/internal/mock/conn.go b/internal/mock/conn.go
index b4ceb9f69..8ef922d5b 100644
--- a/internal/mock/conn.go
+++ b/internal/mock/conn.go
@@ -1,129 +1,47 @@
package mock
import (
- "context"
"time"
- "google.golang.org/grpc"
-
"github.com/ydb-platform/ydb-go-sdk/v3/internal/conn"
"github.com/ydb-platform/ydb-go-sdk/v3/internal/endpoint"
)
-type Conn struct {
- PingErr error
- AddrField string
- LocationField string
- NodeIDField uint32
- State conn.State
- LocalDCField bool
-}
-
-func (c *Conn) Invoke(
- ctx context.Context,
- method string,
- args interface{},
- reply interface{},
- opts ...grpc.CallOption,
-) error {
- panic("not implemented in mock")
-}
-
-func (c *Conn) NewStream(ctx context.Context,
- desc *grpc.StreamDesc, method string,
- opts ...grpc.CallOption,
-) (grpc.ClientStream, error) {
- panic("not implemented in mock")
-}
-
-func (c *Conn) Endpoint() endpoint.Endpoint {
- return &Endpoint{
- AddrField: c.AddrField,
- LocalDCField: c.LocalDCField,
- LocationField: c.LocationField,
- NodeIDField: c.NodeIDField,
- }
-}
-
-func (c *Conn) LastUsage() time.Time {
- panic("not implemented in mock")
-}
-
-func (c *Conn) Park(ctx context.Context) (err error) {
- panic("not implemented in mock")
-}
-
-func (c *Conn) Ping(ctx context.Context) error {
- return c.PingErr
-}
+var _ endpoint.Info = (*Conn)(nil)
-func (c *Conn) IsState(states ...conn.State) bool {
- panic("not implemented in mock")
-}
-
-func (c *Conn) GetState() conn.State {
- return c.State
-}
-
-func (c *Conn) SetState(ctx context.Context, state conn.State) conn.State {
- c.State = state
-
- return c.State
-}
-
-func (c *Conn) Unban(ctx context.Context) conn.State {
- c.SetState(ctx, conn.Online)
-
- return conn.Online
-}
-
-type Endpoint struct {
- AddrField string
- LocationField string
- NodeIDField uint32
- LocalDCField bool
-}
-
-func (e *Endpoint) Choose(bool) {
-}
-
-func (e *Endpoint) NodeID() uint32 {
- return e.NodeIDField
+type Conn struct {
+ EndpointField endpoint.Info
+ StateField conn.State
}
-func (e *Endpoint) Address() string {
- return e.AddrField
+func (c *Conn) String() string {
+ return c.EndpointField.String()
}
-// Deprecated: LocalDC check "local" by compare endpoint location with discovery "selflocation" field.
-// It work good only if connection url always point to local dc.
-// Will be removed after Oct 2024.
-// Read about versioning policy: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#deprecated
-func (e *Endpoint) LocalDC() bool {
- return e.LocalDCField
+func (c *Conn) NodeID() uint32 {
+ return c.EndpointField.NodeID()
}
-func (e *Endpoint) Location() string {
- return e.LocationField
+func (c *Conn) Address() string {
+ return c.EndpointField.Address()
}
-func (e *Endpoint) LastUpdated() time.Time {
- panic("not implemented in mock")
+func (c *Conn) Location() string {
+ return c.EndpointField.Location()
}
-func (e *Endpoint) LoadFactor() float32 {
- panic("not implemented in mock")
+func (c *Conn) LastUpdated() time.Time {
+ return c.EndpointField.LastUpdated()
}
-func (e *Endpoint) String() string {
- panic("not implemented in mock")
+func (c *Conn) LoadFactor() float32 {
+ return c.EndpointField.LoadFactor()
}
-func (e *Endpoint) Copy() endpoint.Endpoint {
- c := *e
-
- return &c
+func (c *Conn) Ready() bool {
+ return conn.Ready(c.StateField)
}
-func (e *Endpoint) Touch(opts ...endpoint.Option) {
+func (c *Conn) State() conn.State {
+ return c.StateField
}
diff --git a/internal/mock/endpoint.go b/internal/mock/endpoint.go
new file mode 100644
index 000000000..af539e191
--- /dev/null
+++ b/internal/mock/endpoint.go
@@ -0,0 +1,35 @@
+package mock
+
+import (
+ "time"
+)
+
+type Endpoint struct {
+ AddressField string
+ LocationField string
+ NodeIDField uint32
+}
+
+func (e *Endpoint) NodeID() uint32 {
+ return e.NodeIDField
+}
+
+func (e *Endpoint) Address() string {
+ return e.AddressField
+}
+
+func (e *Endpoint) Location() string {
+ return e.LocationField
+}
+
+func (e *Endpoint) LastUpdated() time.Time {
+ panic("not implemented in mock")
+}
+
+func (e *Endpoint) LoadFactor() float32 {
+ panic("not implemented in mock")
+}
+
+func (e *Endpoint) String() string {
+ panic("not implemented in mock")
+}
diff --git a/internal/query/client.go b/internal/query/client.go
index 3019e83cd..7a4367989 100644
--- a/internal/query/client.go
+++ b/internal/query/client.go
@@ -20,15 +20,6 @@ import (
//go:generate mockgen -destination grpc_client_mock_test.go -package query -write_package_comment=false github.com/ydb-platform/ydb-go-genproto/Ydb_Query_V1 QueryServiceClient,QueryService_AttachSessionClient,QueryService_ExecuteQueryClient
-type nodeChecker interface {
- HasNode(id uint32) bool
-}
-
-type balancer interface {
- grpc.ClientConnInterface
- nodeChecker
-}
-
var _ query.Client = (*Client)(nil)
type Client struct {
@@ -166,7 +157,7 @@ func (c *Client) DoTx(ctx context.Context, op query.TxOperation, opts ...options
}
}
-func New(ctx context.Context, balancer balancer, cfg *config.Config) *Client {
+func New(ctx context.Context, cc grpc.ClientConnInterface, cfg *config.Config) *Client {
onDone := trace.QueryOnNew(cfg.Trace(), &ctx,
stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/query.New"),
)
@@ -174,7 +165,7 @@ func New(ctx context.Context, balancer balancer, cfg *config.Config) *Client {
client := &Client{
config: cfg,
- grpcClient: Ydb_Query_V1.NewQueryServiceClient(balancer),
+ grpcClient: Ydb_Query_V1.NewQueryServiceClient(cc),
done: make(chan struct{}),
}
@@ -195,11 +186,7 @@ func New(ctx context.Context, balancer balancer, cfg *config.Config) *Client {
}
defer cancelCreate()
- s, err := createSession(createCtx, client.grpcClient, cfg,
- withSessionCheck(func(s *Session) bool {
- return balancer.HasNode(uint32(s.nodeID))
- }),
- )
+ s, err := createSession(createCtx, client.grpcClient, cfg)
if err != nil {
return nil, xerrors.WithStackTrace(err)
}
diff --git a/internal/query/tx/control.go b/internal/query/tx/control.go
index a5be2fb21..629907653 100644
--- a/internal/query/tx/control.go
+++ b/internal/query/tx/control.go
@@ -119,6 +119,7 @@ func NewControl(opts ...ControlOption) *Control {
return txControl
}
+// NoTx returns implicit transaction control
func NoTx() *Control {
return nil
}
diff --git a/internal/table/client.go b/internal/table/client.go
index 7d063346b..bfa45c801 100644
--- a/internal/table/client.go
+++ b/internal/table/client.go
@@ -25,16 +25,7 @@ import (
// sessionBuilder is the interface that holds logic of creating sessions.
type sessionBuilder func(ctx context.Context) (*session, error)
-type nodeChecker interface {
- HasNode(id uint32) bool
-}
-
-type balancer interface {
- grpc.ClientConnInterface
- nodeChecker
-}
-
-func New(ctx context.Context, balancer balancer, config *config.Config) *Client {
+func New(ctx context.Context, cc grpc.ClientConnInterface, config *config.Config) *Client {
onDone := trace.TableOnInit(config.Trace(), &ctx,
stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/table.New"),
)
@@ -42,27 +33,26 @@ func New(ctx context.Context, balancer balancer, config *config.Config) *Client
onDone(config.SizeLimit())
}()
- return newClient(ctx, balancer, func(ctx context.Context) (s *session, err error) {
- return newSession(ctx, balancer, config)
+ return newClient(ctx, cc, func(ctx context.Context) (s *session, err error) {
+ return newSession(ctx, cc, config)
}, config)
}
func newClient(
ctx context.Context,
- balancer balancer,
+ cc grpc.ClientConnInterface,
builder sessionBuilder,
config *config.Config,
) *Client {
c := &Client{
- clock: config.Clock(),
- config: config,
- cc: balancer,
- nodeChecker: balancer,
- build: builder,
- index: make(map[*session]sessionInfo),
- idle: list.New(),
- waitQ: list.New(),
- limit: config.SizeLimit(),
+ clock: config.Clock(),
+ config: config,
+ cc: cc,
+ build: builder,
+ index: make(map[*session]sessionInfo),
+ idle: list.New(),
+ waitQ: list.New(),
+ limit: config.SizeLimit(),
waitChPool: sync.Pool{
New: func() interface{} {
ch := make(chan *session)
@@ -84,11 +74,10 @@ func newClient(
// A Client is safe for use by multiple goroutines simultaneously.
type Client struct {
// read-only fields
- config *config.Config
- build sessionBuilder
- cc grpc.ClientConnInterface
- nodeChecker nodeChecker
- clock clockwork.Clock
+ config *config.Config
+ build sessionBuilder
+ cc grpc.ClientConnInterface
+ clock clockwork.Clock
// read-write fields
mu xsync.Mutex
@@ -397,13 +386,6 @@ func (c *Client) internalPoolGet(ctx context.Context, opts ...getOption) (s *ses
})
if s != nil {
- if c.nodeChecker != nil && !c.nodeChecker.HasNode(s.NodeID()) {
- _ = s.Close(ctx)
- s = nil
-
- continue
- }
-
return s, nil
}
@@ -540,10 +522,6 @@ func (c *Client) internalPoolWaitFromCh(ctx context.Context, t *trace.Table) (s
// errClosedClient.
// If Client is overflow calls s.Close(ctx) and returns
// errSessionPoolOverflow.
-//
-// Note that Put() must be called only once after being created or received by
-// Get() or Take() calls. In other way it will produce unexpected behavior or
-// panic.
func (c *Client) Put(ctx context.Context, s *session) (err error) {
onDone := trace.TableOnPoolPut(c.config.Trace(), &ctx,
stack.FunctionID("github.com/ydb-platform/ydb-go-sdk/3/internal/table.(*Client).Put"),
@@ -569,9 +547,6 @@ func (c *Client) Put(ctx context.Context, s *session) (err error) {
case s.isClosed():
return xerrors.WithStackTrace(errSessionClosed)
- case c.nodeChecker != nil && !c.nodeChecker.HasNode(s.NodeID()):
- return xerrors.WithStackTrace(errNodeIsNotObservable)
-
default:
c.mu.Lock()
defer c.mu.Unlock()
diff --git a/internal/table/client_test.go b/internal/table/client_test.go
index 82b7eb6af..0922154c3 100644
--- a/internal/table/client_test.go
+++ b/internal/table/client_test.go
@@ -868,17 +868,17 @@ type StubBuilder struct {
func newClientWithStubBuilder(
t testing.TB,
- balancer balancer,
+ cc grpc.ClientConnInterface,
stubLimit int,
options ...config.Option,
) *Client {
c := newClient(
context.Background(),
- balancer,
+ cc,
(&StubBuilder{
T: t,
Limit: stubLimit,
- cc: balancer,
+ cc: cc,
}).createSession,
config.New(options...),
)
diff --git a/internal/table/errors.go b/internal/table/errors.go
index 4ba5473f0..df23dfd64 100644
--- a/internal/table/errors.go
+++ b/internal/table/errors.go
@@ -32,9 +32,6 @@ var (
// operation could not be completed.
errNoProgress = xerrors.Wrap(errors.New("no progress"))
- // errNodeIsNotObservable returned by a Client instance to indicate that required node is not observable
- errNodeIsNotObservable = xerrors.Wrap(errors.New("node is not observable"))
-
// errParamsRequired returned by a Client instance to indicate that required params is not defined
errParamsRequired = xerrors.Wrap(errors.New("params required"))
)
diff --git a/internal/xerrors/pessimized_error_test.go b/internal/xerrors/pessimized_error_test.go
deleted file mode 100644
index 403587849..000000000
--- a/internal/xerrors/pessimized_error_test.go
+++ /dev/null
@@ -1,106 +0,0 @@
-package xerrors
-
-import (
- "context"
- "errors"
- "fmt"
- "testing"
-
- grpcCodes "google.golang.org/grpc/codes"
- grpcStatus "google.golang.org/grpc/status"
-)
-
-func TestMustPessimizeEndpoint(t *testing.T) {
- for _, test := range []struct {
- error error
- pessimize bool
- }{
- {
- error: Transport(grpcStatus.Error(grpcCodes.Canceled, "")),
- pessimize: true,
- },
- {
- error: Transport(grpcStatus.Error(grpcCodes.Unknown, "")),
- pessimize: true,
- },
- {
- error: Transport(grpcStatus.Error(grpcCodes.InvalidArgument, "")),
- pessimize: true,
- },
- {
- error: Transport(grpcStatus.Error(grpcCodes.DeadlineExceeded, "")),
- pessimize: true,
- },
- {
- error: Transport(grpcStatus.Error(grpcCodes.NotFound, "")),
- pessimize: true,
- },
- {
- error: Transport(grpcStatus.Error(grpcCodes.AlreadyExists, "")),
- pessimize: true,
- },
- {
- error: Transport(grpcStatus.Error(grpcCodes.PermissionDenied, "")),
- pessimize: true,
- },
- {
- error: Transport(grpcStatus.Error(grpcCodes.ResourceExhausted, "")),
- pessimize: false,
- },
- {
- error: Transport(grpcStatus.Error(grpcCodes.FailedPrecondition, "")),
- pessimize: true,
- },
- {
- error: Transport(grpcStatus.Error(grpcCodes.Aborted, "")),
- pessimize: true,
- },
- {
- error: Transport(grpcStatus.Error(grpcCodes.OutOfRange, "")),
- pessimize: false,
- },
- {
- error: Transport(grpcStatus.Error(grpcCodes.Unimplemented, "")),
- pessimize: true,
- },
- {
- error: Transport(grpcStatus.Error(grpcCodes.Internal, "")),
- pessimize: true,
- },
- {
- error: Transport(grpcStatus.Error(grpcCodes.Unavailable, "")),
- pessimize: true,
- },
- {
- error: Transport(grpcStatus.Error(grpcCodes.DataLoss, "")),
- pessimize: true,
- },
- {
- error: Transport(grpcStatus.Error(grpcCodes.Unauthenticated, "")),
- pessimize: true,
- },
- {
- error: context.Canceled,
- pessimize: false,
- },
- {
- error: context.DeadlineExceeded,
- pessimize: false,
- },
- {
- error: fmt.Errorf("user error"),
- pessimize: false,
- },
- } {
- err := errors.Unwrap(test.error)
- if err == nil {
- err = test.error
- }
- t.Run(err.Error(), func(t *testing.T) {
- pessimize := MustPessimizeEndpoint(test.error)
- if pessimize != test.pessimize {
- t.Errorf("unexpected pessimization status for error `%v`: %t, exp: %t", test.error, pessimize, test.pessimize)
- }
- })
- }
-}
diff --git a/internal/xerrors/transport.go b/internal/xerrors/transport.go
index b66f7735c..1fa8c0858 100644
--- a/internal/xerrors/transport.go
+++ b/internal/xerrors/transport.go
@@ -163,7 +163,7 @@ func Transport(err error, opts ...teOpt) error {
return te
}
-func MustPessimizeEndpoint(err error, codes ...grpcCodes.Code) bool {
+func MustBanConn(err error, codes ...grpcCodes.Code) bool {
switch {
case err == nil:
return false
diff --git a/internal/xerrors/transport_test.go b/internal/xerrors/transport_test.go
index d94aa8ee4..527a24269 100644
--- a/internal/xerrors/transport_test.go
+++ b/internal/xerrors/transport_test.go
@@ -1,6 +1,8 @@
package xerrors
import (
+ "context"
+ "errors"
"fmt"
"testing"
@@ -198,3 +200,98 @@ func TestTransportErrorName(t *testing.T) {
})
}
}
+
+func TestMustBanConn(t *testing.T) {
+ for _, test := range []struct {
+ error error
+ pessimize bool
+ }{
+ {
+ error: Transport(grpcStatus.Error(grpcCodes.Canceled, "")),
+ pessimize: true,
+ },
+ {
+ error: Transport(grpcStatus.Error(grpcCodes.Unknown, "")),
+ pessimize: true,
+ },
+ {
+ error: Transport(grpcStatus.Error(grpcCodes.InvalidArgument, "")),
+ pessimize: true,
+ },
+ {
+ error: Transport(grpcStatus.Error(grpcCodes.DeadlineExceeded, "")),
+ pessimize: true,
+ },
+ {
+ error: Transport(grpcStatus.Error(grpcCodes.NotFound, "")),
+ pessimize: true,
+ },
+ {
+ error: Transport(grpcStatus.Error(grpcCodes.AlreadyExists, "")),
+ pessimize: true,
+ },
+ {
+ error: Transport(grpcStatus.Error(grpcCodes.PermissionDenied, "")),
+ pessimize: true,
+ },
+ {
+ error: Transport(grpcStatus.Error(grpcCodes.ResourceExhausted, "")),
+ pessimize: false,
+ },
+ {
+ error: Transport(grpcStatus.Error(grpcCodes.FailedPrecondition, "")),
+ pessimize: true,
+ },
+ {
+ error: Transport(grpcStatus.Error(grpcCodes.Aborted, "")),
+ pessimize: true,
+ },
+ {
+ error: Transport(grpcStatus.Error(grpcCodes.OutOfRange, "")),
+ pessimize: false,
+ },
+ {
+ error: Transport(grpcStatus.Error(grpcCodes.Unimplemented, "")),
+ pessimize: true,
+ },
+ {
+ error: Transport(grpcStatus.Error(grpcCodes.Internal, "")),
+ pessimize: true,
+ },
+ {
+ error: Transport(grpcStatus.Error(grpcCodes.Unavailable, "")),
+ pessimize: true,
+ },
+ {
+ error: Transport(grpcStatus.Error(grpcCodes.DataLoss, "")),
+ pessimize: true,
+ },
+ {
+ error: Transport(grpcStatus.Error(grpcCodes.Unauthenticated, "")),
+ pessimize: true,
+ },
+ {
+ error: context.Canceled,
+ pessimize: false,
+ },
+ {
+ error: context.DeadlineExceeded,
+ pessimize: false,
+ },
+ {
+ error: fmt.Errorf("user error"),
+ pessimize: false,
+ },
+ } {
+ err := errors.Unwrap(test.error)
+ if err == nil {
+ err = test.error
+ }
+ t.Run(err.Error(), func(t *testing.T) {
+ pessimize := MustBanConn(test.error)
+ if pessimize != test.pessimize {
+ t.Errorf("unexpected pessimization status for error `%v`: %t, exp: %t", test.error, pessimize, test.pessimize)
+ }
+ })
+ }
+}
diff --git a/internal/xsync/last_usage_guard_test.go b/internal/xsync/last_usage_guard_test.go
deleted file mode 100644
index 52b390a8d..000000000
--- a/internal/xsync/last_usage_guard_test.go
+++ /dev/null
@@ -1,98 +0,0 @@
-package xsync
-
-import (
- "testing"
- "time"
-
- "github.com/jonboulle/clockwork"
- "github.com/stretchr/testify/require"
-)
-
-func TestLastUsageGuardLock(t *testing.T) {
- t.Run("NowFromLocked", func(t *testing.T) {
- start := time.Unix(0, 0)
- clock := clockwork.NewFakeClockAt(start)
- lu := &lastUsage{
- clock: clock,
- }
- lu.t.Store(&start)
- t1 := lu.Get()
- require.Equal(t, start, t1)
- f := lu.Start()
- clock.Advance(time.Hour)
- t2 := lu.Get()
- require.Equal(t, start.Add(time.Hour), t2)
- clock.Advance(time.Hour)
- f()
- t3 := lu.Get()
- require.Equal(t, start.Add(2*time.Hour), t3)
- clock.Advance(time.Hour)
- t4 := lu.Get()
- require.Equal(t, start.Add(2*time.Hour), t4)
- })
- t.Run("UpdateAfterLastUnlock", func(t *testing.T) {
- start := time.Unix(0, 0)
- clock := clockwork.NewFakeClockAt(start)
- lu := &lastUsage{
- clock: clock,
- }
- lu.t.Store(&start)
- t1 := lu.Get()
- require.Equal(t, start, t1)
- f1 := lu.Start()
- clock.Advance(time.Hour)
- t2 := lu.Get()
- require.Equal(t, start.Add(time.Hour), t2)
- f2 := lu.Start()
- clock.Advance(time.Hour)
- f1()
- f3 := lu.Start()
- clock.Advance(time.Hour)
- t3 := lu.Get()
- require.Equal(t, start.Add(3*time.Hour), t3)
- clock.Advance(time.Hour)
- t4 := lu.Get()
- require.Equal(t, start.Add(4*time.Hour), t4)
- f3()
- t5 := lu.Get()
- require.Equal(t, start.Add(4*time.Hour), t5)
- clock.Advance(time.Hour)
- t6 := lu.Get()
- require.Equal(t, start.Add(5*time.Hour), t6)
- clock.Advance(time.Hour)
- f2()
- t7 := lu.Get()
- require.Equal(t, start.Add(6*time.Hour), t7)
- clock.Advance(time.Hour)
- f2()
- t8 := lu.Get()
- require.Equal(t, start.Add(6*time.Hour), t8)
- })
- t.Run("DeferRelease", func(t *testing.T) {
- start := time.Unix(0, 0)
- clock := clockwork.NewFakeClockAt(start)
- lu := &lastUsage{
- clock: clock,
- }
- lu.t.Store(&start)
-
- func() {
- t1 := lu.Get()
- require.Equal(t, start, t1)
- clock.Advance(time.Hour)
- t2 := lu.Get()
- require.Equal(t, start, t2)
- clock.Advance(time.Hour)
- defer lu.Start()()
- t3 := lu.Get()
- require.Equal(t, start.Add(2*time.Hour), t3)
- clock.Advance(time.Hour)
- t4 := lu.Get()
- require.Equal(t, start.Add(3*time.Hour), t4)
- clock.Advance(time.Hour)
- }()
- clock.Advance(time.Hour)
- t5 := lu.Get()
- require.Equal(t, start.Add(4*time.Hour), t5)
- })
-}
diff --git a/log/driver.go b/log/driver.go
index fb9c8b1a1..8596c8889 100644
--- a/log/driver.go
+++ b/log/driver.go
@@ -337,7 +337,7 @@ func internalDriver(l Logger, d trace.Detailer) trace.Driver { //nolint:gocyclo
)
}
},
- OnConnAllow: func(info trace.DriverConnAllowStartInfo) func(trace.DriverConnAllowDoneInfo) {
+ OnConnUnban: func(info trace.DriverConnUnbanStartInfo) func(trace.DriverConnUnbanDoneInfo) {
if d.Details()&trace.DriverConnEvents == 0 {
return nil
}
@@ -348,7 +348,7 @@ func internalDriver(l Logger, d trace.Detailer) trace.Driver { //nolint:gocyclo
)
start := time.Now()
- return func(info trace.DriverConnAllowDoneInfo) {
+ return func(info trace.DriverConnUnbanDoneInfo) {
l.Log(ctx, "done",
Stringer("endpoint", endpoint),
latencyField(start),
diff --git a/options.go b/options.go
index c4ed15129..d7b56d52d 100644
--- a/options.go
+++ b/options.go
@@ -676,6 +676,6 @@ func withConnPool(pool *conn.Pool) Option {
return func(ctx context.Context, c *Driver) error {
c.pool = pool
- return pool.Take(ctx)
+ return pool.Attach(ctx)
}
}
diff --git a/query/transaction.go b/query/transaction.go
index 877c93296..3a27f2d7c 100644
--- a/query/transaction.go
+++ b/query/transaction.go
@@ -60,10 +60,7 @@ func NoTx() *TransactionControl {
// DefaultTxControl returns default transaction control with serializable read-write isolation mode and auto-commit
func DefaultTxControl() *TransactionControl {
- return TxControl(
- BeginTx(WithSerializableReadWrite()),
- CommitTx(),
- )
+ return NoTx()
}
// SerializableReadWriteTxControl returns transaction control with serializable read-write isolation mode
diff --git a/tests/integration/discovery_test.go b/tests/integration/discovery_test.go
index 511043ebd..1a69ef901 100644
--- a/tests/integration/discovery_test.go
+++ b/tests/integration/discovery_test.go
@@ -10,6 +10,7 @@ import (
"testing"
"time"
+ "github.com/stretchr/testify/require"
"google.golang.org/grpc"
"google.golang.org/grpc/metadata"
@@ -26,7 +27,7 @@ func TestDiscovery(t *testing.T) {
var (
userAgent = "connection user agent"
requestType = "connection request type"
- checkMedatada = func(ctx context.Context) {
+ checkMetadata = func(ctx context.Context) {
md, has := metadata.FromOutgoingContext(ctx)
if !has {
t.Fatalf("no medatada")
@@ -78,7 +79,7 @@ func TestDiscovery(t *testing.T) {
invoker grpc.UnaryInvoker,
opts ...grpc.CallOption,
) error {
- checkMedatada(ctx)
+ checkMetadata(ctx)
return invoker(ctx, method, req, reply, cc, opts...)
}),
grpc.WithStreamInterceptor(func(
@@ -89,7 +90,7 @@ func TestDiscovery(t *testing.T) {
streamer grpc.Streamer,
opts ...grpc.CallOption,
) (grpc.ClientStream, error) {
- checkMedatada(ctx)
+ checkMetadata(ctx)
return streamer(ctx, desc, cc, method, opts...)
}),
),
@@ -105,29 +106,13 @@ func TestDiscovery(t *testing.T) {
if err != nil {
t.Fatal(err)
}
- defer func() {
- // cleanup connection
- if e := db.Close(ctx); e != nil {
- t.Fatalf("db close failed: %+v", e)
- }
- }()
- t.Run("discovery.Discover", func(t *testing.T) {
- if endpoints, err := db.Discovery().Discover(ctx); err != nil {
- t.Fatal(err)
- } else {
- t.Log(endpoints)
- }
- t.Run("wait", func(t *testing.T) {
- t.Run("parking", func(t *testing.T) {
- <-parking // wait for parking conn
- t.Run("re-discover", func(t *testing.T) {
- if endpoints, err := db.Discovery().Discover(ctx); err != nil {
- t.Fatal(err)
- } else {
- t.Log(endpoints)
- }
- })
- })
- })
- })
+ endpoints, err := db.Discovery().Discover(ctx)
+ require.NoError(t, err)
+ require.NotEmpty(t, endpoints)
+ <-parking // wait for parking conn
+ endpoints, err = db.Discovery().Discover(ctx)
+ require.NoError(t, err)
+ require.NotEmpty(t, endpoints)
+ err = db.Close(ctx)
+ require.NoError(t, err)
}
diff --git a/tests/slo/README.md b/tests/slo/README.md
index ad5433bbc..701ab95a1 100644
--- a/tests/slo/README.md
+++ b/tests/slo/README.md
@@ -5,7 +5,8 @@ SLO is the type of test where app based on ydb-sdk is tested against falling YDB
### Implementations:
-- `native` - over `./native` driver
+- `native/table` - over `./native` driver using `table` service client
+- `native/query` - over `./native` driver using `query` service client
- `database/sql` - over `./database/sql` driver
- `gorm` - over `gorm` driver
- `xorm` - over `xorm` driver
diff --git a/tests/slo/docker-compose.yaml b/tests/slo/docker-compose.yaml
new file mode 100644
index 000000000..f682072f3
--- /dev/null
+++ b/tests/slo/docker-compose.yaml
@@ -0,0 +1,62 @@
+version: "3"
+services:
+ jaeger:
+ image: jaegertracing/all-in-one:1.51.0
+ ports:
+ - "16686:16686" # Jaeger UI frontend
+ - "4317:4317" # gRPC port for accepts traces in OpenTelemetry OTLP format
+ - "4318:4318" # HTTP port for accepts traces in OpenTelemetry OTLP format
+ environment:
+ - COLLECTOR_OTLP_ENABLED=true
+
+ prometheus:
+ image: prom/prometheus:v2.37.9
+ container_name: prometheus
+ ports:
+ - 9090:9090
+ command:
+ - --config.file=/etc/prometheus/prometheus.yml
+ volumes:
+ - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
+
+ grafana:
+ image: grafana/grafana:9.5.13
+ depends_on:
+ - prometheus
+ ports:
+ - 3000:3000
+ restart: always
+
+ prometheus-pushgateway:
+ image: prom/pushgateway
+ ports:
+ - 9091:9091
+
+ ydb:
+ # image: cr.yandex/yc/yandex-docker-local-ydb:trunk
+ # image: cr.yandex/yc/yandex-docker-local-ydb:23.1
+ # image: cr.yandex/yc/yandex-docker-local-ydb:stable-22-5
+ # image: cr.yandex/yc/yandex-docker-local-ydb:latest
+ # image: registry.yandex.net/yandex-docker-local-ydb:latest
+ # image: ghcr.io/ydb-platform/local-ydb:nightly
+ image: ydbplatform/local-ydb:24.1
+ hostname: localhost
+ # volumes:
+ # - ./ydb_data:/ydb_data
+ # - ./ydb_certs:/ydb_certs
+ environment:
+ # - "YDB_DEFAULT_LOG_LEVEL=DEBUG"
+ - "GRPC_TLS_PORT=2135"
+ - "GRPC_PORT=2136"
+ - "MON_PORT=8765"
+ - "YDB_USE_IN_MEMORY_PDISKS=true"
+ - "YDB_LOCAL_SURVIVE_RESTART=true"
+ - "POSTGRES_USER=root"
+ - "POSTGRES_PASSWORD=1234"
+ - "YDB_FEATURE_FLAGS=enable_temp_tables"
+ - "YDB_TABLE_ENABLE_PREPARED_DDL=true"
+ ports:
+ - "2135:2135" # TLS
+ - "2136:2136" # Simple
+ - "5432:5432" # Postgres port
+ - "8765:8765" # Monitor
diff --git a/tests/slo/k8s/README.md b/tests/slo/k8s/README.md
new file mode 100644
index 000000000..e426b54bf
--- /dev/null
+++ b/tests/slo/k8s/README.md
@@ -0,0 +1,18 @@
+1) resize colima vm to 8-16 GB
+2) colima ssh
+ - sudo sysctl fs.inotify.max_user_watches=524288
+ - sudo sysctl fs.inotify.max_user_instances=512
+3) kind create cluster --config e2e/kind-cluster-config.yaml -n ydb
+4) docker pull cr.yandex/crptqonuodf51kdj7a7d/ydb:24.1.12
+5) docker pull cr.yandex/yc/ydb-kubernetes-operator:0.5.2
+6) docker tag cr.yandex/yc/ydb-kubernetes-operator:0.5.2 kind/ydb-operator:current
+7) docker pull k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0
+7) kind load docker-image kind/ydb-operator:current -n ydb
+8) kind load docker-image cr.yandex/crptqonuodf51kdj7a7d/ydb:24.1.12 -n ydb
+9) kind load docker-image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0 -n ydb
+10) helm -n ydb install --wait ydb-operator deploy/ydb-operator --create-namespace -f ./operator-values.yaml
+11) k apply -f ./storage-block-4-2.yaml
+12) k apply -f ./database.yaml
+13) telepresence helm install
+13) telepresence connect --namespace ydb
+14) docker run -d -p 9091:9091 prom/pushgateway
\ No newline at end of file
diff --git a/tests/slo/k8s/database.yaml b/tests/slo/k8s/database.yaml
new file mode 100644
index 000000000..ed4848223
--- /dev/null
+++ b/tests/slo/k8s/database.yaml
@@ -0,0 +1,15 @@
+apiVersion: ydb.tech/v1alpha1
+kind: Database
+metadata:
+ name: database
+ namespace: ydb
+spec:
+ image:
+ name: cr.yandex/crptqonuodf51kdj7a7d/ydb:24.1.12
+ nodes: 3
+ resources:
+ storageUnits:
+ - count: 1
+ unitKind: ssd
+ storageClusterRef:
+ name: storage
diff --git a/tests/slo/k8s/helm/.helmignore b/tests/slo/k8s/helm/.helmignore
new file mode 100644
index 000000000..691fa13d6
--- /dev/null
+++ b/tests/slo/k8s/helm/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
\ No newline at end of file
diff --git a/tests/slo/k8s/helm/Chart.yaml b/tests/slo/k8s/helm/Chart.yaml
new file mode 100644
index 000000000..b98d118e4
--- /dev/null
+++ b/tests/slo/k8s/helm/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: ydb-operator
+description: A Helm chart for deploying YDB Kubernetes operator.
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.5.2
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.5.2"
diff --git a/tests/slo/k8s/helm/README.md b/tests/slo/k8s/helm/README.md
new file mode 100644
index 000000000..851d441a9
--- /dev/null
+++ b/tests/slo/k8s/helm/README.md
@@ -0,0 +1,25 @@
+# YDB Kubernetes Operator Helm chart
+
+## Add repo
+
+```console
+helm repo add ydb https://charts.ydb.tech
+helm repo update
+```
+
+_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
+
+## Install Chart
+
+```console
+# Helm
+$ helm install [RELEASE_NAME] ydb/operator
+```
+
+## Configuration
+
+See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
+
+```console
+helm show values ydb/operator
+```
\ No newline at end of file
diff --git a/tests/slo/k8s/helm/crds/database.yaml b/tests/slo/k8s/helm/crds/database.yaml
new file mode 100644
index 000000000..c07efdad6
--- /dev/null
+++ b/tests/slo/k8s/helm/crds/database.yaml
@@ -0,0 +1,5947 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: databases.ydb.tech
+spec:
+ group: ydb.tech
+ names:
+ kind: Database
+ listKind: DatabaseList
+ plural: databases
+ singular: database
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The status of this DB
+ jsonPath: .status.state
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Database is the Schema for the databases API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: DatabaseSpec defines the desired state of Database
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource annotations that
+ are added to all resources
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource labels that are
+ added to all resources
+ type: object
+ affinity:
+ description: (Optional) If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the
+ pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node matches
+ the corresponding matchExpressions; the node(s) with the
+ highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects (i.e.
+ is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the
+ corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the corresponding
+ nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to an update), the system may or may not try to
+ eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term matches
+ no objects. The requirements of them are ANDed. The
+ TopologySelectorTerm type implements a subset of the
+ NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node. When
+ there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms
+ must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g.
+ avoid putting this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the anti-affinity expressions specified
+ by this field, but it may choose a node that violates one
+ or more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the anti-affinity requirements
+ specified by this field cease to be met at some point during
+ pod execution (e.g. due to a pod label update), the system
+ may or may not try to eventually evict the pod from its
+ node. When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ caBundle:
+ description: User-defined root certificate authority that is added
+ to system trust store of Storage pods on startup.
+ type: string
+ configuration:
+ description: YDB configuration in YAML format. Will be applied on
+ top of generated one in internal/configuration
+ type: string
+ datastreams:
+ description: Datastreams config
+ properties:
+ enabled:
+ type: boolean
+ iam_service_account_key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ domain:
+ default: Root
+ description: '(Optional) Name of the root storage domain Default:
+ Root'
+ maxLength: 63
+ pattern: '[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?'
+ type: string
+ encryption:
+ description: Encryption configuration
+ properties:
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ pin:
+ type: string
+ required:
+ - enabled
+ type: object
+ image:
+ description: (Optional) YDB Image
+ properties:
+ name:
+ description: 'Container image with supported YDB version. This
+ defaults to the version pinned to the operator and requires
+ a full container and tag/sha name. For example: cr.yandex/crptqonuodf51kdj7a7d/ydb:22.2.22'
+ type: string
+ pullPolicy:
+ description: '(Optional) PullPolicy for the image, which defaults
+ to IfNotPresent. Default: IfNotPresent'
+ type: string
+ pullSecret:
+ description: (Optional) Secret name containing the dockerconfig
+ to use for a registry that requires authentication. The secret
+ must be configured first by the user.
+ type: string
+ type: object
+ initContainers:
+ description: '(Optional) List of initialization containers belonging
+ to the pod. Init containers are executed in order prior to containers
+ being started. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
+ items:
+ description: A single application container that you want to run
+ within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The container image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax:
+ i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether
+ the variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Not
+ specifying a port here DOES NOT prevent that port from being
+ exposed. Any port which is listening on the default "0.0.0.0"
+ address inside a container will be accessible from the network.
+ Modifying this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options the
+ container should be run with. If set, the fields of SecurityContext
+ override the equivalent fields of PodSecurityContext. More
+ info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must only be set if type
+ is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components
+ that enable the WindowsHostProcessContainers feature
+ flag. Setting this field without the feature flag
+ will result in errors when validating the Pod. All
+ of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers). In
+ addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ monitoring:
+ description: '(Optional) Monitoring sets configuration options for
+ YDB observability Default: ""'
+ properties:
+ enabled:
+ type: boolean
+ interval:
+ description: Interval at which metrics should be scraped
+ type: string
+ metricRelabelings:
+ description: RelabelConfig allows dynamic rewriting of the label
+ set, being applied to sample before ingestion.
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of the
+ label set, being applied to samples before ingestion. It defines
+ `<metric_relabel_configs>`-section of Prometheus configuration.
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ properties:
+ action:
+ description: Action to perform based on regex matching.
+ Default is 'replace'
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source label
+ values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex replace
+ is performed if the regular expression matches. Regex
+ capture groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular expression
+ for the replace, keep, and drop actions.
+ items:
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
+ type: string
+ type: object
+ type: array
+ required:
+ - enabled
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: '(Optional) NodeSelector is a selector which must be
+ true for the pod to fit on a node. Selector which must match a node''s
+ labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ nodeSets:
+ description: '(Optional) NodeSet inline configuration to split into
+ multiple StatefulSets Default: (not specified)'
+ items:
+ description: DatabaseNodeSetSpecInline describes an group nodes
+ object inside parent object
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource annotations
+ that are added to all resources
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource labels that
+ are added to all resources
+ type: object
+ affinity:
+ description: (Optional) If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a
+ no-op). A null preferred scheduling term matches
+ no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values, a
+ key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If
+ the operator is Exists or DoesNotExist,
+ the values array must be empty. If
+ the operator is Gt or Lt, the values
+ array must have a single element,
+ which will be interpreted as an integer.
+ This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values, a
+ key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If
+ the operator is Exists or DoesNotExist,
+ the values array must be empty. If
+ the operator is Gt or Lt, the values
+ array must have a single element,
+ which will be interpreted as an integer.
+ This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range
+ 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an
+ update), the system may or may not try to eventually
+ evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them
+ are ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values, a
+ key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If
+ the operator is Exists or DoesNotExist,
+ the values array must be empty. If
+ the operator is Gt or Lt, the values
+ array must have a single element,
+ which will be interpreted as an integer.
+ This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values, a
+ key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If
+ the operator is Exists or DoesNotExist,
+ the values array must be empty. If
+ the operator is Gt or Lt, the values
+ array must have a single element,
+ which will be interpreted as an integer.
+ This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the
+ corresponding podAffinityTerm; the node(s) with the
+ highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of
+ namespaces that the term applies to. The
+ term is applied to the union of the namespaces
+ selected by this field and the ones listed
+ in the namespaces field. null selector and
+ null or empty namespaces list means "this
+ pod's namespace". An empty selector ({})
+ matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term applies
+ to. The term is applied to the union of
+ the namespaces listed in this field and
+ the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector
+ means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose value
+ of the label with key topologyKey matches
+ that of any node on which any of the selected
+ pods is running. Empty topologyKey is not
+ allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range
+ 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a
+ pod label update), the system may or may not try to
+ eventually evict the pod from its node. When there
+ are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all
+ terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or
+ not co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key <topologyKey> matches that of any
+ node on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of
+ label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a
+ key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only
+ "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of
+ label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a
+ key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only
+ "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified
+ namespaces, where co-located is defined as running
+ on a node whose value of the label with key
+ topologyKey matches that of any node on which
+ any of the selected pods is running. Empty topologyKey
+ is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the greatest
+ sum of weights, i.e. for each node that meets all
+ of the scheduling requirements (resource request,
+ requiredDuringScheduling anti-affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if the
+ node has pods which matches the corresponding podAffinityTerm;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of
+ namespaces that the term applies to. The
+ term is applied to the union of the namespaces
+ selected by this field and the ones listed
+ in the namespaces field. null selector and
+ null or empty namespaces list means "this
+ pod's namespace". An empty selector ({})
+ matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term applies
+ to. The term is applied to the union of
+ the namespaces listed in this field and
+ the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector
+ means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose value
+ of the label with key topologyKey matches
+ that of any node on which any of the selected
+ pods is running. Empty topologyKey is not
+ allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range
+ 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the anti-affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a
+ pod label update), the system may or may not try to
+ eventually evict the pod from its node. When there
+ are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all
+ terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or
+ not co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key <topologyKey> matches that of any
+ node on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of
+ label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a
+ key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only
+ "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of
+ label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a
+ key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only
+ "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified
+ namespaces, where co-located is defined as running
+ on a node whose value of the label with key
+ topologyKey matches that of any node on which
+ any of the selected pods is running. Empty topologyKey
+ is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations for DatabaseNodeSet object
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels for DatabaseNodeSet object
+ type: object
+ name:
+ description: Name of DatabaseNodeSet object
+ type: string
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: '(Optional) NodeSelector is a selector which must
+ be true for the pod to fit on a node. Selector which must
+ match a node''s labels for the pod to be scheduled on that
+ node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ nodes:
+ description: Number of nodes (pods) in the cluster
+ format: int32
+ type: integer
+ priorityClassName:
+ description: (Optional) If specified, the pod's priorityClassName.
+ type: string
+ remote:
+ description: (Optional) Object should be reference to RemoteDatabaseNodeSet
+ object
+ properties:
+ cluster:
+ description: Remote cluster to deploy NodeSet into
+ type: string
+ required:
+ - cluster
+ type: object
+ resources:
+ description: (Optional) Database storage and compute resources
+ properties:
+ containerResources:
+ description: '(Optional) Database container resource limits.
+ Any container limits can be specified. Default: (not specified)'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate. \n This field
+ is immutable."
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where
+ this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of
+ compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is omitted
+ for a container, it defaults to Limits if that is
+ explicitly specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ storageUnits:
+ description: 'Kind of the storage unit. Determine guarantees
+ for all main unit parameters: used hard disk type, capacity
+ throughput, IOPS etc.'
+ items:
+ properties:
+ count:
+ description: Number of units in this set.
+ format: int64
+ type: integer
+ unitKind:
+ description: 'Kind of the storage unit. Determine
+ guarantees for all main unit parameters: used hard
+ disk type, capacity throughput, IOPS etc.'
+ type: string
+ required:
+ - count
+ - unitKind
+ type: object
+ type: array
+ type: object
+ sharedResources:
+ description: (Optional) Shared resources can be used by serverless
+ databases.
+ properties:
+ containerResources:
+ description: '(Optional) Database container resource limits.
+ Any container limits can be specified. Default: (not specified)'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate. \n This field
+ is immutable."
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where
+ this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of
+ compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is omitted
+ for a container, it defaults to Limits if that is
+ explicitly specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ storageUnits:
+ description: 'Kind of the storage unit. Determine guarantees
+ for all main unit parameters: used hard disk type, capacity
+ throughput, IOPS etc.'
+ items:
+ properties:
+ count:
+ description: Number of units in this set.
+ format: int64
+ type: integer
+ unitKind:
+ description: 'Kind of the storage unit. Determine
+ guarantees for all main unit parameters: used hard
+ disk type, capacity throughput, IOPS etc.'
+ type: string
+ required:
+ - count
+ - unitKind
+ type: object
+ type: array
+ type: object
+ terminationGracePeriodSeconds:
+ description: (Optional) If specified, the pod's terminationGracePeriodSeconds.
+ format: int64
+ type: integer
+ tolerations:
+ description: (Optional) If specified, the pod's tolerations.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple <key,value,effect> using
+ the matching operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified,
+ allowed values are NoSchedule, PreferNoSchedule and
+ NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration
+ applies to. Empty means match all taint keys. If the
+ key is empty, operator must be Exists; this combination
+ means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship
+ to the value. Valid operators are Exists and Equal.
+ Defaults to Equal. Exists is equivalent to wildcard
+ for value, so that a pod can tolerate all taints of
+ a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of
+ time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the
+ taint forever (do not evict). Zero and negative values
+ will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: (Optional) If specified, the pod's topologySpreadConstraints.
+ All topologySpreadConstraints are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how to spread
+ matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods.
+ Pods that match this label selector are counted to determine
+ the number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values
+ array must be non-empty. If the operator is
+ Exists or DoesNotExist, the values array must
+ be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys
+ to select the pods over which spreading will be calculated.
+ The keys are used to lookup values from the incoming
+ pod labels, those key-value labels are ANDed with labelSelector
+ to select the group of existing pods over which spreading
+ will be calculated for the incoming pod. Keys that don't
+ exist in the incoming pod labels will be ignored. A
+ null or empty list means only match against labelSelector.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods
+ may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global
+ minimum. The global minimum is the minimum number of
+ matching pods in an eligible domain or zero if the number
+ of eligible domains is less than MinDomains. For example,
+ in a 3-zone cluster, MaxSkew is set to 1, and pods with
+ the same labelSelector spread as 2/2/1: In this case,
+ the global minimum is 1. | zone1 | zone2 | zone3 | | P
+ P | P P | P | - if MaxSkew is 1, incoming pod
+ can only be scheduled to zone3 to become 2/2/2; scheduling
+ it onto zone1(zone2) would make the ActualSkew(3-1)
+ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is
+ 2, incoming pod can be scheduled onto any zone. When
+ `whenUnsatisfiable=ScheduleAnyway`, it is used to give
+ higher precedence to topologies that satisfy it. It''s
+ a required field. Default value is 1 and 0 is not allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of
+ eligible domains. When the number of eligible domains
+ with matching topology keys is less than minDomains,
+ Pod Topology Spread treats \"global minimum\" as 0,
+ and then the calculation of Skew is performed. And when
+ the number of eligible domains with matching topology
+ keys equals or greater than minDomains, this value has
+ no effect on scheduling. As a result, when the number
+ of eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those domains.
+ If value is nil, the constraint behaves as if MinDomains
+ is equal to 1. Valid values are integers greater than
+ 0. When value is not nil, WhenUnsatisfiable must be
+ DoNotSchedule. \n For example, in a 3-zone cluster,
+ MaxSkew is set to 2, MinDomains is set to 5 and pods
+ with the same labelSelector spread as 2/2/2: | zone1
+ | zone2 | zone3 | | P P | P P | P P | The number
+ of domains is less than 5(MinDomains), so \"global minimum\"
+ is treated as 0. In this situation, new pod with the
+ same labelSelector cannot be scheduled, because computed
+ skew will be 3(3 - 0) if new Pod is scheduled to any
+ of the three zones, it will violate MaxSkew. \n This
+ is a beta field and requires the MinDomainsInPodTopologySpread
+ feature gate to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will
+ treat Pod's nodeAffinity/nodeSelector when calculating
+ pod topology spread skew. Options are: - Honor: only
+ nodes matching nodeAffinity/nodeSelector are included
+ in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations.
+ \n If this value is nil, the behavior is equivalent
+ to the Honor policy. This is a beta-level feature default
+ enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat
+ node taints when calculating pod topology spread skew.
+ Options are: - Honor: nodes without taints, along with
+ tainted nodes for which the incoming pod has a toleration,
+ are included. - Ignore: node taints are ignored. All
+ nodes are included. \n If this value is nil, the behavior
+ is equivalent to the Ignore policy. This is a beta-level
+ feature default enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes
+ that have a label with this key and identical values
+ are considered to be in the same topology. We consider
+ each <key, value> as a "bucket", and try to put balanced
+ number of pods into each bucket. We define a domain
+ as a particular instance of a topology. Also, we define
+ an eligible domain as a domain whose nodes meet the
+ requirements of nodeAffinityPolicy and nodeTaintsPolicy.
+ e.g. If TopologyKey is "kubernetes.io/hostname", each
+ Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain
+ of that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal
+ with a pod if it doesn''t satisfy the spread constraint.
+ - DoNotSchedule (default) tells the scheduler not to
+ schedule it. - ScheduleAnyway tells the scheduler to
+ schedule the pod in any location, but giving higher
+ precedence to topologies that would help reduce the skew.
+ A constraint is considered "Unsatisfiable" for an incoming
+ pod if and only if every possible node assignment for
+ that pod would violate "MaxSkew" on some topology. For
+ example, in a 3-zone cluster, MaxSkew is set to 1, and
+ pods with the same labelSelector spread as 3/1/1: |
+ zone1 | zone2 | zone3 | | P P P | P | P | If
+ WhenUnsatisfiable is set to DoNotSchedule, incoming
+ pod can only be scheduled to zone2(zone3) to become
+ 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
+ MaxSkew(1). In other words, the cluster can still be
+ imbalanced, but scheduler won''t make it *more* imbalanced.
+ It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - topologyKey
+ - whenUnsatisfiable
+ x-kubernetes-list-type: map
+ required:
+ - nodes
+ type: object
+ type: array
+ nodes:
+ description: Number of nodes (pods) in the cluster
+ format: int32
+ type: integer
+ operatorSync:
+ default: true
+ description: Enables or disables operator's reconcile loop. `false`
+ means all the Pods are running, but the reconcile is effectively
+ turned off. `true` means the default state of the system, all Pods
+ running, operator reacts to specification change of this Database
+ resource.
+ type: boolean
+ path:
+ description: '(Optional) Custom database path in schemeshard Default:
+ /<spec.domain>/<metadata.name>'
+ maxLength: 255
+ pattern: /[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?/[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?(/[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?)*
+ type: string
+ pause:
+ default: false
+ description: The state of the Database processes. `true` means all
+ the Database Pods are being killed, but the Database resource is
+ persisted. `false` means the default state of the system, all Pods
+ running.
+ type: boolean
+ priorityClassName:
+ description: (Optional) If specified, the pod's priorityClassName.
+ type: string
+ resources:
+ description: (Optional) Database storage and compute resources
+ properties:
+ containerResources:
+ description: '(Optional) Database container resource limits. Any
+ container limits can be specified. Default: (not specified)'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in
+ pod.spec.resourceClaims of the Pod where this field
+ is used. It makes that resource available inside a
+ container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ storageUnits:
+ description: 'Kind of the storage unit. Determine guarantees for
+ all main unit parameters: used hard disk type, capacity throughput,
+ IOPS etc.'
+ items:
+ properties:
+ count:
+ description: Number of units in this set.
+ format: int64
+ type: integer
+ unitKind:
+ description: 'Kind of the storage unit. Determine guarantees
+ for all main unit parameters: used hard disk type, capacity
+ throughput, IOPS etc.'
+ type: string
+ required:
+ - count
+ - unitKind
+ type: object
+ type: array
+ type: object
+ secrets:
+ description: 'Secret names that will be mounted into the well-known
+ directory of every storage pod. Directory: `/opt/ydb/secrets/<secret_name>/<secret_key>`'
+ items:
+ description: LocalObjectReference contains enough information to
+ let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ type: array
+ serverlessResources:
+ description: (Optional) If specified, created database will be "serverless".
+ properties:
+ sharedDatabaseRef:
+ description: Reference to YDB Database with configured shared
+ resources
+ properties:
+ name:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ namespace:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - sharedDatabaseRef
+ type: object
+ service:
+ description: '(Optional) Storage services parameter overrides Default:
+ (not specified)'
+ properties:
+ datastreams:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ tls:
+ properties:
+ CA:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ certificate:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ type: object
+ grpc:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ externalHost:
+ type: string
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ tls:
+ properties:
+ CA:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ certificate:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ type: object
+ interconnect:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ tls:
+ properties:
+ CA:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ certificate:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ type: object
+ status:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ type: object
+ type: object
+ sharedResources:
+ description: (Optional) Shared resources can be used by serverless
+ databases.
+ properties:
+ containerResources:
+ description: '(Optional) Database container resource limits. Any
+ container limits can be specified. Default: (not specified)'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in
+ pod.spec.resourceClaims of the Pod where this field
+ is used. It makes that resource available inside a
+ container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ storageUnits:
+ description: 'Kind of the storage unit. Determine guarantees for
+ all main unit parameters: used hard disk type, capacity throughput,
+ IOPS etc.'
+ items:
+ properties:
+ count:
+ description: Number of units in this set.
+ format: int64
+ type: integer
+ unitKind:
+ description: 'Kind of the storage unit. Determine guarantees
+ for all main unit parameters: used hard disk type, capacity
+ throughput, IOPS etc.'
+ type: string
+ required:
+ - count
+ - unitKind
+ type: object
+ type: array
+ type: object
+ storageClusterRef:
+ description: YDB Storage cluster reference
+ properties:
+ name:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ namespace:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ required:
+ - name
+ type: object
+ storageEndpoint:
+ description: YDB Storage Node broker address
+ type: string
+ terminationGracePeriodSeconds:
+ description: (Optional) If specified, the pod's terminationGracePeriodSeconds.
+ format: int64
+ type: integer
+ tolerations:
+ description: (Optional) If specified, the pod's tolerations.
+ items:
+ description: The pod this Toleration is attached to tolerates any
+ taint that matches the triple <key,value,effect> using the matching
+ operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty
+ means match all taint effects. When specified, allowed values
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match all
+ values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the
+ value. Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod
+ can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time
+ the toleration (which must be of effect NoExecute, otherwise
+ this field is ignored) tolerates the taint. By default, it
+ is not set, which means tolerate the taint forever (do not
+ evict). Zero and negative values will be treated as 0 (evict
+ immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: (Optional) If specified, the pod's topologySpreadConstraints.
+ All topologySpreadConstraints are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how to spread matching
+ pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods. Pods
+ that match this label selector are counted to determine the
+ number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ the pods over which spreading will be calculated. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are ANDed with labelSelector to select the
+ group of existing pods over which spreading will be calculated
+ for the incoming pod. Keys that don't exist in the incoming
+ pod labels will be ignored. A null or empty list means only
+ match against labelSelector.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods may
+ be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods
+ in an eligible domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone cluster,
+ MaxSkew is set to 1, and pods with the same labelSelector
+ spread as 2/2/1: In this case, the global minimum is 1. |
+ zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3 to become
+ 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)
+ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that satisfy
+ it. It''s a required field. Default value is 1 and 0 is not
+ allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of eligible
+ domains. When the number of eligible domains with matching
+ topology keys is less than minDomains, Pod Topology Spread
+ treats \"global minimum\" as 0, and then the calculation of
+ Skew is performed. And when the number of eligible domains
+ with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those domains. If
+ value is nil, the constraint behaves as if MinDomains is equal
+ to 1. Valid values are integers greater than 0. When value
+ is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains
+ is set to 5 and pods with the same labelSelector spread as
+ 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation, new pod with
+ the same labelSelector cannot be scheduled, because computed
+ skew will be 3(3 - 0) if new Pod is scheduled to any of the
+ three zones, it will violate MaxSkew. \n This is a beta field
+ and requires the MinDomainsInPodTopologySpread feature gate
+ to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will treat
+ Pod's nodeAffinity/nodeSelector when calculating pod topology
+ spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations. \n
+ If this value is nil, the behavior is equivalent to the Honor
+ policy. This is a beta-level feature default enabled by the
+ NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat node
+ taints when calculating pod topology spread skew. Options
+ are: - Honor: nodes without taints, along with tainted nodes
+ for which the incoming pod has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+ \n If this value is nil, the behavior is equivalent to the
+ Ignore policy. This is a beta-level feature default enabled
+ by the NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes that
+ have a label with this key and identical values are considered
+ to be in the same topology. We consider each <key, value>
+ as a "bucket", and try to put balanced number of pods into
+ each bucket. We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain as a domain
+ whose nodes meet the requirements of nodeAffinityPolicy and
+ nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain of
+ that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with a
+ pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
+ (default) tells the scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any location, but
+ giving higher precedence to topologies that would help reduce
+ the skew. A constraint is considered "Unsatisfiable" for
+ an incoming pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology. For
+ example, in a 3-zone cluster, MaxSkew is set to 1, and pods
+ with the same labelSelector spread as 3/1/1: | zone1 | zone2
+ | zone3 | | P P P | P | P | If WhenUnsatisfiable is
+ set to DoNotSchedule, incoming pod can only be scheduled to
+ zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on
+ zone2(zone3) satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t make it *more*
+ imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - topologyKey
+ - whenUnsatisfiable
+ x-kubernetes-list-type: map
+ version:
+ description: '(Optional) YDBVersion sets the explicit version of the
+ YDB image Default: ""'
+ type: string
+ volumes:
+ description: 'Additional volumes that will be mounted into the well-known
+ directory of every storage pod. Directory: `/opt/ydb/volumes/<volume_name>`.
+ Only `hostPath` volume type is supported for now.'
+ items:
+ description: Volume represents a named volume in a pod that may
+ be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent disk
+ resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in the
+ blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the blob
+ storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that contains
+ Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted root,
+ rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile is the
+ path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached and
+ mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
+ be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a secret
+ object containing parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless it is
+ marked optional. Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap or its
+ keys must be defined
+ type: boolean
+ type: object
+ csi:
+ description: csi (Container Storage Interface) represents ephemeral
+ storage that is handled by certain external CSI drivers (Beta
+ feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver that handles
+ this volume. Consult with your admin for the correct name
+ as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated
+ CSI driver which will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference to the
+ secret object containing sensitive information to pass
+ to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the secret
+ object contains more than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific properties
+ that are passed to the CSI driver. Consult your driver's
+ documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a Optional: mode bits used to set
+ permissions on created files by default. Must be an octal
+ value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file, must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path
+ name of the file to be created. Must not be absolute
+ or contain the ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory that
+ shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the
+ SizeLimit specified here and the sum of memory limits
+ of all containers in a pod. The default is nil which means
+ that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is tied
+ to the pod that defines it - it will be created before the
+ pod starts, and deleted when the pod is removed. \n Use this
+ if: a) the volume is only needed while the pod runs, b) features
+ of normal volumes like restoring from snapshot or capacity
+ \ tracking are needed, c) the storage driver is specified
+ through a storage class, and d) the storage driver supports
+ dynamic volume provisioning through a PersistentVolumeClaim
+ (see EphemeralVolumeSource for more information on the
+ connection between this volume type and PersistentVolumeClaim).
+ \n Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod. \n Use CSI for light-weight local ephemeral
+ volumes if the CSI driver is meant to be used that way - see
+ the documentation of the driver for more information. \n A
+ pod can use both types of ephemeral volumes and persistent
+ volumes at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC to
+ provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the PVC
+ will be deleted together with the pod. The name of the
+ PVC will be `<pod name>-<volume name>` where `<volume
+ name>` is the name from the `PodSpec.Volumes` array entry.
+ Pod validation will reject the pod if the concatenated
+ name is not valid for a PVC (for example, too long). \n
+ An existing PVC with that name that is not owned by the
+ pod will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC
+ is meant to be used by the pod, the PVC has to updated
+ with an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may be useful
+ when manually reconstructing a broken cluster. \n This
+ field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required, must
+ not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations that
+ will be copied into the PVC when creating it. No other
+ fields are allowed and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the PVC
+ that gets created from this template. The same fields
+ as in a PersistentVolumeClaim are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified
+ data source. When the AnyVolumeDataSource feature
+ gate is enabled, dataSource contents will be copied
+ to dataSourceRef, and dataSourceRef contents will
+ be copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified,
+ then dataSourceRef will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object
+ from which to populate the volume with data, if
+ a non-empty volume is desired. This may be any
+ object from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this field
+ is specified, volume binding will only succeed
+ if the type of the specified object matches some
+ installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the
+ dataSource field and as such if both fields are
+ non-empty, they must have the same value. For
+ backwards compatibility, when namespace isn''t
+ specified in dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to the same value
+ automatically if one of them is empty and the
+ other is non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t set to the
+ same value and must be empty. There are three
+ important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types
+ of objects, dataSourceRef allows any non-core
+ object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping
+ them), dataSourceRef preserves all values, and
+ generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects,
+ dataSourceRef allows objects in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using the
+ namespace field of dataSourceRef requires the
+ CrossNamespaceVolumeDataSource feature gate to
+ be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace
+ is specified, a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent namespace
+ to allow that namespace's owner to accept
+ the reference. See the ReferenceGrant documentation
+ for details. (Alpha) This field requires the
+ CrossNamespaceVolumeDataSource feature gate
+ to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem
+ is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that is
+ attached to a kubelet's host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs and
+ lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use for
+ this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds extra
+ command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information
+ to pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the plugin
+ scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached to
+ a kubelet's host machine. This depends on the Flocker control
+ service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset stored as
+ metadata -> name on the dataset for Flocker should be
+ considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset. This
+ is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume that
+ you want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource in
+ GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the EmptyDir into
+ the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory name. Must
+ not contain or start with '..'. If '.' is supplied, the
+ volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs volume
+ to be mounted with read-only permissions. Defaults to
+ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file or directory
+ on the host machine that is directly exposed to the container.
+ This is generally used for system agents or other privileged
+ things that are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host directory
+ mounts and who can/can not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host. If the
+ path is a symlink, it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults to "" More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource that is
+ attached to a kubelet''s host machine and then exposed to
+ the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface <target portal>:<volume
+ name> will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name that uses
+ an iSCSI transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal List. The
+ portal is either an IP or ip_addr:port if the port is
+ other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI target
+ and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal. The Portal
+ is either an IP or ip_addr:port if the port is other than
+ default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host that shares
+ a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export to
+ be mounted with read-only permissions. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address of the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents a
+ reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting in
+ VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used to set permissions
+ on created files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path are
+ not affected by this setting. This might be in conflict
+ with other options that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the configMap
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the ConfigMap, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be
+ an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values,
+ JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu
+ and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the secret data
+ to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the Secret, the volume setup
+ will error unless it is marked optional. Paths
+ must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional field specify whether the
+ Secret or its key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: serviceAccountToken is information about
+ the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended audience
+ of the token. A recipient of a token must identify
+ itself with an identifier specified in the audience
+ of the token, and otherwise should reject the
+ token. The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration, the
+ kubelet volume plugin will proactively rotate
+ the service account token. The kubelet will
+ start trying to rotate the token if the token
+ is older than 80 percent of its time to live
+ or if the token is older than 24 hours.Defaults
+ to 1 hour and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative to the
+ mount point of the file to project the token
+ into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default is no
+ group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults to
+ false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple Quobyte
+ Registry services specified as a string as host:port pair
+ (multiple entries are separated with commas) which acts
+ as the central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume in the
+ Backend Used with dynamically provisioned Quobyte volumes,
+ value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults to serivceaccount
+ user
+ type: string
+ volume:
+ description: volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication secret
+ for RBDUser. If provided overrides keyring. Default is
+ nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is the rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret for ScaleIO
+ user and other sensitive information. If this is not provided,
+ Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage for
+ a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool associated
+ with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system as
+ configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume already
+ created in the ScaleIO system that is associated with
+ this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the Secret, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the Secret or
+ its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret in the
+ pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use for obtaining
+ the StorageOS API credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeName:
+ description: volumeName is the human-readable name of the
+ StorageOS volume. Volume names are only unique within
+ a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope of the
+ volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS
+ for tighter integration. Set VolumeName to any name to
+ override the default behaviour. Set to "default" if you
+ are not using namespaces within StorageOS. Namespaces
+ that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies vSphere
+ volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - nodes
+ - storageClusterRef
+ type: object
+ status:
+ default:
+ state: Pending
+ description: DatabaseStatus defines the observed state of Database
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n \ttype FooStatus struct{ \t // Represents the observations
+ of a foo's current state. \t // Known .status.conditions.type
+ are: \"Available\", \"Progressing\", and \"Degraded\" \t //
+ +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map
+ \t // +listMapKey=type \t Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields
+ \t}"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/tests/slo/k8s/helm/crds/databasemonitoring.yaml b/tests/slo/k8s/helm/crds/databasemonitoring.yaml
new file mode 100644
index 000000000..c3212b7b6
--- /dev/null
+++ b/tests/slo/k8s/helm/crds/databasemonitoring.yaml
@@ -0,0 +1,159 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: databasemonitorings.ydb.tech
+spec:
+ group: ydb.tech
+ names:
+ kind: DatabaseMonitoring
+ listKind: DatabaseMonitoringList
+ plural: databasemonitorings
+ singular: databasemonitoring
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Monitoring status
+ jsonPath: .status.state
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: DatabaseMonitoring is the Schema for the databasemonitorings
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: DatabaseMonitoringSpec defines the desired state of DatabaseMonitoring
+ properties:
+ additionalLabels:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional labels that will be added to the
+ ServiceMonitor
+ type: object
+ databaseRef:
+ description: 'NamespacedRef TODO: replace StorageRef'
+ properties:
+ name:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ namespace:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - databaseRef
+ type: object
+ status:
+ description: DatabaseMonitoringStatus defines the observed state of DatabaseMonitoring
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n \ttype FooStatus struct{ \t // Represents the observations
+ of a foo's current state. \t // Known .status.conditions.type
+ are: \"Available\", \"Progressing\", and \"Degraded\" \t //
+ +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map
+ \t // +listMapKey=type \t Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields
+ \t}"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/tests/slo/k8s/helm/crds/databasenodeset.yaml b/tests/slo/k8s/helm/crds/databasenodeset.yaml
new file mode 100644
index 000000000..2fd020038
--- /dev/null
+++ b/tests/slo/k8s/helm/crds/databasenodeset.yaml
@@ -0,0 +1,4653 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: databasenodesets.ydb.tech
+spec:
+ group: ydb.tech
+ names:
+ kind: DatabaseNodeSet
+ listKind: DatabaseNodeSetList
+ plural: databasenodesets
+ singular: databasenodeset
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The status of this DatabaseNodeSet
+ jsonPath: .status.state
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: DatabaseNodeSet declares StatefulSet parameters for storageRef
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: DatabaseNodeSetSpec describes an group nodes of Database
+ object
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource annotations that
+ are added to all resources
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource labels that are
+ added to all resources
+ type: object
+ affinity:
+ description: (Optional) If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the
+ pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node matches
+ the corresponding matchExpressions; the node(s) with the
+ highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects (i.e.
+ is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the
+ corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the corresponding
+ nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to an update), the system may or may not try to
+ eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term matches
+ no objects. The requirements of them are ANDed. The
+ TopologySelectorTerm type implements a subset of the
+ NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node. When
+ there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms
+ must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g.
+ avoid putting this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the anti-affinity expressions specified
+ by this field, but it may choose a node that violates one
+ or more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the anti-affinity requirements
+ specified by this field cease to be met at some point during
+ pod execution (e.g. due to a pod label update), the system
+ may or may not try to eventually evict the pod from its
+ node. When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ caBundle:
+ description: User-defined root certificate authority that is added
+ to system trust store of Storage pods on startup.
+ type: string
+ configuration:
+ description: YDB configuration in YAML format. Will be applied on
+ top of generated one in internal/configuration
+ type: string
+ databaseRef:
+ description: YDB Database namespaced reference
+ properties:
+ name:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ namespace:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ required:
+ - name
+ type: object
+ datastreams:
+ description: Datastreams config
+ properties:
+ enabled:
+ type: boolean
+ iam_service_account_key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ domain:
+ default: Root
+ description: '(Optional) Name of the root storage domain Default:
+ Root'
+ maxLength: 63
+ pattern: '[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?'
+ type: string
+ encryption:
+ description: Encryption configuration
+ properties:
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ pin:
+ type: string
+ required:
+ - enabled
+ type: object
+ image:
+ description: (Optional) YDB Image
+ properties:
+ name:
+ description: 'Container image with supported YDB version. This
+ defaults to the version pinned to the operator and requires
+ a full container and tag/sha name. For example: cr.yandex/crptqonuodf51kdj7a7d/ydb:22.2.22'
+ type: string
+ pullPolicy:
+ description: '(Optional) PullPolicy for the image, which defaults
+ to IfNotPresent. Default: IfNotPresent'
+ type: string
+ pullSecret:
+ description: (Optional) Secret name containing the dockerconfig
+ to use for a registry that requires authentication. The secret
+ must be configured first by the user.
+ type: string
+ type: object
+ initContainers:
+ description: '(Optional) List of initialization containers belonging
+ to the pod. Init containers are executed in order prior to containers
+ being started. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
+ items:
+ description: A single application container that you want to run
+ within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The container image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax:
+ i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether
+ the variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Not
+ specifying a port here DOES NOT prevent that port from being
+ exposed. Any port which is listening on the default "0.0.0.0"
+ address inside a container will be accessible from the network.
+ Modifying this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options the
+ container should be run with. If set, the fields of SecurityContext
+ override the equivalent fields of PodSecurityContext. More
+ info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must only be set if type
+ is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components
+ that enable the WindowsHostProcessContainers feature
+ flag. Setting this field without the feature flag
+ will result in errors when validating the Pod. All
+ of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers). In
+ addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ monitoring:
+ description: '(Optional) Monitoring sets configuration options for
+ YDB observability Default: ""'
+ properties:
+ enabled:
+ type: boolean
+ interval:
+ description: Interval at which metrics should be scraped
+ type: string
+ metricRelabelings:
+ description: RelabelConfig allows dynamic rewriting of the label
+ set, being applied to sample before ingestion.
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of the
+ label set, being applied to samples before ingestion. It defines
+ `<metric_relabel_configs>`-section of Prometheus configuration.
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ properties:
+ action:
+ description: Action to perform based on regex matching.
+ Default is 'replace'
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source label
+ values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex replace
+ is performed if the regular expression matches. Regex
+ capture groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular expression
+ for the replace, keep, and drop actions.
+ items:
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
+ type: string
+ type: object
+ type: array
+ required:
+ - enabled
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: '(Optional) NodeSelector is a selector which must be
+ true for the pod to fit on a node. Selector which must match a node''s
+ labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ nodes:
+ description: Number of nodes (pods) in the cluster
+ format: int32
+ type: integer
+ operatorSync:
+ default: true
+ description: Enables or disables operator's reconcile loop. `false`
+ means all the Pods are running, but the reconcile is effectively
+ turned off. `true` means the default state of the system, all Pods
+ running, operator reacts to specification change of this Database
+ resource.
+ type: boolean
+ path:
+ description: '(Optional) Custom database path in schemeshard Default:
+ /<spec.domain>/<metadata.name>'
+ maxLength: 255
+ pattern: /[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?/[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?(/[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?)*
+ type: string
+ pause:
+ default: false
+ description: The state of the Database processes. `true` means all
+ the Database Pods are being killed, but the Database resource is
+ persisted. `false` means the default state of the system, all Pods
+ running.
+ type: boolean
+ priorityClassName:
+ description: (Optional) If specified, the pod's priorityClassName.
+ type: string
+ resources:
+ description: (Optional) Database storage and compute resources
+ properties:
+ containerResources:
+ description: '(Optional) Database container resource limits. Any
+ container limits can be specified. Default: (not specified)'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in
+ pod.spec.resourceClaims of the Pod where this field
+ is used. It makes that resource available inside a
+ container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ storageUnits:
+ description: 'Kind of the storage unit. Determine guarantees for
+ all main unit parameters: used hard disk type, capacity throughput,
+ IOPS etc.'
+ items:
+ properties:
+ count:
+ description: Number of units in this set.
+ format: int64
+ type: integer
+ unitKind:
+ description: 'Kind of the storage unit. Determine guarantees
+ for all main unit parameters: used hard disk type, capacity
+ throughput, IOPS etc.'
+ type: string
+ required:
+ - count
+ - unitKind
+ type: object
+ type: array
+ type: object
+ secrets:
+ description: 'Secret names that will be mounted into the well-known
+ directory of every storage pod. Directory: `/opt/ydb/secrets/<secret_name>/<secret_key>`'
+ items:
+ description: LocalObjectReference contains enough information to
+ let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ type: array
+ serverlessResources:
+ description: (Optional) If specified, created database will be "serverless".
+ properties:
+ sharedDatabaseRef:
+ description: Reference to YDB Database with configured shared
+ resources
+ properties:
+ name:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ namespace:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - sharedDatabaseRef
+ type: object
+ service:
+ description: '(Optional) Storage services parameter overrides Default:
+ (not specified)'
+ properties:
+ datastreams:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ tls:
+ properties:
+ CA:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ certificate:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ type: object
+ grpc:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ externalHost:
+ type: string
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ tls:
+ properties:
+ CA:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ certificate:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ type: object
+ interconnect:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ tls:
+ properties:
+ CA:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ certificate:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ type: object
+ status:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ type: object
+ type: object
+ sharedResources:
+ description: (Optional) Shared resources can be used by serverless
+ databases.
+ properties:
+ containerResources:
+ description: '(Optional) Database container resource limits. Any
+ container limits can be specified. Default: (not specified)'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in
+ pod.spec.resourceClaims of the Pod where this field
+ is used. It makes that resource available inside a
+ container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ storageUnits:
+ description: 'Kind of the storage unit. Determine guarantees for
+ all main unit parameters: used hard disk type, capacity throughput,
+ IOPS etc.'
+ items:
+ properties:
+ count:
+ description: Number of units in this set.
+ format: int64
+ type: integer
+ unitKind:
+ description: 'Kind of the storage unit. Determine guarantees
+ for all main unit parameters: used hard disk type, capacity
+ throughput, IOPS etc.'
+ type: string
+ required:
+ - count
+ - unitKind
+ type: object
+ type: array
+ type: object
+ storageClusterRef:
+ description: YDB Storage cluster reference
+ properties:
+ name:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ namespace:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ required:
+ - name
+ type: object
+ storageEndpoint:
+ description: YDB Storage Node broker address
+ type: string
+ terminationGracePeriodSeconds:
+ description: (Optional) If specified, the pod's terminationGracePeriodSeconds.
+ format: int64
+ type: integer
+ tolerations:
+ description: (Optional) If specified, the pod's tolerations.
+ items:
+ description: The pod this Toleration is attached to tolerates any
+ taint that matches the triple <key,value,effect> using the matching
+ operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty
+ means match all taint effects. When specified, allowed values
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match all
+ values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the
+ value. Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod
+ can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time
+ the toleration (which must be of effect NoExecute, otherwise
+ this field is ignored) tolerates the taint. By default, it
+ is not set, which means tolerate the taint forever (do not
+ evict). Zero and negative values will be treated as 0 (evict
+ immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: (Optional) If specified, the pod's topologySpreadConstraints.
+ All topologySpreadConstraints are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how to spread matching
+ pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods. Pods
+ that match this label selector are counted to determine the
+ number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ the pods over which spreading will be calculated. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are ANDed with labelSelector to select the
+ group of existing pods over which spreading will be calculated
+ for the incoming pod. Keys that don't exist in the incoming
+ pod labels will be ignored. A null or empty list means only
+ match against labelSelector.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods may
+ be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods
+ in an eligible domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone cluster,
+ MaxSkew is set to 1, and pods with the same labelSelector
+ spread as 2/2/1: In this case, the global minimum is 1. |
+ zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3 to become
+ 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)
+ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that satisfy
+ it. It''s a required field. Default value is 1 and 0 is not
+ allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of eligible
+ domains. When the number of eligible domains with matching
+ topology keys is less than minDomains, Pod Topology Spread
+ treats \"global minimum\" as 0, and then the calculation of
+ Skew is performed. And when the number of eligible domains
+ with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those domains. If
+ value is nil, the constraint behaves as if MinDomains is equal
+ to 1. Valid values are integers greater than 0. When value
+ is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains
+ is set to 5 and pods with the same labelSelector spread as
+ 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation, new pod with
+ the same labelSelector cannot be scheduled, because computed
+ skew will be 3(3 - 0) if new Pod is scheduled to any of the
+ three zones, it will violate MaxSkew. \n This is a beta field
+ and requires the MinDomainsInPodTopologySpread feature gate
+ to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will treat
+ Pod's nodeAffinity/nodeSelector when calculating pod topology
+ spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations. \n
+ If this value is nil, the behavior is equivalent to the Honor
+ policy. This is a beta-level feature default enabled by the
+ NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat node
+ taints when calculating pod topology spread skew. Options
+ are: - Honor: nodes without taints, along with tainted nodes
+ for which the incoming pod has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+ \n If this value is nil, the behavior is equivalent to the
+ Ignore policy. This is a beta-level feature default enabled
+ by the NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes that
+ have a label with this key and identical values are considered
+ to be in the same topology. We consider each <key, value>
+ as a "bucket", and try to put balanced number of pods into
+ each bucket. We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain as a domain
+ whose nodes meet the requirements of nodeAffinityPolicy and
+ nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain of
+ that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with a
+ pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
+ (default) tells the scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any location, but
+ giving higher precedence to topologies that would help reduce
+ the skew. A constraint is considered "Unsatisfiable" for
+ an incoming pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology. For
+ example, in a 3-zone cluster, MaxSkew is set to 1, and pods
+ with the same labelSelector spread as 3/1/1: | zone1 | zone2
+ | zone3 | | P P P | P | P | If WhenUnsatisfiable is
+ set to DoNotSchedule, incoming pod can only be scheduled to
+ zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on
+ zone2(zone3) satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t make it *more*
+ imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - topologyKey
+ - whenUnsatisfiable
+ x-kubernetes-list-type: map
+ version:
+ description: '(Optional) YDBVersion sets the explicit version of the
+ YDB image Default: ""'
+ type: string
+ volumes:
+ description: 'Additional volumes that will be mounted into the well-known
+ directory of every storage pod. Directory: `/opt/ydb/volumes/<volume_name>`.
+ Only `hostPath` volume type is supported for now.'
+ items:
+ description: Volume represents a named volume in a pod that may
+ be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent disk
+ resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in the
+ blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the blob
+ storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that contains
+ Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted root,
+ rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile is the
+ path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached and
+ mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
+ be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a secret
+ object containing parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless it is
+ marked optional. Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap or its
+ keys must be defined
+ type: boolean
+ type: object
+ csi:
+ description: csi (Container Storage Interface) represents ephemeral
+ storage that is handled by certain external CSI drivers (Beta
+ feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver that handles
+ this volume. Consult with your admin for the correct name
+ as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated
+ CSI driver which will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference to the
+ secret object containing sensitive information to pass
+ to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the secret
+ object contains more than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific properties
+ that are passed to the CSI driver. Consult your driver's
+ documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a Optional: mode bits used to set
+ permissions on created files by default. Must be an octal
+ value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file, must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path
+ name of the file to be created. Must not be absolute
+ or contain the ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory that
+ shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the
+ SizeLimit specified here and the sum of memory limits
+ of all containers in a pod. The default is nil which means
+ that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is tied
+ to the pod that defines it - it will be created before the
+ pod starts, and deleted when the pod is removed. \n Use this
+ if: a) the volume is only needed while the pod runs, b) features
+ of normal volumes like restoring from snapshot or capacity
+ \ tracking are needed, c) the storage driver is specified
+ through a storage class, and d) the storage driver supports
+ dynamic volume provisioning through a PersistentVolumeClaim
+ (see EphemeralVolumeSource for more information on the
+ connection between this volume type and PersistentVolumeClaim).
+ \n Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod. \n Use CSI for light-weight local ephemeral
+ volumes if the CSI driver is meant to be used that way - see
+ the documentation of the driver for more information. \n A
+ pod can use both types of ephemeral volumes and persistent
+ volumes at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC to
+ provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the PVC
+ will be deleted together with the pod. The name of the
+ PVC will be `<pod name>-<volume name>` where `<volume
+ name>` is the name from the `PodSpec.Volumes` array entry.
+ Pod validation will reject the pod if the concatenated
+ name is not valid for a PVC (for example, too long). \n
+ An existing PVC with that name that is not owned by the
+ pod will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC
+ is meant to be used by the pod, the PVC has to updated
+ with an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may be useful
+ when manually reconstructing a broken cluster. \n This
+ field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required, must
+ not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations that
+ will be copied into the PVC when creating it. No other
+ fields are allowed and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the PVC
+ that gets created from this template. The same fields
+ as in a PersistentVolumeClaim are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified
+ data source. When the AnyVolumeDataSource feature
+ gate is enabled, dataSource contents will be copied
+ to dataSourceRef, and dataSourceRef contents will
+ be copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified,
+ then dataSourceRef will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object
+ from which to populate the volume with data, if
+ a non-empty volume is desired. This may be any
+ object from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this field
+ is specified, volume binding will only succeed
+ if the type of the specified object matches some
+ installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the
+ dataSource field and as such if both fields are
+ non-empty, they must have the same value. For
+ backwards compatibility, when namespace isn''t
+ specified in dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to the same value
+ automatically if one of them is empty and the
+ other is non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t set to the
+ same value and must be empty. There are three
+ important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types
+ of objects, dataSourceRef allows any non-core
+ object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping
+ them), dataSourceRef preserves all values, and
+ generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects,
+ dataSourceRef allows objects in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using the
+ namespace field of dataSourceRef requires the
+ CrossNamespaceVolumeDataSource feature gate to
+ be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace
+ is specified, a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent namespace
+ to allow that namespace's owner to accept
+ the reference. See the ReferenceGrant documentation
+ for details. (Alpha) This field requires the
+ CrossNamespaceVolumeDataSource feature gate
+ to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem
+ is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that is
+ attached to a kubelet's host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs and
+ lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use for
+ this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds extra
+ command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information
+ to pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the plugin
+ scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached to
+ a kubelet's host machine. This depends on the Flocker control
+ service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset stored as
+ metadata -> name on the dataset for Flocker should be
+ considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset. This
+ is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume that
+ you want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource in
+ GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the EmptyDir into
+ the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory name. Must
+ not contain or start with '..'. If '.' is supplied, the
+ volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs volume
+ to be mounted with read-only permissions. Defaults to
+ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file or directory
+ on the host machine that is directly exposed to the container.
+ This is generally used for system agents or other privileged
+ things that are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host directory
+ mounts and who can/can not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host. If the
+ path is a symlink, it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults to "" More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource that is
+ attached to a kubelet''s host machine and then exposed to
+ the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface <target portal>:<volume
+ name> will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name that uses
+ an iSCSI transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal List. The
+ portal is either an IP or ip_addr:port if the port is
+ other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI target
+ and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal. The Portal
+ is either an IP or ip_addr:port if the port is other than
+ default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host that shares
+ a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export to
+ be mounted with read-only permissions. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address of the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents a
+ reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting in
+ VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used to set permissions
+ on created files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path are
+ not affected by this setting. This might be in conflict
+ with other options that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the configMap
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the ConfigMap, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be
+ an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values,
+ JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu
+ and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the secret data
+ to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the Secret, the volume setup
+ will error unless it is marked optional. Paths
+ must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional field specify whether the
+ Secret or its key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: serviceAccountToken is information about
+ the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended audience
+ of the token. A recipient of a token must identify
+ itself with an identifier specified in the audience
+ of the token, and otherwise should reject the
+ token. The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration, the
+ kubelet volume plugin will proactively rotate
+ the service account token. The kubelet will
+ start trying to rotate the token if the token
+ is older than 80 percent of its time to live
+ or if the token is older than 24 hours.Defaults
+ to 1 hour and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative to the
+ mount point of the file to project the token
+ into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default is no
+ group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults to
+ false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple Quobyte
+ Registry services specified as a string as host:port pair
+ (multiple entries are separated with commas) which acts
+ as the central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume in the
+ Backend Used with dynamically provisioned Quobyte volumes,
+ value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults to serivceaccount
+ user
+ type: string
+ volume:
+ description: volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication secret
+ for RBDUser. If provided overrides keyring. Default is
+ nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is the rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret for ScaleIO
+ user and other sensitive information. If this is not provided,
+ Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage for
+ a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool associated
+ with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system as
+ configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume already
+ created in the ScaleIO system that is associated with
+ this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the Secret, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the Secret or
+ its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret in the
+ pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use for obtaining
+ the StorageOS API credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeName:
+ description: volumeName is the human-readable name of the
+ StorageOS volume. Volume names are only unique within
+ a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope of the
+ volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS
+ for tighter integration. Set VolumeName to any name to
+ override the default behaviour. Set to "default" if you
+ are not using namespaces within StorageOS. Namespaces
+ that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies vSphere
+ volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - databaseRef
+ - nodes
+ - storageClusterRef
+ type: object
+ status:
+ default:
+ state: Pending
+ description: DatabaseNodeSetStatus defines the observed state
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n \ttype FooStatus struct{ \t // Represents the observations
+ of a foo's current state. \t // Known .status.conditions.type
+ are: \"Available\", \"Progressing\", and \"Degraded\" \t //
+ +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map
+ \t // +listMapKey=type \t Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields
+ \t}"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/tests/slo/k8s/helm/crds/remotedatabasenodeset.yaml b/tests/slo/k8s/helm/crds/remotedatabasenodeset.yaml
new file mode 100644
index 000000000..8c193a638
--- /dev/null
+++ b/tests/slo/k8s/helm/crds/remotedatabasenodeset.yaml
@@ -0,0 +1,4749 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: remotedatabasenodesets.ydb.tech
+spec:
+ group: ydb.tech
+ names:
+ kind: RemoteDatabaseNodeSet
+ listKind: RemoteDatabaseNodeSetList
+ plural: remotedatabasenodesets
+ singular: remotedatabasenodeset
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The status of this RemoteDatabaseNodeSet
+ jsonPath: .status.state
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: RemoteDatabaseNodeSet declares NodeSet spec and status for objects
+ in remote cluster
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: DatabaseNodeSetSpec describes an group nodes of Database
+ object
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource annotations that
+ are added to all resources
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource labels that are
+ added to all resources
+ type: object
+ affinity:
+ description: (Optional) If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the
+ pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node matches
+ the corresponding matchExpressions; the node(s) with the
+ highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects (i.e.
+ is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the
+ corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the corresponding
+ nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to an update), the system may or may not try to
+ eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term matches
+ no objects. The requirements of them are ANDed. The
+ TopologySelectorTerm type implements a subset of the
+ NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node. When
+ there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms
+ must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g.
+ avoid putting this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the anti-affinity expressions specified
+ by this field, but it may choose a node that violates one
+ or more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the anti-affinity requirements
+ specified by this field cease to be met at some point during
+ pod execution (e.g. due to a pod label update), the system
+ may or may not try to eventually evict the pod from its
+ node. When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ caBundle:
+ description: User-defined root certificate authority that is added
+ to system trust store of Storage pods on startup.
+ type: string
+ configuration:
+ description: YDB configuration in YAML format. Will be applied on
+ top of generated one in internal/configuration
+ type: string
+ databaseRef:
+ description: YDB Database namespaced reference
+ properties:
+ name:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ namespace:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ required:
+ - name
+ type: object
+ datastreams:
+ description: Datastreams config
+ properties:
+ enabled:
+ type: boolean
+ iam_service_account_key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ domain:
+ default: Root
+ description: '(Optional) Name of the root storage domain Default:
+ Root'
+ maxLength: 63
+ pattern: '[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?'
+ type: string
+ encryption:
+ description: Encryption configuration
+ properties:
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ pin:
+ type: string
+ required:
+ - enabled
+ type: object
+ image:
+ description: (Optional) YDB Image
+ properties:
+ name:
+ description: 'Container image with supported YDB version. This
+ defaults to the version pinned to the operator and requires
+ a full container and tag/sha name. For example: cr.yandex/crptqonuodf51kdj7a7d/ydb:22.2.22'
+ type: string
+ pullPolicy:
+ description: '(Optional) PullPolicy for the image, which defaults
+ to IfNotPresent. Default: IfNotPresent'
+ type: string
+ pullSecret:
+ description: (Optional) Secret name containing the dockerconfig
+ to use for a registry that requires authentication. The secret
+ must be configured first by the user.
+ type: string
+ type: object
+ initContainers:
+ description: '(Optional) List of initialization containers belonging
+ to the pod. Init containers are executed in order prior to containers
+ being started. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
+ items:
+ description: A single application container that you want to run
+ within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The container image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax:
+ i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether
+ the variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Not
+ specifying a port here DOES NOT prevent that port from being
+ exposed. Any port which is listening on the default "0.0.0.0"
+ address inside a container will be accessible from the network.
+ Modifying this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options the
+ container should be run with. If set, the fields of SecurityContext
+ override the equivalent fields of PodSecurityContext. More
+ info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must only be set if type
+ is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components
+ that enable the WindowsHostProcessContainers feature
+ flag. Setting this field without the feature flag
+ will result in errors when validating the Pod. All
+ of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers). In
+ addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ monitoring:
+ description: '(Optional) Monitoring sets configuration options for
+ YDB observability Default: ""'
+ properties:
+ enabled:
+ type: boolean
+ interval:
+ description: Interval at which metrics should be scraped
+ type: string
+ metricRelabelings:
+ description: RelabelConfig allows dynamic rewriting of the label
+ set, being applied to sample before ingestion.
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of the
+ label set, being applied to samples before ingestion. It defines
+ `<metric_relabel_configs>`-section of Prometheus configuration.
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ properties:
+ action:
+ description: Action to perform based on regex matching.
+ Default is 'replace'
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source label
+ values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex replace
+ is performed if the regular expression matches. Regex
+ capture groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular expression
+ for the replace, keep, and drop actions.
+ items:
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
+ type: string
+ type: object
+ type: array
+ required:
+ - enabled
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: '(Optional) NodeSelector is a selector which must be
+ true for the pod to fit on a node. Selector which must match a node''s
+ labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ nodes:
+ description: Number of nodes (pods) in the cluster
+ format: int32
+ type: integer
+ operatorSync:
+ default: true
+ description: Enables or disables operator's reconcile loop. `false`
+ means all the Pods are running, but the reconcile is effectively
+ turned off. `true` means the default state of the system, all Pods
+ running, operator reacts to specification change of this Database
+ resource.
+ type: boolean
+ path:
+ description: '(Optional) Custom database path in schemeshard Default:
+ /<spec.domain>/<metadata.name>'
+ maxLength: 255
+ pattern: /[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?/[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?(/[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?)*
+ type: string
+ pause:
+ default: false
+ description: The state of the Database processes. `true` means all
+ the Database Pods are being killed, but the Database resource is
+ persisted. `false` means the default state of the system, all Pods
+ running.
+ type: boolean
+ priorityClassName:
+ description: (Optional) If specified, the pod's priorityClassName.
+ type: string
+ resources:
+ description: (Optional) Database storage and compute resources
+ properties:
+ containerResources:
+ description: '(Optional) Database container resource limits. Any
+ container limits can be specified. Default: (not specified)'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in
+ pod.spec.resourceClaims of the Pod where this field
+ is used. It makes that resource available inside a
+ container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ storageUnits:
+ description: 'Kind of the storage unit. Determine guarantees for
+ all main unit parameters: used hard disk type, capacity throughput,
+ IOPS etc.'
+ items:
+ properties:
+ count:
+ description: Number of units in this set.
+ format: int64
+ type: integer
+ unitKind:
+ description: 'Kind of the storage unit. Determine guarantees
+ for all main unit parameters: used hard disk type, capacity
+ throughput, IOPS etc.'
+ type: string
+ required:
+ - count
+ - unitKind
+ type: object
+ type: array
+ type: object
+ secrets:
+ description: 'Secret names that will be mounted into the well-known
+ directory of every storage pod. Directory: `/opt/ydb/secrets/<secret_name>/<secret_key>`'
+ items:
+ description: LocalObjectReference contains enough information to
+ let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ type: array
+ serverlessResources:
+ description: (Optional) If specified, created database will be "serverless".
+ properties:
+ sharedDatabaseRef:
+ description: Reference to YDB Database with configured shared
+ resources
+ properties:
+ name:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ namespace:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - sharedDatabaseRef
+ type: object
+ service:
+ description: '(Optional) Storage services parameter overrides Default:
+ (not specified)'
+ properties:
+ datastreams:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ tls:
+ properties:
+ CA:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ certificate:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ type: object
+ grpc:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ externalHost:
+ type: string
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ tls:
+ properties:
+ CA:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ certificate:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ type: object
+ interconnect:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ tls:
+ properties:
+ CA:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ certificate:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ type: object
+ status:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ type: object
+ type: object
+ sharedResources:
+ description: (Optional) Shared resources can be used by serverless
+ databases.
+ properties:
+ containerResources:
+ description: '(Optional) Database container resource limits. Any
+ container limits can be specified. Default: (not specified)'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in
+ pod.spec.resourceClaims of the Pod where this field
+ is used. It makes that resource available inside a
+ container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ storageUnits:
+ description: 'Kind of the storage unit. Determine guarantees for
+ all main unit parameters: used hard disk type, capacity throughput,
+ IOPS etc.'
+ items:
+ properties:
+ count:
+ description: Number of units in this set.
+ format: int64
+ type: integer
+ unitKind:
+ description: 'Kind of the storage unit. Determine guarantees
+ for all main unit parameters: used hard disk type, capacity
+ throughput, IOPS etc.'
+ type: string
+ required:
+ - count
+ - unitKind
+ type: object
+ type: array
+ type: object
+ storageClusterRef:
+ description: YDB Storage cluster reference
+ properties:
+ name:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ namespace:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ required:
+ - name
+ type: object
+ storageEndpoint:
+ description: YDB Storage Node broker address
+ type: string
+ terminationGracePeriodSeconds:
+ description: (Optional) If specified, the pod's terminationGracePeriodSeconds.
+ format: int64
+ type: integer
+ tolerations:
+ description: (Optional) If specified, the pod's tolerations.
+ items:
+ description: The pod this Toleration is attached to tolerates any
+ taint that matches the triple <key,value,effect> using the matching
+ operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty
+ means match all taint effects. When specified, allowed values
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match all
+ values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the
+ value. Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod
+ can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time
+ the toleration (which must be of effect NoExecute, otherwise
+ this field is ignored) tolerates the taint. By default, it
+ is not set, which means tolerate the taint forever (do not
+ evict). Zero and negative values will be treated as 0 (evict
+ immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: (Optional) If specified, the pod's topologySpreadConstraints.
+ All topologySpreadConstraints are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how to spread matching
+ pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods. Pods
+ that match this label selector are counted to determine the
+ number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ the pods over which spreading will be calculated. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are ANDed with labelSelector to select the
+ group of existing pods over which spreading will be calculated
+ for the incoming pod. Keys that don't exist in the incoming
+ pod labels will be ignored. A null or empty list means only
+ match against labelSelector.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods may
+ be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods
+ in an eligible domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone cluster,
+ MaxSkew is set to 1, and pods with the same labelSelector
+ spread as 2/2/1: In this case, the global minimum is 1. |
+ zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3 to become
+ 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)
+ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that satisfy
+ it. It''s a required field. Default value is 1 and 0 is not
+ allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of eligible
+ domains. When the number of eligible domains with matching
+ topology keys is less than minDomains, Pod Topology Spread
+ treats \"global minimum\" as 0, and then the calculation of
+ Skew is performed. And when the number of eligible domains
+ with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those domains. If
+ value is nil, the constraint behaves as if MinDomains is equal
+ to 1. Valid values are integers greater than 0. When value
+ is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains
+ is set to 5 and pods with the same labelSelector spread as
+ 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation, new pod with
+ the same labelSelector cannot be scheduled, because computed
+ skew will be 3(3 - 0) if new Pod is scheduled to any of the
+ three zones, it will violate MaxSkew. \n This is a beta field
+ and requires the MinDomainsInPodTopologySpread feature gate
+ to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will treat
+ Pod's nodeAffinity/nodeSelector when calculating pod topology
+ spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations. \n
+ If this value is nil, the behavior is equivalent to the Honor
+ policy. This is a beta-level feature default enabled by the
+ NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat node
+ taints when calculating pod topology spread skew. Options
+ are: - Honor: nodes without taints, along with tainted nodes
+ for which the incoming pod has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+ \n If this value is nil, the behavior is equivalent to the
+ Ignore policy. This is a beta-level feature default enabled
+ by the NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes that
+ have a label with this key and identical values are considered
+ to be in the same topology. We consider each <key, value>
+ as a "bucket", and try to put balanced number of pods into
+ each bucket. We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain as a domain
+ whose nodes meet the requirements of nodeAffinityPolicy and
+ nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain of
+ that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with a
+ pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
+ (default) tells the scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any location, but
+ giving higher precedence to topologies that would help reduce
+ the skew. A constraint is considered "Unsatisfiable" for
+ an incoming pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology. For
+ example, in a 3-zone cluster, MaxSkew is set to 1, and pods
+ with the same labelSelector spread as 3/1/1: | zone1 | zone2
+ | zone3 | | P P P | P | P | If WhenUnsatisfiable is
+ set to DoNotSchedule, incoming pod can only be scheduled to
+ zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on
+ zone2(zone3) satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t make it *more*
+ imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - topologyKey
+ - whenUnsatisfiable
+ x-kubernetes-list-type: map
+ version:
+ description: '(Optional) YDBVersion sets the explicit version of the
+ YDB image Default: ""'
+ type: string
+ volumes:
+ description: 'Additional volumes that will be mounted into the well-known
+ directory of every storage pod. Directory: `/opt/ydb/volumes/<volume_name>`.
+ Only `hostPath` volume type is supported for now.'
+ items:
+ description: Volume represents a named volume in a pod that may
+ be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent disk
+ resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in the
+ blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the blob
+ storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that contains
+ Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted root,
+ rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile is the
+ path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached and
+ mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
+ be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a secret
+ object containing parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless it is
+ marked optional. Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap or its
+ keys must be defined
+ type: boolean
+ type: object
+ csi:
+ description: csi (Container Storage Interface) represents ephemeral
+ storage that is handled by certain external CSI drivers (Beta
+ feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver that handles
+ this volume. Consult with your admin for the correct name
+ as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated
+ CSI driver which will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference to the
+ secret object containing sensitive information to pass
+ to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the secret
+ object contains more than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific properties
+ that are passed to the CSI driver. Consult your driver's
+ documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a Optional: mode bits used to set
+ permissions on created files by default. Must be an octal
+ value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file, must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path
+ name of the file to be created. Must not be absolute
+ or contain the ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory that
+ shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the
+ SizeLimit specified here and the sum of memory limits
+ of all containers in a pod. The default is nil which means
+ that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is tied
+ to the pod that defines it - it will be created before the
+ pod starts, and deleted when the pod is removed. \n Use this
+ if: a) the volume is only needed while the pod runs, b) features
+ of normal volumes like restoring from snapshot or capacity
+ \ tracking are needed, c) the storage driver is specified
+ through a storage class, and d) the storage driver supports
+ dynamic volume provisioning through a PersistentVolumeClaim
+ (see EphemeralVolumeSource for more information on the
+ connection between this volume type and PersistentVolumeClaim).
+ \n Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod. \n Use CSI for light-weight local ephemeral
+ volumes if the CSI driver is meant to be used that way - see
+ the documentation of the driver for more information. \n A
+ pod can use both types of ephemeral volumes and persistent
+ volumes at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC to
+ provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the PVC
+ will be deleted together with the pod. The name of the
+ PVC will be `<pod name>-<volume name>` where `<volume
+ name>` is the name from the `PodSpec.Volumes` array entry.
+ Pod validation will reject the pod if the concatenated
+ name is not valid for a PVC (for example, too long). \n
+ An existing PVC with that name that is not owned by the
+ pod will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC
+ is meant to be used by the pod, the PVC has to updated
+ with an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may be useful
+ when manually reconstructing a broken cluster. \n This
+ field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required, must
+ not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations that
+ will be copied into the PVC when creating it. No other
+ fields are allowed and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the PVC
+ that gets created from this template. The same fields
+ as in a PersistentVolumeClaim are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified
+ data source. When the AnyVolumeDataSource feature
+ gate is enabled, dataSource contents will be copied
+ to dataSourceRef, and dataSourceRef contents will
+ be copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified,
+ then dataSourceRef will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object
+ from which to populate the volume with data, if
+ a non-empty volume is desired. This may be any
+ object from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this field
+ is specified, volume binding will only succeed
+ if the type of the specified object matches some
+ installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the
+ dataSource field and as such if both fields are
+ non-empty, they must have the same value. For
+ backwards compatibility, when namespace isn''t
+ specified in dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to the same value
+ automatically if one of them is empty and the
+ other is non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t set to the
+ same value and must be empty. There are three
+ important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types
+ of objects, dataSourceRef allows any non-core
+ object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping
+ them), dataSourceRef preserves all values, and
+ generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects,
+ dataSourceRef allows objects in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using the
+ namespace field of dataSourceRef requires the
+ CrossNamespaceVolumeDataSource feature gate to
+ be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace
+ is specified, a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent namespace
+ to allow that namespace's owner to accept
+ the reference. See the ReferenceGrant documentation
+ for details. (Alpha) This field requires the
+ CrossNamespaceVolumeDataSource feature gate
+ to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem
+ is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that is
+ attached to a kubelet's host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs and
+ lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use for
+ this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds extra
+ command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information
+ to pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the plugin
+ scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached to
+ a kubelet's host machine. This depends on the Flocker control
+ service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset stored as
+ metadata -> name on the dataset for Flocker should be
+ considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset. This
+ is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume that
+ you want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource in
+ GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the EmptyDir into
+ the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory name. Must
+ not contain or start with '..'. If '.' is supplied, the
+ volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs volume
+ to be mounted with read-only permissions. Defaults to
+ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file or directory
+ on the host machine that is directly exposed to the container.
+ This is generally used for system agents or other privileged
+ things that are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host directory
+ mounts and who can/can not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host. If the
+ path is a symlink, it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults to "" More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource that is
+ attached to a kubelet''s host machine and then exposed to
+ the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface <target portal>:<volume
+ name> will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name that uses
+ an iSCSI transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal List. The
+ portal is either an IP or ip_addr:port if the port is
+ other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI target
+ and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal. The Portal
+ is either an IP or ip_addr:port if the port is other than
+ default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host that shares
+ a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export to
+ be mounted with read-only permissions. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address of the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents a
+ reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting in
+ VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used to set permissions
+ on created files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path are
+ not affected by this setting. This might be in conflict
+ with other options that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the configMap
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the ConfigMap, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be
+ an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values,
+ JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu
+ and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the secret data
+ to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the Secret, the volume setup
+ will error unless it is marked optional. Paths
+ must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional field specify whether the
+ Secret or its key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: serviceAccountToken is information about
+ the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended audience
+ of the token. A recipient of a token must identify
+ itself with an identifier specified in the audience
+ of the token, and otherwise should reject the
+ token. The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration, the
+ kubelet volume plugin will proactively rotate
+ the service account token. The kubelet will
+ start trying to rotate the token if the token
+ is older than 80 percent of its time to live
+ or if the token is older than 24 hours.Defaults
+ to 1 hour and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative to the
+ mount point of the file to project the token
+ into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default is no
+ group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults to
+ false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple Quobyte
+ Registry services specified as a string as host:port pair
+ (multiple entries are separated with commas) which acts
+ as the central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume in the
+ Backend Used with dynamically provisioned Quobyte volumes,
+ value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults to serivceaccount
+ user
+ type: string
+ volume:
+ description: volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication secret
+ for RBDUser. If provided overrides keyring. Default is
+ nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is the rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret for ScaleIO
+ user and other sensitive information. If this is not provided,
+ Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage for
+ a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool associated
+ with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system as
+ configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume already
+ created in the ScaleIO system that is associated with
+ this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the Secret, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the Secret or
+ its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret in the
+ pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use for obtaining
+ the StorageOS API credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeName:
+ description: volumeName is the human-readable name of the
+ StorageOS volume. Volume names are only unique within
+ a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope of the
+ volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS
+ for tighter integration. Set VolumeName to any name to
+ override the default behaviour. Set to "default" if you
+ are not using namespaces within StorageOS. Namespaces
+ that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies vSphere
+ volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - databaseRef
+ - nodes
+ - storageClusterRef
+ type: object
+ status:
+ default:
+ state: Pending
+ description: DatabaseNodeSetStatus defines the observed state
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n \ttype FooStatus struct{ \t // Represents the observations
+ of a foo's current state. \t // Known .status.conditions.type
+ are: \"Available\", \"Progressing\", and \"Degraded\" \t //
+ +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map
+ \t // +listMapKey=type \t Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields
+ \t}"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ remoteResources:
+ items:
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of
+ the current state of this API Resource. --- This struct
+ is intended for direct use as an array at the field path
+ .status.conditions. For example, \n \ttype FooStatus struct{
+ \t // Represents the observations of a foo's current
+ state. \t // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type
+ \t // +patchStrategy=merge \t // +listType=map \t
+ \ // +listMapKey=type \t Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other
+ fields \t}"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should
+ be when the underlying condition changed. If that is
+ not known, then using the time when the API field changed
+ is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance,
+ if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the
+ current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier
+ indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected
+ values and meanings for this field, and whether the
+ values are considered a guaranteed API. The value should
+ be a CamelCase string. This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across
+ resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability
+ to deconflict is important. The regex it matches is
+ (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ group:
+ type: string
+ kind:
+ type: string
+ name:
+ type: string
+ state:
+ type: string
+ version:
+ type: string
+ required:
+ - group
+ - kind
+ - name
+ - state
+ - version
+ type: object
+ type: array
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/tests/slo/k8s/helm/crds/remotestoragenodeset.yaml b/tests/slo/k8s/helm/crds/remotestoragenodeset.yaml
new file mode 100644
index 000000000..78bcae7d1
--- /dev/null
+++ b/tests/slo/k8s/helm/crds/remotestoragenodeset.yaml
@@ -0,0 +1,4683 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: remotestoragenodesets.ydb.tech
+spec:
+ group: ydb.tech
+ names:
+ kind: RemoteStorageNodeSet
+ listKind: RemoteStorageNodeSetList
+ plural: remotestoragenodesets
+ singular: remotestoragenodeset
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The status of this RemoteStorageNodeSet
+ jsonPath: .status.state
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: RemoteStorageNodeSet declares NodeSet spec and status for objects
+ in remote cluster
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: StorageNodeSetSpec describes an group nodes of Storage object
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource annotations that
+ are added to all resources
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource labels that are
+ added to all resources
+ type: object
+ affinity:
+ description: (Optional) If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the
+ pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node matches
+ the corresponding matchExpressions; the node(s) with the
+ highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects (i.e.
+ is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the
+ corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the corresponding
+ nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to an update), the system may or may not try to
+ eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term matches
+ no objects. The requirements of them are ANDed. The
+ TopologySelectorTerm type implements a subset of the
+ NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node. When
+ there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms
+ must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g.
+ avoid putting this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the anti-affinity expressions specified
+ by this field, but it may choose a node that violates one
+ or more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the anti-affinity requirements
+ specified by this field cease to be met at some point during
+ pod execution (e.g. due to a pod label update), the system
+ may or may not try to eventually evict the pod from its
+ node. When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ caBundle:
+ description: User-defined root certificate authority that is added
+ to system trust store of Storage pods on startup.
+ type: string
+ configuration:
+ description: YDB configuration in YAML format. Will be applied on
+ top of generated one in internal/configuration
+ type: string
+ dataStore:
+ description: (Optional) Where cluster data should be kept
+ items:
+ description: PersistentVolumeClaimSpec describes the common attributes
+ of storage devices and allows a Source for provider-specific attributes
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access modes
+ the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the provisioner
+ or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified
+ data source. When the AnyVolumeDataSource feature gate is
+ enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when
+ dataSourceRef.namespace is not specified. If the namespace
+ is specified, then dataSourceRef will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being
+ referenced. If APIGroup is not specified, the specified
+ Kind must be in the core API group. For any other third-party
+ types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from which
+ to populate the volume with data, if a non-empty volume is
+ desired. This may be any object from a non-empty API group
+ (non core object) or a PersistentVolumeClaim object. When
+ this field is specified, volume binding will only succeed
+ if the type of the specified object matches some installed
+ volume populator or dynamic provisioner. This field will replace
+ the functionality of the dataSource field and as such if both
+ fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn''t specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to
+ the same value automatically if one of them is empty and the
+ other is non-empty. When namespace is specified in dataSourceRef,
+ dataSource isn''t set to the same value and must be empty.
+ There are three important differences between dataSource and
+ dataSourceRef: * While dataSource only allows two specific
+ types of objects, dataSourceRef allows any non-core object,
+ as well as PersistentVolumeClaim objects. * While dataSource
+ ignores disallowed values (dropping them), dataSourceRef preserves
+ all values, and generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects, dataSourceRef
+ allows objects in any namespaces. (Beta) Using this field
+ requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires
+ the CrossNamespaceVolumeDataSource feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being
+ referenced. If APIGroup is not specified, the specified
+ Kind must be in the core API group. For any other third-party
+ types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource being
+ referenced Note that when a namespace is specified, a
+ gateway.networking.k8s.io/ReferenceGrant object is required
+ in the referent namespace to allow that namespace's owner
+ to accept the reference. See the ReferenceGrant documentation
+ for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum resources the
+ volume should have. If RecoverVolumeExpansionFailure feature
+ is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher
+ than capacity recorded in the status field of the claim. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes to consider
+ for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'storageClassName is the name of the StorageClass
+ required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume is required
+ by the claim. Value of Filesystem is implied when not included
+ in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to the PersistentVolume
+ backing this claim.
+ type: string
+ type: object
+ type: array
+ domain:
+ default: Root
+ description: '(Optional) Name of the root storage domain Default:
+ root'
+ maxLength: 63
+ pattern: '[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?'
+ type: string
+ erasure:
+ default: block-4-2
+ description: Data storage topology mode For details, see https://ydb.tech/docs/en/cluster/topology
+ FIXME mirror-3-dc is only supported with external configuration
+ enum:
+ - mirror-3-dc
+ - block-4-2
+ - none
+ type: string
+ hostNetwork:
+ description: '(Optional) Whether host network should be enabled. Default:
+ false'
+ type: boolean
+ image:
+ description: (Optional) Container image information
+ properties:
+ name:
+ description: 'Container image with supported YDB version. This
+ defaults to the version pinned to the operator and requires
+ a full container and tag/sha name. For example: cr.yandex/crptqonuodf51kdj7a7d/ydb:22.2.22'
+ type: string
+ pullPolicy:
+ description: '(Optional) PullPolicy for the image, which defaults
+ to IfNotPresent. Default: IfNotPresent'
+ type: string
+ pullSecret:
+ description: (Optional) Secret name containing the dockerconfig
+ to use for a registry that requires authentication. The secret
+ must be configured first by the user.
+ type: string
+ type: object
+ initContainers:
+ description: '(Optional) List of initialization containers belonging
+ to the pod. Init containers are executed in order prior to containers
+ being started. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
+ items:
+ description: A single application container that you want to run
+ within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The container image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax:
+ i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether
+ the variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Not
+ specifying a port here DOES NOT prevent that port from being
+ exposed. Any port which is listening on the default "0.0.0.0"
+ address inside a container will be accessible from the network.
+ Modifying this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options the
+ container should be run with. If set, the fields of SecurityContext
+ override the equivalent fields of PodSecurityContext. More
+ info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must only be set if type
+ is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components
+ that enable the WindowsHostProcessContainers feature
+ flag. Setting this field without the feature flag
+ will result in errors when validating the Pod. All
+ of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers). In
+ addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ monitoring:
+ description: '(Optional) Monitoring sets configuration options for
+ YDB observability Default: ""'
+ properties:
+ enabled:
+ type: boolean
+ interval:
+ description: Interval at which metrics should be scraped
+ type: string
+ metricRelabelings:
+ description: RelabelConfig allows dynamic rewriting of the label
+ set, being applied to sample before ingestion.
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of the
+ label set, being applied to samples before ingestion. It defines
+ `<metric_relabel_configs>`-section of Prometheus configuration.
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ properties:
+ action:
+ description: Action to perform based on regex matching.
+ Default is 'replace'
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source label
+ values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex replace
+ is performed if the regular expression matches. Regex
+ capture groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular expression
+ for the replace, keep, and drop actions.
+ items:
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
+ type: string
+ type: object
+ type: array
+ required:
+ - enabled
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: '(Optional) NodeSelector is a selector which must be
+ true for the pod to fit on a node. Selector which must match a node''s
+ labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ nodes:
+ description: Number of nodes (pods)
+ format: int32
+ type: integer
+ operatorSync:
+ default: true
+ description: Enables or disables operator's reconcile loop. `false`
+ means all the Pods are running, but the reconcile is effectively
+ turned off. `true` means the default state of the system, all Pods
+ running, operator reacts to specification change of this Storage
+ resource.
+ type: boolean
+ pause:
+ default: false
+ description: The state of the Storage processes. `true` means all
+ the Storage Pods are being killed, but the Storage resource is persisted.
+ `false` means the default state of the system, all Pods running.
+ type: boolean
+ priorityClassName:
+ description: (Optional) If specified, the pod's priorityClassName.
+ type: string
+ resources:
+ description: '(Optional) Container resource limits. Any container
+ limits can be specified. Default: (not specified)'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in
+ spec.resourceClaims, that are used by this container. \n This
+ is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used. It makes that resource
+ available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ secrets:
+ description: 'Secret names that will be mounted into the well-known
+ directory of every storage pod. Directory: `/opt/ydb/secrets/<secret_name>/<secret_key>`'
+ items:
+ description: LocalObjectReference contains enough information to
+ let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ type: array
+ service:
+ description: '(Optional) Storage services parameter overrides Default:
+ (not specified)'
+ properties:
+ grpc:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ externalHost:
+ type: string
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ tls:
+ properties:
+ CA:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ certificate:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ type: object
+ interconnect:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ tls:
+ properties:
+ CA:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ certificate:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ type: object
+ status:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ type: object
+ type: object
+ storageRef:
+ description: YDB Storage reference
+ properties:
+ name:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ namespace:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ required:
+ - name
+ type: object
+ terminationGracePeriodSeconds:
+ description: (Optional) If specified, the pod's terminationGracePeriodSeconds.
+ format: int64
+ type: integer
+ tolerations:
+ description: (Optional) If specified, the pod's tolerations.
+ items:
+ description: The pod this Toleration is attached to tolerates any
+ taint that matches the triple <key,value,effect> using the matching
+ operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty
+ means match all taint effects. When specified, allowed values
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match all
+ values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the
+ value. Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod
+ can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time
+ the toleration (which must be of effect NoExecute, otherwise
+ this field is ignored) tolerates the taint. By default, it
+ is not set, which means tolerate the taint forever (do not
+ evict). Zero and negative values will be treated as 0 (evict
+ immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: (Optional) If specified, the pod's topologySpreadConstraints.
+ All topologySpreadConstraints are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how to spread matching
+ pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods. Pods
+ that match this label selector are counted to determine the
+ number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ the pods over which spreading will be calculated. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are ANDed with labelSelector to select the
+ group of existing pods over which spreading will be calculated
+ for the incoming pod. Keys that don't exist in the incoming
+ pod labels will be ignored. A null or empty list means only
+ match against labelSelector.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods may
+ be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods
+ in an eligible domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone cluster,
+ MaxSkew is set to 1, and pods with the same labelSelector
+ spread as 2/2/1: In this case, the global minimum is 1. |
+ zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3 to become
+ 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)
+ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that satisfy
+ it. It''s a required field. Default value is 1 and 0 is not
+ allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of eligible
+ domains. When the number of eligible domains with matching
+ topology keys is less than minDomains, Pod Topology Spread
+ treats \"global minimum\" as 0, and then the calculation of
+ Skew is performed. And when the number of eligible domains
+ with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those domains. If
+ value is nil, the constraint behaves as if MinDomains is equal
+ to 1. Valid values are integers greater than 0. When value
+ is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains
+ is set to 5 and pods with the same labelSelector spread as
+ 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation, new pod with
+ the same labelSelector cannot be scheduled, because computed
+ skew will be 3(3 - 0) if new Pod is scheduled to any of the
+ three zones, it will violate MaxSkew. \n This is a beta field
+ and requires the MinDomainsInPodTopologySpread feature gate
+ to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will treat
+ Pod's nodeAffinity/nodeSelector when calculating pod topology
+ spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations. \n
+ If this value is nil, the behavior is equivalent to the Honor
+ policy. This is a beta-level feature default enabled by the
+ NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat node
+ taints when calculating pod topology spread skew. Options
+ are: - Honor: nodes without taints, along with tainted nodes
+ for which the incoming pod has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+ \n If this value is nil, the behavior is equivalent to the
+ Ignore policy. This is a beta-level feature default enabled
+ by the NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes that
+ have a label with this key and identical values are considered
+ to be in the same topology. We consider each <key, value>
+ as a "bucket", and try to put balanced number of pods into
+ each bucket. We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain as a domain
+ whose nodes meet the requirements of nodeAffinityPolicy and
+ nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain of
+ that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with a
+ pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
+ (default) tells the scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any location, but
+ giving higher precedence to topologies that would help reduce
+ the skew. A constraint is considered "Unsatisfiable" for
+ an incoming pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology. For
+ example, in a 3-zone cluster, MaxSkew is set to 1, and pods
+ with the same labelSelector spread as 3/1/1: | zone1 | zone2
+ | zone3 | | P P P | P | P | If WhenUnsatisfiable is
+ set to DoNotSchedule, incoming pod can only be scheduled to
+ zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on
+ zone2(zone3) satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t make it *more*
+ imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - topologyKey
+ - whenUnsatisfiable
+ x-kubernetes-list-type: map
+ version:
+ description: '(Optional) YDBVersion sets the explicit version of the
+ YDB image Default: ""'
+ type: string
+ volumes:
+ description: 'Additional volumes that will be mounted into the well-known
+ directory of every storage pod. Directory: `/opt/ydb/volumes/<volume_name>`.
+ Only `hostPath` volume type is supported for now.'
+ items:
+ description: Volume represents a named volume in a pod that may
+ be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent disk
+ resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in the
+ blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the blob
+ storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that contains
+ Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted root,
+ rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile is the
+ path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached and
+ mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
+ be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a secret
+ object containing parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless it is
+ marked optional. Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap or its
+ keys must be defined
+ type: boolean
+ type: object
+ csi:
+ description: csi (Container Storage Interface) represents ephemeral
+ storage that is handled by certain external CSI drivers (Beta
+ feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver that handles
+ this volume. Consult with your admin for the correct name
+ as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated
+ CSI driver which will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference to the
+ secret object containing sensitive information to pass
+ to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the secret
+ object contains more than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific properties
+ that are passed to the CSI driver. Consult your driver's
+ documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a Optional: mode bits used to set
+ permissions on created files by default. Must be an octal
+ value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file, must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path
+ name of the file to be created. Must not be absolute
+ or contain the ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory that
+ shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the
+ SizeLimit specified here and the sum of memory limits
+ of all containers in a pod. The default is nil which means
+ that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is tied
+ to the pod that defines it - it will be created before the
+ pod starts, and deleted when the pod is removed. \n Use this
+ if: a) the volume is only needed while the pod runs, b) features
+ of normal volumes like restoring from snapshot or capacity
+ \ tracking are needed, c) the storage driver is specified
+ through a storage class, and d) the storage driver supports
+ dynamic volume provisioning through a PersistentVolumeClaim
+ (see EphemeralVolumeSource for more information on the
+ connection between this volume type and PersistentVolumeClaim).
+ \n Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod. \n Use CSI for light-weight local ephemeral
+ volumes if the CSI driver is meant to be used that way - see
+ the documentation of the driver for more information. \n A
+ pod can use both types of ephemeral volumes and persistent
+ volumes at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC to
+ provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the PVC
+ will be deleted together with the pod. The name of the
+ PVC will be `<pod name>-<volume name>` where `<volume
+ name>` is the name from the `PodSpec.Volumes` array entry.
+ Pod validation will reject the pod if the concatenated
+ name is not valid for a PVC (for example, too long). \n
+ An existing PVC with that name that is not owned by the
+ pod will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC
+ is meant to be used by the pod, the PVC has to updated
+ with an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may be useful
+ when manually reconstructing a broken cluster. \n This
+ field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required, must
+ not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations that
+ will be copied into the PVC when creating it. No other
+ fields are allowed and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the PVC
+ that gets created from this template. The same fields
+ as in a PersistentVolumeClaim are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified
+ data source. When the AnyVolumeDataSource feature
+ gate is enabled, dataSource contents will be copied
+ to dataSourceRef, and dataSourceRef contents will
+ be copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified,
+ then dataSourceRef will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object
+ from which to populate the volume with data, if
+ a non-empty volume is desired. This may be any
+ object from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this field
+ is specified, volume binding will only succeed
+ if the type of the specified object matches some
+ installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the
+ dataSource field and as such if both fields are
+ non-empty, they must have the same value. For
+ backwards compatibility, when namespace isn''t
+ specified in dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to the same value
+ automatically if one of them is empty and the
+ other is non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t set to the
+ same value and must be empty. There are three
+ important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types
+ of objects, dataSourceRef allows any non-core
+ object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping
+ them), dataSourceRef preserves all values, and
+ generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects,
+ dataSourceRef allows objects in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using the
+ namespace field of dataSourceRef requires the
+ CrossNamespaceVolumeDataSource feature gate to
+ be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace
+ is specified, a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent namespace
+ to allow that namespace's owner to accept
+ the reference. See the ReferenceGrant documentation
+ for details. (Alpha) This field requires the
+ CrossNamespaceVolumeDataSource feature gate
+ to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem
+ is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that is
+ attached to a kubelet's host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs and
+ lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use for
+ this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds extra
+ command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information
+ to pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the plugin
+ scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached to
+ a kubelet's host machine. This depends on the Flocker control
+ service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset stored as
+ metadata -> name on the dataset for Flocker should be
+ considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset. This
+ is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume that
+ you want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource in
+ GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the EmptyDir into
+ the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory name. Must
+ not contain or start with '..'. If '.' is supplied, the
+ volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs volume
+ to be mounted with read-only permissions. Defaults to
+ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file or directory
+ on the host machine that is directly exposed to the container.
+ This is generally used for system agents or other privileged
+ things that are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host directory
+ mounts and who can/can not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host. If the
+ path is a symlink, it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults to "" More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource that is
+ attached to a kubelet''s host machine and then exposed to
+ the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface <target portal>:<volume
+ name> will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name that uses
+ an iSCSI transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal List. The
+ portal is either an IP or ip_addr:port if the port is
+ other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI target
+ and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal. The Portal
+ is either an IP or ip_addr:port if the port is other than
+ default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host that shares
+ a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export to
+ be mounted with read-only permissions. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address of the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents a
+ reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting in
+ VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used to set permissions
+ on created files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path are
+ not affected by this setting. This might be in conflict
+ with other options that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the configMap
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the ConfigMap, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be
+ an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values,
+ JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu
+ and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the secret data
+ to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the Secret, the volume setup
+ will error unless it is marked optional. Paths
+ must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional field specify whether the
+ Secret or its key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: serviceAccountToken is information about
+ the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended audience
+ of the token. A recipient of a token must identify
+ itself with an identifier specified in the audience
+ of the token, and otherwise should reject the
+ token. The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration, the
+ kubelet volume plugin will proactively rotate
+ the service account token. The kubelet will
+ start trying to rotate the token if the token
+ is older than 80 percent of its time to live
+ or if the token is older than 24 hours.Defaults
+ to 1 hour and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative to the
+ mount point of the file to project the token
+ into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default is no
+ group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults to
+ false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple Quobyte
+ Registry services specified as a string as host:port pair
+ (multiple entries are separated with commas) which acts
+ as the central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume in the
+ Backend Used with dynamically provisioned Quobyte volumes,
+ value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults to serivceaccount
+ user
+ type: string
+ volume:
+ description: volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication secret
+ for RBDUser. If provided overrides keyring. Default is
+ nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is the rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret for ScaleIO
+ user and other sensitive information. If this is not provided,
+ Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage for
+ a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool associated
+ with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system as
+ configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume already
+ created in the ScaleIO system that is associated with
+ this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the Secret, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the Secret or
+ its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret in the
+ pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use for obtaining
+ the StorageOS API credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeName:
+ description: volumeName is the human-readable name of the
+ StorageOS volume. Volume names are only unique within
+ a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope of the
+ volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS
+ for tighter integration. Set VolumeName to any name to
+ override the default behaviour. Set to "default" if you
+ are not using namespaces within StorageOS. Namespaces
+ that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies vSphere
+ volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - erasure
+ - nodes
+ - storageRef
+ type: object
+ status:
+ default:
+ state: Pending
+ description: DatabaseNodeSetStatus defines the observed state
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n \ttype FooStatus struct{ \t // Represents the observations
+ of a foo's current state. \t // Known .status.conditions.type
+ are: \"Available\", \"Progressing\", and \"Degraded\" \t //
+ +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map
+ \t // +listMapKey=type \t Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields
+ \t}"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ remoteResources:
+ items:
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of
+ the current state of this API Resource. --- This struct
+ is intended for direct use as an array at the field path
+ .status.conditions. For example, \n \ttype FooStatus struct{
+ \t // Represents the observations of a foo's current
+ state. \t // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type
+ \t // +patchStrategy=merge \t // +listType=map \t
+ \ // +listMapKey=type \t Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other
+ fields \t}"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should
+ be when the underlying condition changed. If that is
+ not known, then using the time when the API field changed
+ is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance,
+ if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the
+ current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier
+ indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected
+ values and meanings for this field, and whether the
+ values are considered a guaranteed API. The value should
+ be a CamelCase string. This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across
+ resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability
+ to deconflict is important. The regex it matches is
+ (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ group:
+ type: string
+ kind:
+ type: string
+ name:
+ type: string
+ state:
+ type: string
+ version:
+ type: string
+ required:
+ - group
+ - kind
+ - name
+ - state
+ - version
+ type: object
+ type: array
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/tests/slo/k8s/helm/crds/storage.yaml b/tests/slo/k8s/helm/crds/storage.yaml
new file mode 100644
index 000000000..7cde1a939
--- /dev/null
+++ b/tests/slo/k8s/helm/crds/storage.yaml
@@ -0,0 +1,7029 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: storages.ydb.tech
+spec:
+ group: ydb.tech
+ names:
+ kind: Storage
+ listKind: StorageList
+ plural: storages
+ singular: storage
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The status of this DB
+ jsonPath: .status.state
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Storage is the Schema for the Storages API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: StorageSpec defines the desired state of Storage
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource annotations that
+ are added to all resources
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource labels that are
+ added to all resources
+ type: object
+ affinity:
+ description: (Optional) If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the
+ pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node matches
+ the corresponding matchExpressions; the node(s) with the
+ highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects (i.e.
+ is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the
+ corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the corresponding
+ nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to an update), the system may or may not try to
+ eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term matches
+ no objects. The requirements of them are ANDed. The
+ TopologySelectorTerm type implements a subset of the
+ NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node. When
+ there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms
+ must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g.
+ avoid putting this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the anti-affinity expressions specified
+ by this field, but it may choose a node that violates one
+ or more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the anti-affinity requirements
+ specified by this field cease to be met at some point during
+ pod execution (e.g. due to a pod label update), the system
+ may or may not try to eventually evict the pod from its
+ node. When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ caBundle:
+ description: User-defined root certificate authority that is added
+ to system trust store of Storage pods on startup.
+ type: string
+ configuration:
+ description: YDB configuration in YAML format. Will be applied on
+ top of generated one in internal/configuration
+ type: string
+ dataStore:
+ description: (Optional) Where cluster data should be kept
+ items:
+ description: PersistentVolumeClaimSpec describes the common attributes
+ of storage devices and allows a Source for provider-specific attributes
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access modes
+ the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the provisioner
+ or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified
+ data source. When the AnyVolumeDataSource feature gate is
+ enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when
+ dataSourceRef.namespace is not specified. If the namespace
+ is specified, then dataSourceRef will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being
+ referenced. If APIGroup is not specified, the specified
+ Kind must be in the core API group. For any other third-party
+ types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from which
+ to populate the volume with data, if a non-empty volume is
+ desired. This may be any object from a non-empty API group
+ (non core object) or a PersistentVolumeClaim object. When
+ this field is specified, volume binding will only succeed
+ if the type of the specified object matches some installed
+ volume populator or dynamic provisioner. This field will replace
+ the functionality of the dataSource field and as such if both
+ fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn''t specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to
+ the same value automatically if one of them is empty and the
+ other is non-empty. When namespace is specified in dataSourceRef,
+ dataSource isn''t set to the same value and must be empty.
+ There are three important differences between dataSource and
+ dataSourceRef: * While dataSource only allows two specific
+ types of objects, dataSourceRef allows any non-core object,
+ as well as PersistentVolumeClaim objects. * While dataSource
+ ignores disallowed values (dropping them), dataSourceRef preserves
+ all values, and generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects, dataSourceRef
+ allows objects in any namespaces. (Beta) Using this field
+ requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires
+ the CrossNamespaceVolumeDataSource feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being
+ referenced. If APIGroup is not specified, the specified
+ Kind must be in the core API group. For any other third-party
+ types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource being
+ referenced Note that when a namespace is specified, a
+ gateway.networking.k8s.io/ReferenceGrant object is required
+ in the referent namespace to allow that namespace's owner
+ to accept the reference. See the ReferenceGrant documentation
+ for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum resources the
+ volume should have. If RecoverVolumeExpansionFailure feature
+ is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher
+ than capacity recorded in the status field of the claim. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes to consider
+ for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'storageClassName is the name of the StorageClass
+ required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume is required
+ by the claim. Value of Filesystem is implied when not included
+ in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to the PersistentVolume
+ backing this claim.
+ type: string
+ type: object
+ type: array
+ domain:
+ default: Root
+ description: '(Optional) Name of the root storage domain Default:
+ root'
+ maxLength: 63
+ pattern: '[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?'
+ type: string
+ erasure:
+ default: block-4-2
+ description: Data storage topology mode For details, see https://ydb.tech/docs/en/cluster/topology
+ FIXME mirror-3-dc is only supported with external configuration
+ enum:
+ - mirror-3-dc
+ - block-4-2
+ - none
+ type: string
+ hostNetwork:
+ description: '(Optional) Whether host network should be enabled. Default:
+ false'
+ type: boolean
+ image:
+ description: (Optional) Container image information
+ properties:
+ name:
+ description: 'Container image with supported YDB version. This
+ defaults to the version pinned to the operator and requires
+ a full container and tag/sha name. For example: cr.yandex/crptqonuodf51kdj7a7d/ydb:22.2.22'
+ type: string
+ pullPolicy:
+ description: '(Optional) PullPolicy for the image, which defaults
+ to IfNotPresent. Default: IfNotPresent'
+ type: string
+ pullSecret:
+ description: (Optional) Secret name containing the dockerconfig
+ to use for a registry that requires authentication. The secret
+ must be configured first by the user.
+ type: string
+ type: object
+ initContainers:
+ description: '(Optional) List of initialization containers belonging
+ to the pod. Init containers are executed in order prior to containers
+ being started. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
+ items:
+ description: A single application container that you want to run
+ within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The container image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax:
+ i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether
+ the variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Not
+ specifying a port here DOES NOT prevent that port from being
+ exposed. Any port which is listening on the default "0.0.0.0"
+ address inside a container will be accessible from the network.
+ Modifying this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options the
+ container should be run with. If set, the fields of SecurityContext
+ override the equivalent fields of PodSecurityContext. More
+ info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must only be set if type
+ is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components
+ that enable the WindowsHostProcessContainers feature
+ flag. Setting this field without the feature flag
+ will result in errors when validating the Pod. All
+ of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers). In
+ addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ initJob:
+ description: '(Optional) Init blobstorage Job settings Default: (not
+ specified)'
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource annotations
+ that are added to all resources
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource labels that
+ are added to all resources
+ type: object
+ affinity:
+ description: (Optional) If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects
+ (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from
+ its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them are
+ ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to a pod label update),
+ the system may or may not try to eventually evict the
+ pod from its node. When there are multiple elements,
+ the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key <topologyKey> matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node that
+ violates one or more of the expressions. The node that
+ is most preferred is the one with the greatest sum of
+ weights, i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ anti-affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the pod
+ will not be scheduled onto the node. If the anti-affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod
+ label update), the system may or may not try to eventually
+ evict the pod from its node. When there are multiple
+ elements, the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key <topologyKey> matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: '(Optional) NodeSelector is a selector which must
+ be true for the pod to fit on a node. Selector which must match
+ a node''s labels for the pod to be scheduled on that node. More
+ info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ resources:
+ description: '(Optional) Container resource limits. Any container
+ limits can be specified. Default: (not specified)'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in
+ pod.spec.resourceClaims of the Pod where this field
+ is used. It makes that resource available inside a
+ container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ tolerations:
+ description: (Optional) If specified, the pod's tolerations.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple <key,value,effect> using
+ the matching operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified, allowed
+ values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match
+ all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to
+ the value. Valid operators are Exists and Equal. Defaults
+ to Equal. Exists is equivalent to wildcard for value,
+ so that a pod can tolerate all taints of a particular
+ category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of
+ time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the taint
+ forever (do not evict). Zero and negative values will
+ be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ monitoring:
+ description: '(Optional) Monitoring sets configuration options for
+ YDB observability Default: ""'
+ properties:
+ enabled:
+ type: boolean
+ interval:
+ description: Interval at which metrics should be scraped
+ type: string
+ metricRelabelings:
+ description: RelabelConfig allows dynamic rewriting of the label
+ set, being applied to sample before ingestion.
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of the
+ label set, being applied to samples before ingestion. It defines
+ `<metric_relabel_configs>`-section of Prometheus configuration.
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ properties:
+ action:
+ description: Action to perform based on regex matching.
+ Default is 'replace'
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source label
+ values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex replace
+ is performed if the regular expression matches. Regex
+ capture groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular expression
+ for the replace, keep, and drop actions.
+ items:
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
+ type: string
+ type: object
+ type: array
+ required:
+ - enabled
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: '(Optional) NodeSelector is a selector which must be
+ true for the pod to fit on a node. Selector which must match a node''s
+ labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ nodeSets:
+ description: '(Optional) NodeSet inline configuration to split into
+ multiple StatefulSets Default: (not specified)'
+ items:
+ description: StorageNodeSetSpecInline describes an group nodes object
+ inside parent object
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource annotations
+ that are added to all resources
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource labels that
+ are added to all resources
+ type: object
+ affinity:
+ description: (Optional) If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a
+ no-op). A null preferred scheduling term matches
+ no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values, a
+ key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If
+ the operator is Exists or DoesNotExist,
+ the values array must be empty. If
+ the operator is Gt or Lt, the values
+ array must have a single element,
+ which will be interpreted as an integer.
+ This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values, a
+ key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If
+ the operator is Exists or DoesNotExist,
+ the values array must be empty. If
+ the operator is Gt or Lt, the values
+ array must have a single element,
+ which will be interpreted as an integer.
+ This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range
+ 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an
+ update), the system may or may not try to eventually
+ evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them
+ are ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values, a
+ key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If
+ the operator is Exists or DoesNotExist,
+ the values array must be empty. If
+ the operator is Gt or Lt, the values
+ array must have a single element,
+ which will be interpreted as an integer.
+ This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values, a
+ key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If
+ the operator is Exists or DoesNotExist,
+ the values array must be empty. If
+ the operator is Gt or Lt, the values
+ array must have a single element,
+ which will be interpreted as an integer.
+ This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the
+ corresponding podAffinityTerm; the node(s) with the
+ highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of
+ namespaces that the term applies to. The
+ term is applied to the union of the namespaces
+ selected by this field and the ones listed
+ in the namespaces field. null selector and
+ null or empty namespaces list means "this
+ pod's namespace". An empty selector ({})
+ matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term applies
+ to. The term is applied to the union of
+ the namespaces listed in this field and
+ the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector
+ means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose value
+ of the label with key topologyKey matches
+ that of any node on which any of the selected
+ pods is running. Empty topologyKey is not
+ allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range
+ 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a
+ pod label update), the system may or may not try to
+ eventually evict the pod from its node. When there
+ are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all
+ terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or
+ not co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key <topologyKey> matches that of any
+ node on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of
+ label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a
+ key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only
+ "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of
+ label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a
+ key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only
+ "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified
+ namespaces, where co-located is defined as running
+ on a node whose value of the label with key
+ topologyKey matches that of any node on which
+ any of the selected pods is running. Empty topologyKey
+ is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the greatest
+ sum of weights, i.e. for each node that meets all
+ of the scheduling requirements (resource request,
+ requiredDuringScheduling anti-affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if the
+ node has pods which matches the corresponding podAffinityTerm;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of
+ namespaces that the term applies to. The
+ term is applied to the union of the namespaces
+ selected by this field and the ones listed
+ in the namespaces field. null selector and
+ null or empty namespaces list means "this
+ pod's namespace". An empty selector ({})
+ matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term applies
+ to. The term is applied to the union of
+ the namespaces listed in this field and
+ the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector
+ means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose value
+ of the label with key topologyKey matches
+ that of any node on which any of the selected
+ pods is running. Empty topologyKey is not
+ allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range
+ 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the anti-affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a
+ pod label update), the system may or may not try to
+ eventually evict the pod from its node. When there
+ are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all
+ terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or
+ not co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key <topologyKey> matches that of any
+ node on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of
+ label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a
+ key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only
+ "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of
+ label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a
+ key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only
+ "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified
+ namespaces, where co-located is defined as running
+ on a node whose value of the label with key
+ topologyKey matches that of any node on which
+ any of the selected pods is running. Empty topologyKey
+ is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations for StorageNodeSet object
+ type: object
+ dataStore:
+ description: (Optional) Where cluster data should be kept
+ items:
+ description: PersistentVolumeClaimSpec describes the common
+ attributes of storage devices and allows a Source for provider-specific
+ attributes
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the provisioner
+ or an external controller can support the specified
+ data source, it will create a new volume based on the
+ contents of the specified data source. When the AnyVolumeDataSource
+ feature gate is enabled, dataSource contents will be
+ copied to dataSourceRef, and dataSourceRef contents
+ will be copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified, then
+ dataSourceRef will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from
+ which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty
+ API group (non core object) or a PersistentVolumeClaim
+ object. When this field is specified, volume binding
+ will only succeed if the type of the specified object
+ matches some installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the dataSource
+ field and as such if both fields are non-empty, they
+ must have the same value. For backwards compatibility,
+ when namespace isn''t specified in dataSourceRef, both
+ fields (dataSource and dataSourceRef) will be set to
+ the same value automatically if one of them is empty
+ and the other is non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t set to the same
+ value and must be empty. There are three important differences
+ between dataSource and dataSourceRef: * While dataSource
+ only allows two specific types of objects, dataSourceRef allows
+ any non-core object, as well as PersistentVolumeClaim
+ objects. * While dataSource ignores disallowed values
+ (dropping them), dataSourceRef preserves all values,
+ and generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects, dataSourceRef
+ allows objects in any namespaces. (Beta) Using this
+ field requires the AnyVolumeDataSource feature gate
+ to be enabled. (Alpha) Using the namespace field of
+ dataSourceRef requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace is specified,
+ a gateway.networking.k8s.io/ReferenceGrant object
+ is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the
+ ReferenceGrant documentation for details. (Alpha)
+ This field requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify resource
+ requirements that are lower than previous value but
+ must still be higher than capacity recorded in the status
+ field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used by
+ this container. \n This is an alpha field and requires
+ enabling the DynamicResourceAllocation feature gate.
+ \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one
+ entry in pod.spec.resourceClaims of the Pod
+ where this field is used. It makes that resource
+ available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is omitted
+ for a container, it defaults to Limits if that is
+ explicitly specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes to
+ consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values
+ array must be non-empty. If the operator is
+ Exists or DoesNotExist, the values array must
+ be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'storageClassName is the name of the StorageClass
+ required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume is
+ required by the claim. Value of Filesystem is implied
+ when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to the
+ PersistentVolume backing this claim.
+ type: string
+ type: object
+ type: array
+ hostNetwork:
+ description: '(Optional) Whether host network should be enabled.
+ Default: false'
+ type: boolean
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels for StorageNodeSet object
+ type: object
+ name:
+ description: Name of StorageNodeSet object
+ type: string
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: '(Optional) NodeSelector is a selector which must
+ be true for the pod to fit on a node. Selector which must
+ match a node''s labels for the pod to be scheduled on that
+ node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ nodes:
+ description: Number of nodes (pods)
+ format: int32
+ type: integer
+ priorityClassName:
+ description: (Optional) If specified, the pod's priorityClassName.
+ type: string
+ remote:
+ description: (Optional) Object should be reference to RemoteStorageNodeSet
+ object
+ properties:
+ cluster:
+ description: Remote cluster to deploy NodeSet into
+ type: string
+ required:
+ - cluster
+ type: object
+ resources:
+ description: '(Optional) Container resource limits. Any container
+ limits can be specified. Default: (not specified)'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ terminationGracePeriodSeconds:
+ description: (Optional) If specified, the pod's terminationGracePeriodSeconds.
+ format: int64
+ type: integer
+ tolerations:
+ description: (Optional) If specified, the pod's tolerations.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple <key,value,effect> using
+ the matching operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified,
+ allowed values are NoSchedule, PreferNoSchedule and
+ NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration
+ applies to. Empty means match all taint keys. If the
+ key is empty, operator must be Exists; this combination
+ means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship
+ to the value. Valid operators are Exists and Equal.
+ Defaults to Equal. Exists is equivalent to wildcard
+ for value, so that a pod can tolerate all taints of
+ a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of
+ time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the
+ taint forever (do not evict). Zero and negative values
+ will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: (Optional) If specified, the pod's topologySpreadConstraints.
+ All topologySpreadConstraints are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how to spread
+ matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods.
+ Pods that match this label selector are counted to determine
+ the number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values
+ array must be non-empty. If the operator is
+ Exists or DoesNotExist, the values array must
+ be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys
+ to select the pods over which spreading will be calculated.
+ The keys are used to lookup values from the incoming
+ pod labels, those key-value labels are ANDed with labelSelector
+ to select the group of existing pods over which spreading
+ will be calculated for the incoming pod. Keys that don't
+ exist in the incoming pod labels will be ignored. A
+ null or empty list means only match against labelSelector.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods
+ may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global
+ minimum. The global minimum is the minimum number of
+ matching pods in an eligible domain or zero if the number
+ of eligible domains is less than MinDomains. For example,
+ in a 3-zone cluster, MaxSkew is set to 1, and pods with
+ the same labelSelector spread as 2/2/1: In this case,
+ the global minimum is 1. | zone1 | zone2 | zone3 | | P
+ P | P P | P | - if MaxSkew is 1, incoming pod
+ can only be scheduled to zone3 to become 2/2/2; scheduling
+ it onto zone1(zone2) would make the ActualSkew(3-1)
+ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is
+ 2, incoming pod can be scheduled onto any zone. When
+ `whenUnsatisfiable=ScheduleAnyway`, it is used to give
+ higher precedence to topologies that satisfy it. It''s
+ a required field. Default value is 1 and 0 is not allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of
+ eligible domains. When the number of eligible domains
+ with matching topology keys is less than minDomains,
+ Pod Topology Spread treats \"global minimum\" as 0,
+ and then the calculation of Skew is performed. And when
+ the number of eligible domains with matching topology
+ keys equals or greater than minDomains, this value has
+ no effect on scheduling. As a result, when the number
+ of eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those domains.
+ If value is nil, the constraint behaves as if MinDomains
+ is equal to 1. Valid values are integers greater than
+ 0. When value is not nil, WhenUnsatisfiable must be
+ DoNotSchedule. \n For example, in a 3-zone cluster,
+ MaxSkew is set to 2, MinDomains is set to 5 and pods
+ with the same labelSelector spread as 2/2/2: | zone1
+ | zone2 | zone3 | | P P | P P | P P | The number
+ of domains is less than 5(MinDomains), so \"global minimum\"
+ is treated as 0. In this situation, new pod with the
+ same labelSelector cannot be scheduled, because computed
+ skew will be 3(3 - 0) if new Pod is scheduled to any
+ of the three zones, it will violate MaxSkew. \n This
+ is a beta field and requires the MinDomainsInPodTopologySpread
+ feature gate to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will
+ treat Pod's nodeAffinity/nodeSelector when calculating
+ pod topology spread skew. Options are: - Honor: only
+ nodes matching nodeAffinity/nodeSelector are included
+ in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations.
+ \n If this value is nil, the behavior is equivalent
+ to the Honor policy. This is a beta-level feature default
+ enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat
+ node taints when calculating pod topology spread skew.
+ Options are: - Honor: nodes without taints, along with
+ tainted nodes for which the incoming pod has a toleration,
+ are included. - Ignore: node taints are ignored. All
+ nodes are included. \n If this value is nil, the behavior
+ is equivalent to the Ignore policy. This is a beta-level
+ feature default enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes
+ that have a label with this key and identical values
+ are considered to be in the same topology. We consider
+ each <key, value> as a "bucket", and try to put balanced
+ number of pods into each bucket. We define a domain
+ as a particular instance of a topology. Also, we define
+ an eligible domain as a domain whose nodes meet the
+ requirements of nodeAffinityPolicy and nodeTaintsPolicy.
+ e.g. If TopologyKey is "kubernetes.io/hostname", each
+ Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain
+ of that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal
+ with a pod if it doesn''t satisfy the spread constraint.
+ - DoNotSchedule (default) tells the scheduler not to
+ schedule it. - ScheduleAnyway tells the scheduler to
+ schedule the pod in any location, but giving higher
+ precedence to topologies that would help reduce the skew.
+ A constraint is considered "Unsatisfiable" for an incoming
+ pod if and only if every possible node assignment for
+ that pod would violate "MaxSkew" on some topology. For
+ example, in a 3-zone cluster, MaxSkew is set to 1, and
+ pods with the same labelSelector spread as 3/1/1: |
+ zone1 | zone2 | zone3 | | P P P | P | P | If
+ WhenUnsatisfiable is set to DoNotSchedule, incoming
+ pod can only be scheduled to zone2(zone3) to become
+ 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
+ MaxSkew(1). In other words, the cluster can still be
+ imbalanced, but scheduler won''t make it *more* imbalanced.
+ It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - topologyKey
+ - whenUnsatisfiable
+ x-kubernetes-list-type: map
+ required:
+ - name
+ - nodes
+ type: object
+ type: array
+ nodes:
+ description: Number of nodes (pods)
+ format: int32
+ type: integer
+ operatorConnection:
+ description: '(Optional) Operator connection settings Default: (not
+ specified)'
+ properties:
+ accessToken:
+ properties:
+ secretKeyRef:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - secretKeyRef
+ type: object
+ staticCredentials:
+ properties:
+ password:
+ properties:
+ secretKeyRef:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - secretKeyRef
+ type: object
+ username:
+ type: string
+ required:
+ - username
+ type: object
+ type: object
+ operatorSync:
+ default: true
+ description: Enables or disables operator's reconcile loop. `false`
+ means all the Pods are running, but the reconcile is effectively
+ turned off. `true` means the default state of the system, all Pods
+ running, operator reacts to specification change of this Storage
+ resource.
+ type: boolean
+ pause:
+ default: false
+ description: The state of the Storage processes. `true` means all
+ the Storage Pods are being killed, but the Storage resource is persisted.
+ `false` means the default state of the system, all Pods running.
+ type: boolean
+ priorityClassName:
+ description: (Optional) If specified, the pod's priorityClassName.
+ type: string
+ resources:
+ description: '(Optional) Container resource limits. Any container
+ limits can be specified. Default: (not specified)'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in
+ spec.resourceClaims, that are used by this container. \n This
+ is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used. It makes that resource
+ available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ secrets:
+ description: 'Secret names that will be mounted into the well-known
+ directory of every storage pod. Directory: `/opt/ydb/secrets/<secret_name>/<secret_key>`'
+ items:
+ description: LocalObjectReference contains enough information to
+ let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ type: array
+ service:
+ description: '(Optional) Storage services parameter overrides Default:
+ (not specified)'
+ properties:
+ grpc:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ externalHost:
+ type: string
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ tls:
+ properties:
+ CA:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ certificate:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ type: object
+ interconnect:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ tls:
+ properties:
+ CA:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ certificate:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ type: object
+ status:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ type: object
+ type: object
+ terminationGracePeriodSeconds:
+ description: (Optional) If specified, the pod's terminationGracePeriodSeconds.
+ format: int64
+ type: integer
+ tolerations:
+ description: (Optional) If specified, the pod's tolerations.
+ items:
+ description: The pod this Toleration is attached to tolerates any
+ taint that matches the triple <key,value,effect> using the matching
+ operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty
+ means match all taint effects. When specified, allowed values
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match all
+ values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the
+ value. Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod
+ can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time
+ the toleration (which must be of effect NoExecute, otherwise
+ this field is ignored) tolerates the taint. By default, it
+ is not set, which means tolerate the taint forever (do not
+ evict). Zero and negative values will be treated as 0 (evict
+ immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: (Optional) If specified, the pod's topologySpreadConstraints.
+ All topologySpreadConstraints are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how to spread matching
+ pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods. Pods
+ that match this label selector are counted to determine the
+ number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ the pods over which spreading will be calculated. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are ANDed with labelSelector to select the
+ group of existing pods over which spreading will be calculated
+ for the incoming pod. Keys that don't exist in the incoming
+ pod labels will be ignored. A null or empty list means only
+ match against labelSelector.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods may
+ be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods
+ in an eligible domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone cluster,
+ MaxSkew is set to 1, and pods with the same labelSelector
+ spread as 2/2/1: In this case, the global minimum is 1. |
+ zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3 to become
+ 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)
+ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that satisfy
+ it. It''s a required field. Default value is 1 and 0 is not
+ allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of eligible
+ domains. When the number of eligible domains with matching
+ topology keys is less than minDomains, Pod Topology Spread
+ treats \"global minimum\" as 0, and then the calculation of
+ Skew is performed. And when the number of eligible domains
+ with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those domains. If
+ value is nil, the constraint behaves as if MinDomains is equal
+ to 1. Valid values are integers greater than 0. When value
+ is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains
+ is set to 5 and pods with the same labelSelector spread as
+ 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation, new pod with
+ the same labelSelector cannot be scheduled, because computed
+ skew will be 3(3 - 0) if new Pod is scheduled to any of the
+ three zones, it will violate MaxSkew. \n This is a beta field
+ and requires the MinDomainsInPodTopologySpread feature gate
+ to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will treat
+ Pod's nodeAffinity/nodeSelector when calculating pod topology
+ spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations. \n
+ If this value is nil, the behavior is equivalent to the Honor
+ policy. This is a beta-level feature default enabled by the
+ NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat node
+ taints when calculating pod topology spread skew. Options
+ are: - Honor: nodes without taints, along with tainted nodes
+ for which the incoming pod has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+ \n If this value is nil, the behavior is equivalent to the
+ Ignore policy. This is a beta-level feature default enabled
+ by the NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes that
+ have a label with this key and identical values are considered
+ to be in the same topology. We consider each <key, value>
+ as a "bucket", and try to put balanced number of pods into
+ each bucket. We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain as a domain
+ whose nodes meet the requirements of nodeAffinityPolicy and
+ nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain of
+ that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with a
+ pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
+ (default) tells the scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any location, but
+ giving higher precedence to topologies that would help reduce
+ the skew. A constraint is considered "Unsatisfiable" for
+ an incoming pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology. For
+ example, in a 3-zone cluster, MaxSkew is set to 1, and pods
+ with the same labelSelector spread as 3/1/1: | zone1 | zone2
+ | zone3 | | P P P | P | P | If WhenUnsatisfiable is
+ set to DoNotSchedule, incoming pod can only be scheduled to
+ zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on
+ zone2(zone3) satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t make it *more*
+ imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - topologyKey
+ - whenUnsatisfiable
+ x-kubernetes-list-type: map
+ version:
+ description: '(Optional) YDBVersion sets the explicit version of the
+ YDB image Default: ""'
+ type: string
+ volumes:
+ description: 'Additional volumes that will be mounted into the well-known
+ directory of every storage pod. Directory: `/opt/ydb/volumes/<volume_name>`.
+ Only `hostPath` volume type is supported for now.'
+ items:
+ description: Volume represents a named volume in a pod that may
+ be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent disk
+ resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in the
+ blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the blob
+ storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that contains
+ Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted root,
+ rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile is the
+ path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached and
+ mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
+ be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a secret
+ object containing parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless it is
+ marked optional. Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap or its
+ keys must be defined
+ type: boolean
+ type: object
+ csi:
+ description: csi (Container Storage Interface) represents ephemeral
+ storage that is handled by certain external CSI drivers (Beta
+ feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver that handles
+ this volume. Consult with your admin for the correct name
+ as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated
+ CSI driver which will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference to the
+ secret object containing sensitive information to pass
+ to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the secret
+ object contains more than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific properties
+ that are passed to the CSI driver. Consult your driver's
+ documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a Optional: mode bits used to set
+ permissions on created files by default. Must be an octal
+ value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file, must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path
+ name of the file to be created. Must not be absolute
+ or contain the ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory that
+ shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the
+ SizeLimit specified here and the sum of memory limits
+ of all containers in a pod. The default is nil which means
+ that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is tied
+ to the pod that defines it - it will be created before the
+ pod starts, and deleted when the pod is removed. \n Use this
+ if: a) the volume is only needed while the pod runs, b) features
+ of normal volumes like restoring from snapshot or capacity
+ \ tracking are needed, c) the storage driver is specified
+ through a storage class, and d) the storage driver supports
+ dynamic volume provisioning through a PersistentVolumeClaim
+ (see EphemeralVolumeSource for more information on the
+ connection between this volume type and PersistentVolumeClaim).
+ \n Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod. \n Use CSI for light-weight local ephemeral
+ volumes if the CSI driver is meant to be used that way - see
+ the documentation of the driver for more information. \n A
+ pod can use both types of ephemeral volumes and persistent
+ volumes at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC to
+ provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the PVC
+ will be deleted together with the pod. The name of the
+ PVC will be `<pod name>-<volume name>` where `<volume
+ name>` is the name from the `PodSpec.Volumes` array entry.
+ Pod validation will reject the pod if the concatenated
+ name is not valid for a PVC (for example, too long). \n
+ An existing PVC with that name that is not owned by the
+ pod will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC
+ is meant to be used by the pod, the PVC has to updated
+ with an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may be useful
+ when manually reconstructing a broken cluster. \n This
+ field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required, must
+ not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations that
+ will be copied into the PVC when creating it. No other
+ fields are allowed and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the PVC
+ that gets created from this template. The same fields
+ as in a PersistentVolumeClaim are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified
+ data source. When the AnyVolumeDataSource feature
+ gate is enabled, dataSource contents will be copied
+ to dataSourceRef, and dataSourceRef contents will
+ be copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified,
+ then dataSourceRef will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object
+ from which to populate the volume with data, if
+ a non-empty volume is desired. This may be any
+ object from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this field
+ is specified, volume binding will only succeed
+ if the type of the specified object matches some
+ installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the
+ dataSource field and as such if both fields are
+ non-empty, they must have the same value. For
+ backwards compatibility, when namespace isn''t
+ specified in dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to the same value
+ automatically if one of them is empty and the
+ other is non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t set to the
+ same value and must be empty. There are three
+ important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types
+ of objects, dataSourceRef allows any non-core
+ object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping
+ them), dataSourceRef preserves all values, and
+ generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects,
+ dataSourceRef allows objects in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using the
+ namespace field of dataSourceRef requires the
+ CrossNamespaceVolumeDataSource feature gate to
+ be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace
+ is specified, a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent namespace
+ to allow that namespace's owner to accept
+ the reference. See the ReferenceGrant documentation
+ for details. (Alpha) This field requires the
+ CrossNamespaceVolumeDataSource feature gate
+ to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem
+ is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that is
+ attached to a kubelet's host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs and
+ lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use for
+ this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds extra
+ command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information
+ to pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the plugin
+ scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached to
+ a kubelet's host machine. This depends on the Flocker control
+ service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset stored as
+ metadata -> name on the dataset for Flocker should be
+ considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset. This
+ is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume that
+ you want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource in
+ GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the EmptyDir into
+ the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory name. Must
+ not contain or start with '..'. If '.' is supplied, the
+ volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs volume
+ to be mounted with read-only permissions. Defaults to
+ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file or directory
+ on the host machine that is directly exposed to the container.
+ This is generally used for system agents or other privileged
+ things that are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host directory
+ mounts and who can/can not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host. If the
+ path is a symlink, it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults to "" More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource that is
+ attached to a kubelet''s host machine and then exposed to
+ the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface <target portal>:<volume
+ name> will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name that uses
+ an iSCSI transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal List. The
+ portal is either an IP or ip_addr:port if the port is
+ other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI target
+ and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal. The Portal
+ is either an IP or ip_addr:port if the port is other than
+ default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host that shares
+ a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export to
+ be mounted with read-only permissions. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address of the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents a
+ reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting in
+ VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used to set permissions
+ on created files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path are
+ not affected by this setting. This might be in conflict
+ with other options that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the configMap
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the ConfigMap, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be
+ an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values,
+ JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu
+ and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the secret data
+ to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the Secret, the volume setup
+ will error unless it is marked optional. Paths
+ must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional field specify whether the
+ Secret or its key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: serviceAccountToken is information about
+ the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended audience
+ of the token. A recipient of a token must identify
+ itself with an identifier specified in the audience
+ of the token, and otherwise should reject the
+ token. The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration, the
+ kubelet volume plugin will proactively rotate
+ the service account token. The kubelet will
+ start trying to rotate the token if the token
+ is older than 80 percent of its time to live
+ or if the token is older than 24 hours.Defaults
+ to 1 hour and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative to the
+ mount point of the file to project the token
+ into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default is no
+ group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults to
+ false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple Quobyte
+ Registry services specified as a string as host:port pair
+ (multiple entries are separated with commas) which acts
+ as the central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume in the
+ Backend Used with dynamically provisioned Quobyte volumes,
+ value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults to serivceaccount
+ user
+ type: string
+ volume:
+ description: volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication secret
+ for RBDUser. If provided overrides keyring. Default is
+ nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is the rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret for ScaleIO
+ user and other sensitive information. If this is not provided,
+ Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage for
+ a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool associated
+ with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system as
+ configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume already
+ created in the ScaleIO system that is associated with
+ this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the Secret, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the Secret or
+ its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret in the
+ pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use for obtaining
+ the StorageOS API credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeName:
+ description: volumeName is the human-readable name of the
+ StorageOS volume. Volume names are only unique within
+ a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope of the
+ volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS
+ for tighter integration. Set VolumeName to any name to
+ override the default behaviour. Set to "default" if you
+ are not using namespaces within StorageOS. Namespaces
+ that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies vSphere
+ volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - erasure
+ - nodes
+ type: object
+ status:
+ default:
+ state: Pending
+ description: StorageStatus defines the observed state of Storage
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n \ttype FooStatus struct{ \t // Represents the observations
+ of a foo's current state. \t // Known .status.conditions.type
+ are: \"Available\", \"Progressing\", and \"Degraded\" \t //
+ +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map
+ \t // +listMapKey=type \t Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields
+ \t}"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/tests/slo/k8s/helm/crds/storagemonitoring.yaml b/tests/slo/k8s/helm/crds/storagemonitoring.yaml
new file mode 100644
index 000000000..4d37c632c
--- /dev/null
+++ b/tests/slo/k8s/helm/crds/storagemonitoring.yaml
@@ -0,0 +1,158 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: storagemonitorings.ydb.tech
+spec:
+ group: ydb.tech
+ names:
+ kind: StorageMonitoring
+ listKind: StorageMonitoringList
+ plural: storagemonitorings
+ singular: storagemonitoring
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Monitoring status
+ jsonPath: .status.state
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: StorageMonitoring is the Schema for the storagemonitorings API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: StorageMonitoringSpec defines the desired state of StorageMonitoring
+ properties:
+ additionalLabels:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional labels that will be added to the
+ ServiceMonitor
+ type: object
+ storageRef:
+ description: 'NamespacedRef TODO: replace StorageRef'
+ properties:
+ name:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ namespace:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - storageRef
+ type: object
+ status:
+ description: StorageMonitoringStatus defines the observed state of StorageMonitoring
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n \ttype FooStatus struct{ \t // Represents the observations
+ of a foo's current state. \t // Known .status.conditions.type
+ are: \"Available\", \"Progressing\", and \"Degraded\" \t //
+ +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map
+ \t // +listMapKey=type \t Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields
+ \t}"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/tests/slo/k8s/helm/crds/storagenodeset.yaml b/tests/slo/k8s/helm/crds/storagenodeset.yaml
new file mode 100644
index 000000000..c2365985d
--- /dev/null
+++ b/tests/slo/k8s/helm/crds/storagenodeset.yaml
@@ -0,0 +1,4587 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: storagenodesets.ydb.tech
+spec:
+ group: ydb.tech
+ names:
+ kind: StorageNodeSet
+ listKind: StorageNodeSetList
+ plural: storagenodesets
+ singular: storagenodeset
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The status of this StorageNodeSet
+ jsonPath: .status.state
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: StorageNodeSet declares StatefulSet parameters
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: StorageNodeSetSpec describes an group nodes of Storage object
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource annotations that
+ are added to all resources
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ description: (Optional) Additional custom resource labels that are
+ added to all resources
+ type: object
+ affinity:
+ description: (Optional) If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the
+ pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node matches
+ the corresponding matchExpressions; the node(s) with the
+ highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects (i.e.
+ is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the
+ corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the corresponding
+ nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to an update), the system may or may not try to
+ eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term matches
+ no objects. The requirements of them are ANDed. The
+ TopologySelectorTerm type implements a subset of the
+ NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node. When
+ there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms
+ must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g.
+ avoid putting this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the anti-affinity expressions specified
+ by this field, but it may choose a node that violates one
+ or more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the anti-affinity requirements
+ specified by this field cease to be met at some point during
+ pod execution (e.g. due to a pod label update), the system
+ may or may not try to eventually evict the pod from its
+ node. When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ caBundle:
+ description: User-defined root certificate authority that is added
+ to system trust store of Storage pods on startup.
+ type: string
+ configuration:
+ description: YDB configuration in YAML format. Will be applied on
+ top of generated one in internal/configuration
+ type: string
+ dataStore:
+ description: (Optional) Where cluster data should be kept
+ items:
+ description: PersistentVolumeClaimSpec describes the common attributes
+ of storage devices and allows a Source for provider-specific attributes
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access modes
+ the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the provisioner
+ or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified
+ data source. When the AnyVolumeDataSource feature gate is
+ enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when
+ dataSourceRef.namespace is not specified. If the namespace
+ is specified, then dataSourceRef will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being
+ referenced. If APIGroup is not specified, the specified
+ Kind must be in the core API group. For any other third-party
+ types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from which
+ to populate the volume with data, if a non-empty volume is
+ desired. This may be any object from a non-empty API group
+ (non core object) or a PersistentVolumeClaim object. When
+ this field is specified, volume binding will only succeed
+ if the type of the specified object matches some installed
+ volume populator or dynamic provisioner. This field will replace
+ the functionality of the dataSource field and as such if both
+ fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn''t specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to
+ the same value automatically if one of them is empty and the
+ other is non-empty. When namespace is specified in dataSourceRef,
+ dataSource isn''t set to the same value and must be empty.
+ There are three important differences between dataSource and
+ dataSourceRef: * While dataSource only allows two specific
+ types of objects, dataSourceRef allows any non-core object,
+ as well as PersistentVolumeClaim objects. * While dataSource
+ ignores disallowed values (dropping them), dataSourceRef preserves
+ all values, and generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects, dataSourceRef
+ allows objects in any namespaces. (Beta) Using this field
+ requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires
+ the CrossNamespaceVolumeDataSource feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being
+ referenced. If APIGroup is not specified, the specified
+ Kind must be in the core API group. For any other third-party
+ types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource being
+ referenced Note that when a namespace is specified, a
+ gateway.networking.k8s.io/ReferenceGrant object is required
+ in the referent namespace to allow that namespace's owner
+ to accept the reference. See the ReferenceGrant documentation
+ for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum resources the
+ volume should have. If RecoverVolumeExpansionFailure feature
+ is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher
+ than capacity recorded in the status field of the claim. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes to consider
+ for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'storageClassName is the name of the StorageClass
+ required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume is required
+ by the claim. Value of Filesystem is implied when not included
+ in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to the PersistentVolume
+ backing this claim.
+ type: string
+ type: object
+ type: array
+ domain:
+ default: Root
+ description: '(Optional) Name of the root storage domain Default:
+ root'
+ maxLength: 63
+ pattern: '[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?'
+ type: string
+ erasure:
+ default: block-4-2
+ description: Data storage topology mode For details, see https://ydb.tech/docs/en/cluster/topology
+ FIXME mirror-3-dc is only supported with external configuration
+ enum:
+ - mirror-3-dc
+ - block-4-2
+ - none
+ type: string
+ hostNetwork:
+ description: '(Optional) Whether host network should be enabled. Default:
+ false'
+ type: boolean
+ image:
+ description: (Optional) Container image information
+ properties:
+ name:
+ description: 'Container image with supported YDB version. This
+ defaults to the version pinned to the operator and requires
+ a full container and tag/sha name. For example: cr.yandex/crptqonuodf51kdj7a7d/ydb:22.2.22'
+ type: string
+ pullPolicy:
+ description: '(Optional) PullPolicy for the image, which defaults
+ to IfNotPresent. Default: IfNotPresent'
+ type: string
+ pullSecret:
+ description: (Optional) Secret name containing the dockerconfig
+ to use for a registry that requires authentication. The secret
+ must be configured first by the user.
+ type: string
+ type: object
+ initContainers:
+ description: '(Optional) List of initialization containers belonging
+ to the pod. Init containers are executed in order prior to containers
+ being started. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
+ items:
+ description: A single application container that you want to run
+ within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The container image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax:
+ i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether
+ the variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Not
+ specifying a port here DOES NOT prevent that port from being
+ exposed. Any port which is listening on the default "0.0.0.0"
+ address inside a container will be accessible from the network.
+ Modifying this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options the
+ container should be run with. If set, the fields of SecurityContext
+ override the equivalent fields of PodSecurityContext. More
+ info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must only be set if type
+ is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components
+ that enable the WindowsHostProcessContainers feature
+ flag. Setting this field without the feature flag
+ will result in errors when validating the Pod. All
+ of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers). In
+ addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ monitoring:
+ description: '(Optional) Monitoring sets configuration options for
+ YDB observability Default: ""'
+ properties:
+ enabled:
+ type: boolean
+ interval:
+ description: Interval at which metrics should be scraped
+ type: string
+ metricRelabelings:
+ description: RelabelConfig allows dynamic rewriting of the label
+ set, being applied to sample before ingestion.
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of the
+ label set, being applied to samples before ingestion. It defines
+ `<metric_relabel_configs>`-section of Prometheus configuration.
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ properties:
+ action:
+ description: Action to perform based on regex matching.
+ Default is 'replace'
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source label
+ values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex replace
+ is performed if the regular expression matches. Regex
+ capture groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular expression
+ for the replace, keep, and drop actions.
+ items:
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
+ type: string
+ type: object
+ type: array
+ required:
+ - enabled
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: '(Optional) NodeSelector is a selector which must be
+ true for the pod to fit on a node. Selector which must match a node''s
+ labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ nodes:
+ description: Number of nodes (pods)
+ format: int32
+ type: integer
+ operatorSync:
+ default: true
+ description: Enables or disables operator's reconcile loop. `false`
+ means all the Pods are running, but the reconcile is effectively
+ turned off. `true` means the default state of the system, all Pods
+ running, operator reacts to specification change of this Storage
+ resource.
+ type: boolean
+ pause:
+ default: false
+ description: The state of the Storage processes. `true` means all
+ the Storage Pods are being killed, but the Storage resource is persisted.
+ `false` means the default state of the system, all Pods running.
+ type: boolean
+ priorityClassName:
+ description: (Optional) If specified, the pod's priorityClassName.
+ type: string
+ resources:
+ description: '(Optional) Container resource limits. Any container
+ limits can be specified. Default: (not specified)'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in
+ spec.resourceClaims, that are used by this container. \n This
+ is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used. It makes that resource
+ available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ secrets:
+ description: 'Secret names that will be mounted into the well-known
+ directory of every storage pod. Directory: `/opt/ydb/secrets/<secret_name>/<secret_key>`'
+ items:
+ description: LocalObjectReference contains enough information to
+ let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ type: array
+ service:
+ description: '(Optional) Storage services parameter overrides Default:
+ (not specified)'
+ properties:
+ grpc:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ externalHost:
+ type: string
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ tls:
+ properties:
+ CA:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ certificate:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ type: object
+ interconnect:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ tls:
+ properties:
+ CA:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ certificate:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ enabled:
+ type: boolean
+ key:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - enabled
+ type: object
+ type: object
+ status:
+ properties:
+ additionalAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ additionalLabels:
+ additionalProperties:
+ type: string
+ type: object
+ ipFamilies:
+ items:
+ description: IPFamily represents the IP Family (IPv4 or
+ IPv6). This type is used to express the family of an IP
+ expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness
+ requested or required by a Service
+ type: string
+ type: object
+ type: object
+ storageRef:
+ description: YDB Storage reference
+ properties:
+ name:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ namespace:
+ maxLength: 63
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ required:
+ - name
+ type: object
+ terminationGracePeriodSeconds:
+ description: (Optional) If specified, the pod's terminationGracePeriodSeconds.
+ format: int64
+ type: integer
+ tolerations:
+ description: (Optional) If specified, the pod's tolerations.
+ items:
+ description: The pod this Toleration is attached to tolerates any
+ taint that matches the triple <key,value,effect> using the matching
+ operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty
+ means match all taint effects. When specified, allowed values
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match all
+ values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the
+ value. Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod
+ can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time
+ the toleration (which must be of effect NoExecute, otherwise
+ this field is ignored) tolerates the taint. By default, it
+ is not set, which means tolerate the taint forever (do not
+ evict). Zero and negative values will be treated as 0 (evict
+ immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: (Optional) If specified, the pod's topologySpreadConstraints.
+ All topologySpreadConstraints are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how to spread matching
+ pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods. Pods
+ that match this label selector are counted to determine the
+ number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ the pods over which spreading will be calculated. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are ANDed with labelSelector to select the
+ group of existing pods over which spreading will be calculated
+ for the incoming pod. Keys that don't exist in the incoming
+ pod labels will be ignored. A null or empty list means only
+ match against labelSelector.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods may
+ be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods
+ in an eligible domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone cluster,
+ MaxSkew is set to 1, and pods with the same labelSelector
+ spread as 2/2/1: In this case, the global minimum is 1. |
+ zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3 to become
+ 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)
+ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that satisfy
+ it. It''s a required field. Default value is 1 and 0 is not
+ allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of eligible
+ domains. When the number of eligible domains with matching
+ topology keys is less than minDomains, Pod Topology Spread
+ treats \"global minimum\" as 0, and then the calculation of
+ Skew is performed. And when the number of eligible domains
+ with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those domains. If
+ value is nil, the constraint behaves as if MinDomains is equal
+ to 1. Valid values are integers greater than 0. When value
+ is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains
+ is set to 5 and pods with the same labelSelector spread as
+ 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation, new pod with
+ the same labelSelector cannot be scheduled, because computed
+ skew will be 3(3 - 0) if new Pod is scheduled to any of the
+ three zones, it will violate MaxSkew. \n This is a beta field
+ and requires the MinDomainsInPodTopologySpread feature gate
+ to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will treat
+ Pod's nodeAffinity/nodeSelector when calculating pod topology
+ spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations. \n
+ If this value is nil, the behavior is equivalent to the Honor
+ policy. This is a beta-level feature default enabled by the
+ NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat node
+ taints when calculating pod topology spread skew. Options
+ are: - Honor: nodes without taints, along with tainted nodes
+ for which the incoming pod has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+ \n If this value is nil, the behavior is equivalent to the
+ Ignore policy. This is a beta-level feature default enabled
+ by the NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes that
+ have a label with this key and identical values are considered
+ to be in the same topology. We consider each <key, value>
+ as a "bucket", and try to put balanced number of pods into
+ each bucket. We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain as a domain
+ whose nodes meet the requirements of nodeAffinityPolicy and
+ nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain of
+ that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with a
+ pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
+ (default) tells the scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any location, but
+ giving higher precedence to topologies that would help reduce
+ the skew. A constraint is considered "Unsatisfiable" for
+ an incoming pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology. For
+ example, in a 3-zone cluster, MaxSkew is set to 1, and pods
+ with the same labelSelector spread as 3/1/1: | zone1 | zone2
+ | zone3 | | P P P | P | P | If WhenUnsatisfiable is
+ set to DoNotSchedule, incoming pod can only be scheduled to
+ zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on
+ zone2(zone3) satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t make it *more*
+ imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - topologyKey
+ - whenUnsatisfiable
+ x-kubernetes-list-type: map
+ version:
+ description: '(Optional) YDBVersion sets the explicit version of the
+ YDB image Default: ""'
+ type: string
+ volumes:
+ description: 'Additional volumes that will be mounted into the well-known
+ directory of every storage pod. Directory: `/opt/ydb/volumes/<volume_name>`.
+ Only `hostPath` volume type is supported for now.'
+ items:
+ description: Volume represents a named volume in a pod that may
+ be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent disk
+ resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in the
+ blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the blob
+ storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that contains
+ Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted root,
+ rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile is the
+ path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached and
+ mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
+ be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a secret
+ object containing parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless it is
+ marked optional. Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap or its
+ keys must be defined
+ type: boolean
+ type: object
+ csi:
+ description: csi (Container Storage Interface) represents ephemeral
+ storage that is handled by certain external CSI drivers (Beta
+ feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver that handles
+ this volume. Consult with your admin for the correct name
+ as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated
+ CSI driver which will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference to the
+ secret object containing sensitive information to pass
+ to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the secret
+ object contains more than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific properties
+ that are passed to the CSI driver. Consult your driver's
+ documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a Optional: mode bits used to set
+ permissions on created files by default. Must be an octal
+ value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file, must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path
+ name of the file to be created. Must not be absolute
+ or contain the ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory that
+ shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the
+ SizeLimit specified here and the sum of memory limits
+ of all containers in a pod. The default is nil which means
+ that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is tied
+ to the pod that defines it - it will be created before the
+ pod starts, and deleted when the pod is removed. \n Use this
+ if: a) the volume is only needed while the pod runs, b) features
+ of normal volumes like restoring from snapshot or capacity
+ \ tracking are needed, c) the storage driver is specified
+ through a storage class, and d) the storage driver supports
+ dynamic volume provisioning through a PersistentVolumeClaim
+ (see EphemeralVolumeSource for more information on the
+ connection between this volume type and PersistentVolumeClaim).
+ \n Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod. \n Use CSI for light-weight local ephemeral
+ volumes if the CSI driver is meant to be used that way - see
+ the documentation of the driver for more information. \n A
+ pod can use both types of ephemeral volumes and persistent
+ volumes at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC to
+ provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the PVC
+ will be deleted together with the pod. The name of the
+ PVC will be `<pod name>-<volume name>` where `<volume
+ name>` is the name from the `PodSpec.Volumes` array entry.
+ Pod validation will reject the pod if the concatenated
+ name is not valid for a PVC (for example, too long). \n
+ An existing PVC with that name that is not owned by the
+ pod will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC
+ is meant to be used by the pod, the PVC has to updated
+ with an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may be useful
+ when manually reconstructing a broken cluster. \n This
+ field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required, must
+ not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations that
+ will be copied into the PVC when creating it. No other
+ fields are allowed and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the PVC
+ that gets created from this template. The same fields
+ as in a PersistentVolumeClaim are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified
+ data source. When the AnyVolumeDataSource feature
+ gate is enabled, dataSource contents will be copied
+ to dataSourceRef, and dataSourceRef contents will
+ be copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified,
+ then dataSourceRef will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object
+ from which to populate the volume with data, if
+ a non-empty volume is desired. This may be any
+ object from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this field
+ is specified, volume binding will only succeed
+ if the type of the specified object matches some
+ installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the
+ dataSource field and as such if both fields are
+ non-empty, they must have the same value. For
+ backwards compatibility, when namespace isn''t
+ specified in dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to the same value
+ automatically if one of them is empty and the
+ other is non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t set to the
+ same value and must be empty. There are three
+ important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types
+ of objects, dataSourceRef allows any non-core
+ object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping
+ them), dataSourceRef preserves all values, and
+ generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects,
+ dataSourceRef allows objects in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using the
+ namespace field of dataSourceRef requires the
+ CrossNamespaceVolumeDataSource feature gate to
+ be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace
+ is specified, a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent namespace
+ to allow that namespace's owner to accept
+ the reference. See the ReferenceGrant documentation
+ for details. (Alpha) This field requires the
+ CrossNamespaceVolumeDataSource feature gate
+ to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem
+ is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that is
+ attached to a kubelet's host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs and
+ lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use for
+ this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds extra
+ command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information
+ to pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the plugin
+ scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached to
+ a kubelet's host machine. This depends on the Flocker control
+ service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset stored as
+ metadata -> name on the dataset for Flocker should be
+ considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset. This
+ is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume that
+ you want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource in
+ GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the EmptyDir into
+ the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory name. Must
+ not contain or start with '..'. If '.' is supplied, the
+ volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs volume
+ to be mounted with read-only permissions. Defaults to
+ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file or directory
+ on the host machine that is directly exposed to the container.
+ This is generally used for system agents or other privileged
+ things that are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host directory
+ mounts and who can/can not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host. If the
+ path is a symlink, it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults to "" More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource that is
+ attached to a kubelet''s host machine and then exposed to
+ the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface <target portal>:<volume
+ name> will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name that uses
+ an iSCSI transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal List. The
+ portal is either an IP or ip_addr:port if the port is
+ other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI target
+ and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal. The Portal
+ is either an IP or ip_addr:port if the port is other than
+ default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host that shares
+ a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export to
+ be mounted with read-only permissions. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address of the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents a
+ reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting in
+ VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used to set permissions
+ on created files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path are
+ not affected by this setting. This might be in conflict
+ with other options that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the configMap
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the ConfigMap, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be
+ an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values,
+ JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu
+ and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the secret data
+ to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the Secret, the volume setup
+ will error unless it is marked optional. Paths
+ must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional field specify whether the
+ Secret or its key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: serviceAccountToken is information about
+ the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended audience
+ of the token. A recipient of a token must identify
+ itself with an identifier specified in the audience
+ of the token, and otherwise should reject the
+ token. The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration, the
+ kubelet volume plugin will proactively rotate
+ the service account token. The kubelet will
+ start trying to rotate the token if the token
+ is older than 80 percent of its time to live
+ or if the token is older than 24 hours.Defaults
+ to 1 hour and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative to the
+ mount point of the file to project the token
+ into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default is no
+ group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults to
+ false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple Quobyte
+ Registry services specified as a string as host:port pair
+ (multiple entries are separated with commas) which acts
+ as the central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume in the
+ Backend Used with dynamically provisioned Quobyte volumes,
+ value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults to serivceaccount
+ user
+ type: string
+ volume:
+ description: volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication secret
+ for RBDUser. If provided overrides keyring. Default is
+ nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is the rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret for ScaleIO
+ user and other sensitive information. If this is not provided,
+ Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage for
+ a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool associated
+ with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system as
+ configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume already
+ created in the ScaleIO system that is associated with
+ this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the Secret, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the Secret or
+ its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret in the
+ pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use for obtaining
+ the StorageOS API credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeName:
+ description: volumeName is the human-readable name of the
+ StorageOS volume. Volume names are only unique within
+ a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope of the
+ volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS
+ for tighter integration. Set VolumeName to any name to
+ override the default behaviour. Set to "default" if you
+ are not using namespaces within StorageOS. Namespaces
+ that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies vSphere
+ volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - erasure
+ - nodes
+ - storageRef
+ type: object
+ status:
+ default:
+ state: Pending
+ description: StorageNodeSetStatus defines the observed state
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n \ttype FooStatus struct{ \t // Represents the observations
+ of a foo's current state. \t // Known .status.conditions.type
+ are: \"Available\", \"Progressing\", and \"Degraded\" \t //
+ +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map
+ \t // +listMapKey=type \t Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields
+ \t}"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/tests/slo/k8s/helm/templates/_helpers.tpl b/tests/slo/k8s/helm/templates/_helpers.tpl
new file mode 100644
index 000000000..013c768a9
--- /dev/null
+++ b/tests/slo/k8s/helm/templates/_helpers.tpl
@@ -0,0 +1,64 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ydb.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ydb.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ydb.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "ydb.labels" -}}
+helm.sh/chart: {{ include "ydb.chart" . }}
+{{ include "ydb.selectorLabels" . }}
+{{- if or (.Chart.AppVersion) (.Values.image.tag) }}
+app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ydb.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ydb.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+
+{{/*
+Create webhooks pathPrefix used by service fqdn url
+*/}}
+{{- define "ydb.webhookPathPrefix" -}}
+{{- if .Values.webhook.service.enableDefaultPathPrefix -}}
+{{- printf "/%s/%s" .Release.Namespace ( include "ydb.fullname" . ) -}}
+{{- end }}
+{{- if .Values.webhook.service.customPathPrefix -}}
+{{- .Values.webhook.service.customPathPrefix -}}
+{{- end }}
+{{- end -}}
\ No newline at end of file
diff --git a/tests/slo/k8s/helm/templates/deployment.yaml b/tests/slo/k8s/helm/templates/deployment.yaml
new file mode 100644
index 000000000..f491ec8cb
--- /dev/null
+++ b/tests/slo/k8s/helm/templates/deployment.yaml
@@ -0,0 +1,109 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "ydb.fullname" . }}
+ labels:
+ {{- include "ydb.labels" . | nindent 4 }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ {{- include "ydb.selectorLabels" . | nindent 6 }}
+ revisionHistoryLimit: 2
+ template:
+ metadata:
+ labels:
+ {{- include "ydb.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 -}}
+ {{- end }}
+ containers:
+ - args:
+ - --health-probe-bind-address=:8081
+ - --metrics-bind-address=127.0.0.1:8080
+ - --leader-elect
+ {{- if not .Values.webhook.enabled }}
+ - --disable-webhooks
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ - --with-service-monitors=true
+ {{- end }}
+ {{- if .Values.mgmtCluster.enabled }}
+ - --mgmt-cluster-name={{- .Values.mgmtCluster.name }}
+ - --mgmt-cluster-kubeconfig=/mgmt-cluster/kubeconfig
+ {{- end }}
+ command:
+ - /manager
+ image: {{ default "cr.yandex/yc/ydb-kubernetes-operator" .Values.image.repository }}:
+ {{- if eq .Values.image.tag "REPLACED_BY_CHART_APP_VERSION_IF_UNSPECIFIED" -}}
+ {{- .Chart.AppVersion -}}
+ {{- else -}}
+ {{- .Values.image.tag -}}
+ {{- end }}
+ imagePullPolicy: {{ default "IfNotPresent" .Values.image.pullPolicy }}
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ name: manager
+ ports:
+ - containerPort: {{ .Values.webhook.service.port }}
+ name: webhook
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8081
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ securityContext:
+ allowPrivilegeEscalation: false
+ {{- if or .Values.webhook.enabled .Values.mgmtCluster.enabled }}
+ {{- if .Values.webhook.enabled }}
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: webhook-tls
+ {{- end }}
+ {{- if .Values.mgmtCluster.enabled }}
+ - mountPath: /mgmt-cluster
+ name: mgmt-cluster-kubeconfig
+ {{- end }}
+ {{- end }}
+ securityContext:
+ runAsNonRoot: true
+ serviceAccountName: {{ include "ydb.fullname" . }}
+ terminationGracePeriodSeconds: 10
+ {{- if or .Values.webhook.enabled .Values.mgmtCluster.enabled }}
+ volumes:
+ {{- if .Values.webhook.enabled }}
+ - name: webhook-tls
+ secret:
+ secretName: {{ include "ydb.fullname" . }}-webhook
+ {{- if .Values.webhook.patch.enabled }}
+ items:
+ - key: ca
+ path: ca.crt
+ - key: cert
+ path: tls.crt
+ - key: key
+ path: tls.key
+ {{- end }}
+ {{- end }}
+ {{- if .Values.mgmtCluster.enabled }}
+ - name: mgmt-cluster-kubeconfig
+ secret:
+ secretName: {{ .Values.mgmtCluster.kubeconfig }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
diff --git a/tests/slo/k8s/helm/templates/rbac-operator.yaml b/tests/slo/k8s/helm/templates/rbac-operator.yaml
new file mode 100644
index 000000000..84937fcb9
--- /dev/null
+++ b/tests/slo/k8s/helm/templates/rbac-operator.yaml
@@ -0,0 +1,265 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ include "ydb.fullname" . }}-operator-leader-election-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "ydb.fullname" . }}-operator-manager-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - monitoring.coreos.com
+ resources:
+ - servicemonitors
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - batch
+ resources:
+ - jobs
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - pods/log
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - apps
+ resources:
+ - statefulsets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - apps
+ resources:
+ - statefulsets/finalizers
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - apps
+ resources:
+ - statefulsets/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - services/finalizers
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - services/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - ydb.tech
+ resources:
+ - databases
+ - storages
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ydb.tech
+ resources:
+ - databases/finalizers
+ - storages/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - ydb.tech
+ resources:
+ - databases/status
+ - storages/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - ydb.tech
+ resources:
+ - databasenodesets
+ - remotedatabasenodesets
+ - storagenodesets
+ - remotestoragenodesets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ydb.tech
+ resources:
+ - databasenodesets/finalizers
+ - remotedatabasenodesets/finalizers
+ - storagenodesets/finalizers
+ - remotestoragenodesets/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - ydb.tech
+ resources:
+ - databasenodesets/status
+ - remotedatabasenodesets/status
+ - storagenodesets/status
+ - remotestoragenodesets/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - ydb.tech
+ resources:
+ - databasemonitorings
+ - storagemonitorings
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ include "ydb.fullname" . }}-operator-leader-election-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ include "ydb.fullname" . }}-operator-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: {{ include "ydb.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "ydb.fullname" . }}-operator-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "ydb.fullname" . }}-operator-manager-role
+subjects:
+- kind: ServiceAccount
+ name: {{ include "ydb.fullname" . }}
+ namespace: {{ .Release.Namespace }}
diff --git a/tests/slo/k8s/helm/templates/service.yaml b/tests/slo/k8s/helm/templates/service.yaml
new file mode 100644
index 000000000..0e22376b4
--- /dev/null
+++ b/tests/slo/k8s/helm/templates/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "ydb.fullname" . }}
+ labels:
+ {{- include "ydb.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: http
+ protocol: TCP
+ name: http
+ selector:
+ {{- include "ydb.selectorLabels" . | nindent 4 }}
\ No newline at end of file
diff --git a/tests/slo/k8s/helm/templates/serviceaccount.yaml b/tests/slo/k8s/helm/templates/serviceaccount.yaml
new file mode 100644
index 000000000..c5c1d9db2
--- /dev/null
+++ b/tests/slo/k8s/helm/templates/serviceaccount.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "ydb.fullname" . }}
+ labels:
+ {{- include "ydb.labels" . | nindent 4 }}
diff --git a/tests/slo/k8s/helm/templates/servicemonitor.yaml b/tests/slo/k8s/helm/templates/servicemonitor.yaml
new file mode 100644
index 000000000..1cbf05d05
--- /dev/null
+++ b/tests/slo/k8s/helm/templates/servicemonitor.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.metrics.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ include "ydb.fullname" . }}
+ labels:
+ {{- include "ydb.labels" . | nindent 4 }}
+spec:
+ endpoints:
+ - path: /metrics
+ port: http
+ selector:
+ matchLabels:
+ {{- include "ydb.selectorLabels" . | nindent 6 }}
+{{- end }}
\ No newline at end of file
diff --git a/tests/slo/k8s/helm/templates/webhooks/certificate.yaml b/tests/slo/k8s/helm/templates/webhooks/certificate.yaml
new file mode 100644
index 000000000..38f71c25d
--- /dev/null
+++ b/tests/slo/k8s/helm/templates/webhooks/certificate.yaml
@@ -0,0 +1,57 @@
+{{- if .Values.webhook.certManager.enabled -}}
+{{- if not .Values.webhook.certManager.issuerRef -}}
+# Create a selfsigned Issuer, in order to create a root CA certificate for
+# signing webhook serving certificates
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: {{ template "ydb.fullname" . }}-self-signed-issuer
+ namespace: {{ .Release.Namespace }}
+spec:
+ selfSigned: {}
+---
+# Generate a CA Certificate used to sign certificates for the webhook
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: {{ template "ydb.fullname" . }}-root-cert
+spec:
+ secretName: {{ template "ydb.fullname" . }}-root-cert
+ duration: {{ .Values.webhook.certManager.rootCert.duration | default "43800h0m0s" | quote }}
+ issuerRef:
+ name: {{ template "ydb.fullname" . }}-self-signed-issuer
+ commonName: "ca.webhook.ydb"
+ isCA: true
+---
+# Create an Issuer that uses the above generated CA certificate to issue certs
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: {{ template "ydb.fullname" . }}-root-issuer
+spec:
+ ca:
+ secretName: {{ template "ydb.fullname" . }}-root-cert
+{{- end }}
+---
+# generate a server certificate for the apiservices to use
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: {{ template "ydb.fullname" . }}-webhook
+spec:
+ secretName: {{ template "ydb.fullname" . }}-webhook
+ duration: {{ .Values.webhook.certManager.admissionCert.duration | default "8760h0m0s" | quote }}
+ issuerRef:
+ {{- if .Values.webhook.certManager.issuerRef }}
+ {{- toYaml .Values.webhook.certManager.issuerRef | nindent 4 }}
+ {{- else }}
+ name: {{ template "ydb.fullname" . }}-root-issuer
+ {{- end }}
+ dnsNames:
+ {{- if .Values.webhook.service.fqdn }}
+ - {{ .Values.webhook.service.fqdn }}
+ {{- end}}
+ - {{ template "ydb.fullname" . }}-webhook
+ - {{ template "ydb.fullname" . }}-webhook.{{ .Release.Namespace }}
+ - {{ template "ydb.fullname" . }}-webhook.{{ .Release.Namespace }}.svc
+{{- end -}}
diff --git a/tests/slo/k8s/helm/templates/webhooks/job-patch/clusterrole.yaml b/tests/slo/k8s/helm/templates/webhooks/job-patch/clusterrole.yaml
new file mode 100644
index 000000000..25215713b
--- /dev/null
+++ b/tests/slo/k8s/helm/templates/webhooks/job-patch/clusterrole.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.webhook.enabled (not .Values.webhook.certManager.enabled) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "ydb.fullname" . }}-webhook
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ app: {{ template "ydb.name" . }}-webhook
+ {{- include "ydb.labels" . | nindent 4 }}
+rules:
+ - apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ verbs:
+ - get
+ - update
+{{- end }}
diff --git a/tests/slo/k8s/helm/templates/webhooks/job-patch/clusterrolebinding.yaml b/tests/slo/k8s/helm/templates/webhooks/job-patch/clusterrolebinding.yaml
new file mode 100644
index 000000000..8baaf0aba
--- /dev/null
+++ b/tests/slo/k8s/helm/templates/webhooks/job-patch/clusterrolebinding.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.webhook.enabled (not .Values.webhook.certManager.enabled) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "ydb.fullname" . }}-webhook
+ labels: {{ include "ydb.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "ydb.fullname" . }}-webhook
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "ydb.fullname" . }}-webhook
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/tests/slo/k8s/helm/templates/webhooks/job-patch/job-createSecret.yaml b/tests/slo/k8s/helm/templates/webhooks/job-patch/job-createSecret.yaml
new file mode 100644
index 000000000..8bee1c9ef
--- /dev/null
+++ b/tests/slo/k8s/helm/templates/webhooks/job-patch/job-createSecret.yaml
@@ -0,0 +1,64 @@
+{{- if and .Values.webhook.enabled .Values.webhook.patch.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ template "ydb.fullname" . }}-webhook-create
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ app: {{ template "ydb.name" $ }}-webhook-create
+ {{- include "ydb.labels" . | nindent 4 }}
+spec:
+ {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+ # Alpha feature since k8s 1.12
+ ttlSecondsAfterFinished: 0
+ {{- end }}
+ template:
+ metadata:
+ name: {{ template "ydb.fullname" . }}-webhook-create
+{{- with .Values.webhook.patch.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ labels:
+ app: {{ template "ydb.name" . }}-webhook-create
+{{- include "ydb.labels" . | nindent 8 }}
+ spec:
+ {{- if .Values.webhook.patch.priorityClassName }}
+ priorityClassName: {{ .Values.webhook.patch.priorityClassName }}
+ {{- end }}
+ containers:
+ - name: create
+ {{- if .Values.webhook.patch.image.sha }}
+ image: {{ .Values.webhook.patch.image.repository }}:{{ .Values.webhook.patch.image.tag }}@sha256:{{ .Values.webhook.patch.image.sha }}
+ {{- else }}
+ image: {{ .Values.webhook.patch.image.repository }}:{{ .Values.webhook.patch.image.tag }}
+ {{- end }}
+ imagePullPolicy: {{ .Values.webhook.patch.image.pullPolicy }}
+ args:
+ - create
+ - --host={{ template "ydb.fullname" . }}-webhook,{{ template "ydb.fullname" . }}-webhook.{{ .Release.Namespace }}.svc{{ if .Values.webhook.service.fqdn }},{{ .Values.webhook.service.fqdn }}{{ end }}
+ - --namespace={{ .Release.Namespace }}
+ - --secret-name={{ template "ydb.fullname" . }}-webhook
+ resources:
+{{ toYaml .Values.webhook.patch.resources | indent 12 }}
+ restartPolicy: OnFailure
+ serviceAccountName: {{ template "ydb.fullname" . }}-webhook
+ {{- with .Values.webhook.patch.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.webhook.patch.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.webhook.patch.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+{{- if .Values.webhook.patch.securityContext }}
+ securityContext:
+{{ toYaml .Values.webhook.patch.securityContext | indent 8 }}
+{{- end }}
+{{- end }}
diff --git a/tests/slo/k8s/helm/templates/webhooks/job-patch/job-patchWebhook.yaml b/tests/slo/k8s/helm/templates/webhooks/job-patch/job-patchWebhook.yaml
new file mode 100644
index 000000000..db8b655c3
--- /dev/null
+++ b/tests/slo/k8s/helm/templates/webhooks/job-patch/job-patchWebhook.yaml
@@ -0,0 +1,66 @@
+{{- if and .Values.webhook.enabled .Values.webhook.patch.enabled }}
+{{- if .Values.webhook.patch.injectCA }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ template "ydb.fullname" . }}-webhook-patch
+ annotations:
+ "helm.sh/hook": post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ app: {{ template "ydb.name" . }}-webhook-patch
+ {{- include "ydb.labels" . | nindent 4 }}
+spec:
+ {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+ # Alpha feature since k8s 1.12
+ ttlSecondsAfterFinished: 0
+ {{- end }}
+ template:
+ metadata:
+ name: {{ template "ydb.fullname" . }}-webhook-patch
+{{- with .Values.webhook.patch.podAnnotations }}
+ annotations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+ labels:
+ app: {{ template "ydb.name" . }}-webhook-patch
+{{- include "ydb.labels" . | nindent 8 }}
+ spec:
+ {{- if .Values.webhook.patch.priorityClassName }}
+ priorityClassName: {{ .Values.webhook.patch.priorityClassName }}
+ {{- end }}
+ containers:
+ - name: patch
+ {{- if .Values.webhook.patch.image.sha }}
+ image: {{ .Values.webhook.patch.image.repository }}:{{ .Values.webhook.patch.image.tag }}@sha256:{{ .Values.webhook.patch.image.sha }}
+ {{- else }}
+ image: {{ .Values.webhook.patch.image.repository }}:{{ .Values.webhook.patch.image.tag }}
+ {{- end }}
+ imagePullPolicy: {{ .Values.webhook.patch.image.pullPolicy }}
+ args:
+ - patch
+ - --webhook-name={{ template "ydb.fullname" . }}-webhook
+ - --namespace={{ .Release.Namespace }}
+ - --secret-name={{ template "ydb.fullname" . }}-webhook
+ resources:
+{{ toYaml .Values.webhook.patch.resources | indent 12 }}
+ restartPolicy: OnFailure
+ serviceAccountName: {{ template "ydb.fullname" . }}-webhook
+ {{- with .Values.webhook.patch.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.webhook.patch.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.webhook.patch.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+{{- if .Values.webhook.patch.securityContext }}
+ securityContext:
+{{ toYaml .Values.webhook.patch.securityContext | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/tests/slo/k8s/helm/templates/webhooks/job-patch/role.yaml b/tests/slo/k8s/helm/templates/webhooks/job-patch/role.yaml
new file mode 100644
index 000000000..af09d657c
--- /dev/null
+++ b/tests/slo/k8s/helm/templates/webhooks/job-patch/role.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.webhook.enabled (not .Values.webhook.certManager.enabled) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ template "ydb.fullname" . }}-webhook
+ labels: {{ include "ydb.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - create
+{{- end }}
diff --git a/tests/slo/k8s/helm/templates/webhooks/job-patch/rolebinding.yaml b/tests/slo/k8s/helm/templates/webhooks/job-patch/rolebinding.yaml
new file mode 100644
index 000000000..cf0ece6aa
--- /dev/null
+++ b/tests/slo/k8s/helm/templates/webhooks/job-patch/rolebinding.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.webhook.enabled (not .Values.webhook.certManager.enabled) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ template "ydb.fullname" . }}-webhook
+ labels: {{ include "ydb.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "ydb.fullname" . }}-webhook
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "ydb.fullname" . }}-webhook
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/tests/slo/k8s/helm/templates/webhooks/job-patch/serviceaccount.yaml b/tests/slo/k8s/helm/templates/webhooks/job-patch/serviceaccount.yaml
new file mode 100644
index 000000000..d77a519a8
--- /dev/null
+++ b/tests/slo/k8s/helm/templates/webhooks/job-patch/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if and .Values.webhook.enabled (not .Values.webhook.certManager.enabled) }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "ydb.fullname" . }}-webhook
+ labels: {{ include "ydb.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 2 }}
+{{- end }}
diff --git a/tests/slo/k8s/helm/templates/webhooks/service.yaml b/tests/slo/k8s/helm/templates/webhooks/service.yaml
new file mode 100644
index 000000000..0ad127ecd
--- /dev/null
+++ b/tests/slo/k8s/helm/templates/webhooks/service.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.webhook.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "ydb.fullname" . }}-webhook
+ labels:
+ {{- include "ydb.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.webhook.service.type }}
+ ports:
+ - port: {{ .Values.webhook.service.port }}
+ targetPort: webhook
+ protocol: TCP
+ name: webhook
+ {{- if eq .Values.webhook.service.type "NodePort" }}
+ nodePort: {{ .Values.webhook.service.nodePort }}
+ {{- end }}
+ selector:
+ {{- include "ydb.selectorLabels" . | nindent 4 }}
+{{- end }}
diff --git a/tests/slo/k8s/helm/templates/webhooks/webhooks.yaml b/tests/slo/k8s/helm/templates/webhooks/webhooks.yaml
new file mode 100644
index 000000000..514b41928
--- /dev/null
+++ b/tests/slo/k8s/helm/templates/webhooks/webhooks.yaml
@@ -0,0 +1,184 @@
+{{- if and .Values.webhook.enabled }}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: {{ template "ydb.fullname" . }}-webhook
+ {{- if .Values.webhook.certManager.enabled }}
+ {{- if .Values.webhook.certManager.injectCA }}
+ annotations:
+ cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "ydb.fullname" . }}-webhook
+ {{- end }}
+ {{- end }}
+webhooks:
+ {{- $webhookFqdn := .Values.webhook.service.fqdn -}}
+ {{- $webhookPort := .Values.webhook.service.port -}}
+ {{- if eq .Values.webhook.service.type "NodePort" }}
+ {{- $webhookPort = coalesce .Values.webhook.service.nodePort 9443 -}}
+ {{- end }}
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ {{- if not (empty $webhookFqdn) }}
+ url: https://{{ $webhookFqdn }}:{{ $webhookPort }}{{ template "ydb.webhookPathPrefix" . }}/validate-ydb-tech-v1alpha1-storage
+ {{- else}}
+ service:
+ name: {{ template "ydb.fullname" . }}-webhook
+ namespace: {{ .Release.Namespace }}
+ port: {{ $webhookPort }}
+ path: /validate-ydb-tech-v1alpha1-storage
+ {{- end}}
+ failurePolicy: Fail
+ name: validate-storage.ydb.tech
+ rules:
+ - apiGroups:
+ - ydb.tech
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - storages
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ {{- if not (empty $webhookFqdn) }}
+ url: https://{{ $webhookFqdn }}:{{ $webhookPort }}{{ template "ydb.webhookPathPrefix" . }}/validate-ydb-tech-v1alpha1-database
+ {{- else}}
+ service:
+ name: {{ template "ydb.fullname" . }}-webhook
+ namespace: {{ .Release.Namespace }}
+ port: {{ $webhookPort }}
+ path: /validate-ydb-tech-v1alpha1-database
+ {{- end}}
+ failurePolicy: Fail
+ name: validate-database.ydb.tech
+ rules:
+ - apiGroups:
+ - ydb.tech
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - databases
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ {{- if not (empty $webhookFqdn) }}
+ url: https://{{ $webhookFqdn }}:{{ $webhookPort }}{{ template "ydb.webhookPathPrefix" . }}/validate-ydb-tech-v1alpha1-databasemonitoring
+ {{- else}}
+ service:
+ name: {{ template "ydb.fullname" . }}-webhook
+ namespace: {{ .Release.Namespace }}
+ port: {{ $webhookPort }}
+ path: /validate-ydb-tech-v1alpha1-databasemonitoring
+ {{- end}}
+ failurePolicy: Fail
+ name: validate-databasemonitoring.ydb.tech
+ rules:
+ - apiGroups:
+ - ydb.tech
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ resources:
+ - databasemonitorings
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ {{- if not (empty $webhookFqdn) }}
+ url: https://{{ $webhookFqdn }}:{{ $webhookPort }}{{ template "ydb.webhookPathPrefix" . }}/validate-ydb-tech-v1alpha1-storagemonitoring
+ {{- else}}
+ service:
+ name: {{ template "ydb.fullname" . }}-webhook
+ namespace: {{ .Release.Namespace }}
+ port: {{ $webhookPort }}
+ path: /validate-ydb-tech-v1alpha1-storagemonitoring
+ {{- end}}
+ failurePolicy: Fail
+ name: validate-storagemonitoring.ydb.tech
+ rules:
+ - apiGroups:
+ - ydb.tech
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ resources:
+ - storagemonitorings
+ sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ name: {{ template "ydb.fullname" . }}-webhook
+ {{- if .Values.webhook.certManager.enabled }}
+ {{- if .Values.webhook.certManager.injectCA }}
+ annotations:
+ cert-manager.io/inject-ca-from: {{ .Release.Namespace }}{{ template "ydb.webhookPathPrefix" . }}/{{ template "ydb.fullname" . }}-webhook
+ {{- end }}
+ {{- end }}
+webhooks:
+ {{- $webhookFqdn := .Values.webhook.service.fqdn -}}
+ {{- $webhookPort := .Values.webhook.service.port -}}
+ {{- if eq .Values.webhook.service.type "NodePort" }}
+ {{- $webhookPort = coalesce .Values.webhook.service.nodePort 9443 -}}
+ {{- end }}
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ {{- if not (empty $webhookFqdn) }}
+ url: https://{{ $webhookFqdn }}:{{ $webhookPort }}{{ template "ydb.webhookPathPrefix" . }}/mutate-ydb-tech-v1alpha1-storage
+ {{- else}}
+ service:
+ name: {{ template "ydb.fullname" . }}-webhook
+ namespace: {{ .Release.Namespace }}
+ port: {{ $webhookPort }}
+ path: /mutate-ydb-tech-v1alpha1-storage
+ {{- end}}
+ failurePolicy: Fail
+ name: mutate-storage.ydb.tech
+ rules:
+ - apiGroups:
+ - ydb.tech
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - storages
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ {{- if not (empty $webhookFqdn) }}
+ url: https://{{ $webhookFqdn }}:{{ $webhookPort }}{{ template "ydb.webhookPathPrefix" . }}/mutate-ydb-tech-v1alpha1-database
+ {{- else}}
+ service:
+ name: {{ template "ydb.fullname" . }}-webhook
+ namespace: {{ .Release.Namespace }}
+ port: {{ $webhookPort }}
+ path: /mutate-ydb-tech-v1alpha1-database
+ {{- end}}
+ failurePolicy: Fail
+ name: mutate-database.ydb.tech
+ rules:
+ - apiGroups:
+ - ydb.tech
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - databases
+ sideEffects: None
+{{- end }}
diff --git a/tests/slo/k8s/helm/values.yaml b/tests/slo/k8s/helm/values.yaml
new file mode 100644
index 000000000..12cfa6345
--- /dev/null
+++ b/tests/slo/k8s/helm/values.yaml
@@ -0,0 +1,118 @@
+## Docker image configuration
+##
+image:
+ ## Operator container pull policy
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ repository: cr.yandex/yc/ydb-kubernetes-operator
+ tag: "REPLACED_BY_CHART_APP_VERSION_IF_UNSPECIFIED"
+
+## Secrets to use for Docker registry access
+## Secrets must be provided manually.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+## Example:
+## pullSecrets:
+## - myRegistryKeySecretName
+##
+imagePullSecrets: []
+
+nodeSelector: {}
+
+nameOverride: ""
+fullnameOverride: ""
+
+## Resource quotas
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+resources:
+ ## The resource limits for Operator container
+ ## Example:
+ ## limits:
+ ## cpu: 250m
+ ## memory: 512Mi
+ limits: {}
+ ## The requested resources for Operator container
+ ## Example:
+ ## requests:
+ ## cpu: 250m
+ ## memory: 256Mi
+ requests: {}
+
+service:
+ port: 8080
+ type: ClusterIP
+
+metrics:
+ ## Create ServiceMonitor resources
+ ##
+ enabled: false
+
+mgmtCluster:
+ ## Watch resources from mgmtCluster
+ ##
+ enabled: false
+ name: ""
+ ## Define existing kubeconfig Secret name in current namespace
+ kubeconfig: "remote-kubeconfig"
+
+webhook:
+ enabled: true
+
+ service:
+ type: ClusterIP
+ port: 9443
+ ## If type is NodePort:
+ # nodePort: 9443
+ #
+ ## Arbitrary fqdn for WebhookConfiguration instead of a default Service cluster fqdn:
+ # fqdn: example.org
+ #
+ ## PathPrefix for WebhookConfiguration url when fqdn used
+ ## Set variable to true and use default template <namespace>/<release>
+ # enableDefaultPathPrefix: false
+ ## Instead of default template allowed using your own custom pathPrefix
+ # customPathPrefix: "/haha"
+
+
+ ## If patch enabled, then generate a self-signed certificate for service.
+ ## When injectCA is true should inject the webhook configurations with generated caBundle.
+ ## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own
+ ## certs ahead of time if you wish.
+ ##
+ patch:
+ enabled: true
+ injectCA: true
+ image:
+ repository: k8s.gcr.io/ingress-nginx/kube-webhook-certgen
+ tag: v1.0
+ pullPolicy: IfNotPresent
+ resources: {}
+ ## Provide a priority class name to the webhook patching job
+ ##
+ priorityClassName: ""
+ podAnnotations: {}
+ nodeSelector: {}
+ affinity: {}
+ tolerations: []
+
+ ## SecurityContext holds pod-level security attributes and common container settings.
+ ## This defaults to non-root user with uid 2000 and gid 2000. *v1.PodSecurityContext false
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ ##
+ securityContext:
+ runAsGroup: 2000
+ runAsNonRoot: true
+ runAsUser: 2000
+
+ # Use cert-manager to generate webhook certs
+ certManager:
+ enabled: false
+ injectCA: false
+ # self-signed root certificate
+ rootCert:
+ duration: "" # default is 5y
+ admissionCert:
+ duration: "" # default is 1y
+ # issuerRef:
+ # name: "issuer"
+ # kind: "ClusterIssuer"
diff --git a/tests/slo/k8s/kind-cluster-config.yaml b/tests/slo/k8s/kind-cluster-config.yaml
new file mode 100644
index 000000000..be227cf74
--- /dev/null
+++ b/tests/slo/k8s/kind-cluster-config.yaml
@@ -0,0 +1,32 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+containerdConfigPatches:
+- |-
+ [plugins."io.containerd.grpc.v1.cri".containerd]
+ snapshotter = "native"
+nodes:
+- role: control-plane
+- role: worker
+ labels:
+ worker: true
+- role: worker
+ labels:
+ worker: true
+- role: worker
+ labels:
+ worker: true
+- role: worker
+ labels:
+ worker: true
+- role: worker
+ labels:
+ worker: true
+- role: worker
+ labels:
+ worker: true
+- role: worker
+ labels:
+ worker: true
+- role: worker
+ labels:
+ worker: true
diff --git a/tests/slo/k8s/operator-values.yaml b/tests/slo/k8s/operator-values.yaml
new file mode 100644
index 000000000..41c1efe44
--- /dev/null
+++ b/tests/slo/k8s/operator-values.yaml
@@ -0,0 +1,10 @@
+image:
+ repository: kind/ydb-operator
+ tag: current
+ pullPolicy: Never
+
+webhook:
+ enabled: true
+
+ patch:
+ enabled: true
diff --git a/tests/slo/k8s/storage-block-4-2.yaml b/tests/slo/k8s/storage-block-4-2.yaml
new file mode 100644
index 000000000..4829d9a62
--- /dev/null
+++ b/tests/slo/k8s/storage-block-4-2.yaml
@@ -0,0 +1,196 @@
+apiVersion: ydb.tech/v1alpha1
+kind: Storage
+metadata:
+ name: storage
+ namespace: ydb
+spec:
+ dataStore: []
+ image:
+ name: cr.yandex/crptqonuodf51kdj7a7d/ydb:24.1.12
+ nodes: 8
+ erasure: block-4-2
+ configuration: |-
+ actor_system_config:
+ executor:
+ - name: System
+ threads: 1
+ type: BASIC
+ - name: User
+ threads: 1
+ type: BASIC
+ - name: Batch
+ threads: 1
+ type: BASIC
+ - name: IO
+ threads: 1
+ time_per_mailbox_micro_secs: 100
+ type: IO
+ - name: IC
+ spin_threshold: 10
+ threads: 4
+ time_per_mailbox_micro_secs: 100
+ type: BASIC
+ scheduler:
+ progress_threshold: 10000
+ resolution: 256
+ spin_threshold: 0
+ blob_storage_config:
+ service_set:
+ groups:
+ - erasure_species: block-4-2
+ rings:
+ - fail_domains:
+ - vdisk_locations:
+ - node_id: storage-0
+ path: SectorMap:1:4
+ pdisk_category: SSD
+ - vdisk_locations:
+ - node_id: storage-1
+ path: SectorMap:1:4
+ pdisk_category: SSD
+ - vdisk_locations:
+ - node_id: storage-2
+ path: SectorMap:1:4
+ pdisk_category: SSD
+ - vdisk_locations:
+ - node_id: storage-3
+ path: SectorMap:1:4
+ pdisk_category: SSD
+ - vdisk_locations:
+ - node_id: storage-4
+ path: SectorMap:1:4
+ pdisk_category: SSD
+ - vdisk_locations:
+ - node_id: storage-5
+ path: SectorMap:1:4
+ pdisk_category: SSD
+ - vdisk_locations:
+ - node_id: storage-6
+ path: SectorMap:1:4
+ pdisk_category: SSD
+ - vdisk_locations:
+ - node_id: storage-7
+ path: SectorMap:1:4
+ pdisk_category: SSD
+ channel_profile_config:
+ profile:
+ - channel:
+ - erasure_species: block-4-2
+ pdisk_category: 1
+ storage_pool_kind: ssd
+ - erasure_species: block-4-2
+ pdisk_category: 1
+ storage_pool_kind: ssd
+ - erasure_species: block-4-2
+ pdisk_category: 1
+ storage_pool_kind: ssd
+ profile_id: 0
+ domains_config:
+ domain:
+ - name: Root
+ storage_pool_types:
+ - kind: ssd
+ pool_config:
+ box_id: 1
+ erasure_species: block-4-2
+ kind: ssd
+ pdisk_filter:
+ - property:
+ - type: SSD
+ vdisk_kind: Default
+ state_storage:
+ - ring:
+ node:
+ - 1
+ - 2
+ - 3
+ - 4
+ - 5
+ - 6
+ - 7
+ - 8
+ nto_select: 5
+ ssid: 1
+ grpc_config:
+ port: 2135
+ host_configs:
+ - drive:
+ - path: SectorMap:1:4
+ type: SSD
+ host_config_id: 1
+ hosts:
+ - address: ""
+ host: storage-0
+ host_config_id: 1
+ node_id: 1
+ port: 19001
+ walle_location:
+ body: 12340
+ data_center: az-1
+ rack: "0"
+ - address: ""
+ host: storage-1
+ host_config_id: 1
+ node_id: 2
+ port: 19001
+ walle_location:
+ body: 12341
+ data_center: az-1
+ rack: "1"
+ - address: ""
+ host: storage-2
+ host_config_id: 1
+ node_id: 3
+ port: 19001
+ walle_location:
+ body: 12342
+ data_center: az-1
+ rack: "2"
+ - address: ""
+ host: storage-3
+ host_config_id: 1
+ node_id: 4
+ port: 19001
+ walle_location:
+ body: 12343
+ data_center: az-1
+ rack: "3"
+ - address: ""
+ host: storage-4
+ host_config_id: 1
+ node_id: 5
+ port: 19001
+ walle_location:
+ body: 12344
+ data_center: az-1
+ rack: "4"
+ - address: ""
+ host: storage-5
+ host_config_id: 1
+ node_id: 6
+ port: 19001
+ walle_location:
+ body: 12345
+ data_center: az-1
+ rack: "5"
+ - address: ""
+ host: storage-6
+ host_config_id: 1
+ node_id: 7
+ port: 19001
+ walle_location:
+ body: 12346
+ data_center: az-1
+ rack: "6"
+ - address: ""
+ host: storage-7
+ host_config_id: 1
+ node_id: 8
+ port: 19001
+ walle_location:
+ body: 12347
+ data_center: az-1
+ rack: "7"
+ static_erasure: block-4-2
+ table_service_config:
+ sql_version: 1
\ No newline at end of file
diff --git a/tests/slo/native/query/main.go b/tests/slo/native/query/main.go
index 138187877..47d0c32ee 100644
--- a/tests/slo/native/query/main.go
+++ b/tests/slo/native/query/main.go
@@ -3,6 +3,7 @@ package main
import (
"context"
"fmt"
+ "os"
"os/signal"
"sync"
"syscall"
@@ -33,6 +34,12 @@ func main() {
fmt.Println("program started")
defer fmt.Println("program finished")
+ go func() {
+ time.Sleep(time.Duration(cfg.Time+5) * time.Second)
+ fmt.Println("force exit")
+ os.Exit(1)
+ }()
+
ctx, cancel = context.WithTimeout(ctx, time.Duration(cfg.Time)*time.Second)
defer cancel()
diff --git a/tests/slo/prometheus.yml b/tests/slo/prometheus.yml
new file mode 100644
index 000000000..0c8f893aa
--- /dev/null
+++ b/tests/slo/prometheus.yml
@@ -0,0 +1,7 @@
+scrape_configs:
+ - job_name: ydb-go-sdk
+ scrape_interval: 5s
+ static_configs:
+ - targets:
+# - localhost:8000
+ - docker.for.mac.host.internal:8080
\ No newline at end of file
diff --git a/trace/driver.go b/trace/driver.go
index 8cf5dedc3..07e9b5f9c 100644
--- a/trace/driver.go
+++ b/trace/driver.go
@@ -14,74 +14,59 @@ import (
type (
// Driver specified trace of common driver activity.
// gtrace:gen
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
Driver struct {
// Driver runtime events
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- OnInit func(DriverInitStartInfo) func(DriverInitDoneInfo)
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- OnWith func(DriverWithStartInfo) func(DriverWithDoneInfo)
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
+ OnInit func(DriverInitStartInfo) func(DriverInitDoneInfo)
+ OnWith func(DriverWithStartInfo) func(DriverWithDoneInfo)
OnClose func(DriverCloseStartInfo) func(DriverCloseDoneInfo)
// Pool of connections
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- OnPoolNew func(DriverConnPoolNewStartInfo) func(DriverConnPoolNewDoneInfo)
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
+ OnPoolNew func(DriverConnPoolNewStartInfo) func(DriverConnPoolNewDoneInfo)
+ OnPoolAttach func(DriverConnPoolAttachStartInfo) func(DriverConnPoolAttachDoneInfo)
+ OnPoolDetach func(DriverConnPoolDetachStartInfo) func(DriverConnPoolDetachDoneInfo)
+
+ // Deprecated
OnPoolRelease func(DriverConnPoolReleaseStartInfo) func(DriverConnPoolReleaseDoneInfo)
// Resolver events
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
OnResolve func(DriverResolveStartInfo) func(DriverResolveDoneInfo)
// Conn events
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- OnConnStateChange func(DriverConnStateChangeStartInfo) func(DriverConnStateChangeDoneInfo)
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- OnConnInvoke func(DriverConnInvokeStartInfo) func(DriverConnInvokeDoneInfo)
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- OnConnNewStream func(DriverConnNewStreamStartInfo) func(DriverConnNewStreamDoneInfo)
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- OnConnStreamRecvMsg func(DriverConnStreamRecvMsgStartInfo) func(DriverConnStreamRecvMsgDoneInfo)
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- OnConnStreamSendMsg func(DriverConnStreamSendMsgStartInfo) func(DriverConnStreamSendMsgDoneInfo)
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
+ OnConnStateChange func(DriverConnStateChangeStartInfo) func(DriverConnStateChangeDoneInfo)
+ OnConnInvoke func(DriverConnInvokeStartInfo) func(DriverConnInvokeDoneInfo)
+ OnConnNewStream func(DriverConnNewStreamStartInfo) func(DriverConnNewStreamDoneInfo)
+ OnConnStreamRecvMsg func(DriverConnStreamRecvMsgStartInfo) func(DriverConnStreamRecvMsgDoneInfo)
+ OnConnStreamSendMsg func(DriverConnStreamSendMsgStartInfo) func(DriverConnStreamSendMsgDoneInfo)
OnConnStreamCloseSend func(DriverConnStreamCloseSendStartInfo) func(DriverConnStreamCloseSendDoneInfo)
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- OnConnDial func(DriverConnDialStartInfo) func(DriverConnDialDoneInfo)
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- OnConnBan func(DriverConnBanStartInfo) func(DriverConnBanDoneInfo)
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- OnConnAllow func(DriverConnAllowStartInfo) func(DriverConnAllowDoneInfo)
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- OnConnPark func(DriverConnParkStartInfo) func(DriverConnParkDoneInfo)
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- OnConnClose func(DriverConnCloseStartInfo) func(DriverConnCloseDoneInfo)
+ OnConnDial func(DriverConnDialStartInfo) func(DriverConnDialDoneInfo)
+ OnConnBan func(DriverConnBanStartInfo) func(DriverConnBanDoneInfo)
+ OnConnUnban func(DriverConnUnbanStartInfo) func(DriverConnUnbanDoneInfo)
+ OnConnPark func(DriverConnParkStartInfo) func(DriverConnParkDoneInfo)
+ OnConnClose func(DriverConnCloseStartInfo) func(DriverConnCloseDoneInfo)
// Repeater events
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
OnRepeaterWakeUp func(DriverRepeaterWakeUpStartInfo) func(DriverRepeaterWakeUpDoneInfo)
// Balancer events
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- OnBalancerInit func(DriverBalancerInitStartInfo) func(DriverBalancerInitDoneInfo)
-
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- OnBalancerClose func(DriverBalancerCloseStartInfo) func(DriverBalancerCloseDoneInfo)
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
+ OnBalancerInit func(DriverBalancerInitStartInfo) func(DriverBalancerInitDoneInfo)
+ OnBalancerClose func(DriverBalancerCloseStartInfo) func(DriverBalancerCloseDoneInfo)
+ OnBalancerGetConn func(
+ DriverBalancerGetConnStartInfo,
+ ) func(
+ DriverBalancerGetConnDoneInfo,
+ )
OnBalancerChooseEndpoint func(
DriverBalancerChooseEndpointStartInfo,
) func(
DriverBalancerChooseEndpointDoneInfo,
)
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
OnBalancerClusterDiscoveryAttempt func(
DriverBalancerClusterDiscoveryAttemptStartInfo,
) func(
DriverBalancerClusterDiscoveryAttemptDoneInfo,
)
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- OnBalancerUpdate func(DriverBalancerUpdateStartInfo) func(DriverBalancerUpdateDoneInfo)
+ OnBalancerUpdate func(DriverBalancerUpdateStartInfo) func(DriverBalancerUpdateDoneInfo)
+ OnBalancerMarkConnAsBad func(DriverBalancerMarkConnAsBadStartInfo) func(DriverBalancerMarkConnAsBadDoneInfo)
// Credentials events
OnGetCredentials func(DriverGetCredentialsStartInfo) func(DriverGetCredentialsDoneInfo)
@@ -89,11 +74,9 @@ type (
)
// Method represents rpc method.
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
type Method string
// Name returns the rpc method name.
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func (m Method) Name() (s string) {
_, s = m.Split()
@@ -101,7 +84,6 @@ func (m Method) Name() (s string) {
}
// Service returns the rpc service name.
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func (m Method) Service() (s string) {
s, _ = m.Split()
@@ -109,7 +91,6 @@ func (m Method) Service() (s string) {
}
// Issue declare interface of operation error issues
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
type Issue interface {
GetMessage() string
GetIssueCode() uint32
@@ -117,7 +98,6 @@ type Issue interface {
}
// Split returns service name and method.
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func (m Method) Split() (service, method string) {
i := strings.LastIndex(string(m), "/")
if i == -1 {
@@ -127,15 +107,10 @@ func (m Method) Split() (service, method string) {
return strings.TrimPrefix(string(m[:i]), "/"), string(m[i+1:])
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
type ConnState interface {
fmt.Stringer
-
- IsValid() bool
- Code() int
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
type EndpointInfo interface {
fmt.Stringer
@@ -144,16 +119,9 @@ type EndpointInfo interface {
Location() string
LoadFactor() float32
LastUpdated() time.Time
-
- // Deprecated: LocalDC check "local" by compare endpoint location with discovery "selflocation" field.
- // It work good only if connection url always point to local dc.
- // Will be removed after Oct 2024.
- // Read about versioning policy: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#deprecated
- LocalDC() bool
}
type (
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnStateChangeStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -164,21 +132,17 @@ type (
Endpoint EndpointInfo
State ConnState
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnStateChangeDoneInfo struct {
State ConnState
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverResolveStartInfo struct {
Call call
Target string
Resolved []string
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverResolveDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverBalancerUpdateStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -188,14 +152,27 @@ type (
Call call
NeedLocalDC bool
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverBalancerUpdateDoneInfo struct {
Endpoints []EndpointInfo
Added []EndpointInfo
Dropped []EndpointInfo
LocalDC string
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
+ DriverBalancerMarkConnAsBadStartInfo struct {
+ // Context make available context in trace callback function.
+ // Pointer to context provide replacement of context in trace callback function.
+ // Warning: concurrent access to pointer on client side must be excluded.
+ // Safe replacement of context are provided only inside callback function
+ Context *context.Context
+ Call call
+
+ Endpoint EndpointInfo
+ Cause error
+ }
+ DriverBalancerMarkConnAsBadDoneInfo struct {
+ Prefer []EndpointInfo
+ Fallback []EndpointInfo
+ }
DriverBalancerClusterDiscoveryAttemptStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -205,33 +182,27 @@ type (
Call call
Address string
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverBalancerClusterDiscoveryAttemptDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverNetReadStartInfo struct {
Call call
Address string
Buffer int
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverNetReadDoneInfo struct {
Received int
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverNetWriteStartInfo struct {
Call call
Address string
Bytes int
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverNetWriteDoneInfo struct {
Sent int
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverNetDialStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -241,20 +212,16 @@ type (
Call call
Address string
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverNetDialDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverNetCloseStartInfo struct {
Call call
Address string
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverNetCloseDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnTakeStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -264,11 +231,9 @@ type (
Call call
Endpoint EndpointInfo
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnTakeDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnDialStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -278,11 +243,9 @@ type (
Call call
Endpoint EndpointInfo
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnDialDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnParkStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -292,11 +255,9 @@ type (
Call call
Endpoint EndpointInfo
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnParkDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnCloseStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -306,11 +267,9 @@ type (
Call call
Endpoint EndpointInfo
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnCloseDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnBanStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -322,12 +281,10 @@ type (
State ConnState
Cause error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnBanDoneInfo struct {
State ConnState
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- DriverConnAllowStartInfo struct {
+ DriverConnUnbanStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
// Warning: concurrent access to pointer on client side must be excluded.
@@ -337,11 +294,9 @@ type (
Endpoint EndpointInfo
State ConnState
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- DriverConnAllowDoneInfo struct {
+ DriverConnUnbanDoneInfo struct {
State ConnState
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnInvokeStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -352,7 +307,6 @@ type (
Endpoint EndpointInfo
Method Method
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnInvokeDoneInfo struct {
Error error
Issues []Issue
@@ -360,7 +314,6 @@ type (
State ConnState
Metadata map[string][]string
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnNewStreamStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -371,12 +324,10 @@ type (
Endpoint EndpointInfo
Method Method
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnNewStreamDoneInfo struct {
Error error
State ConnState
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnStreamRecvMsgStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -385,11 +336,9 @@ type (
Context *context.Context
Call call
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnStreamRecvMsgDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnStreamSendMsgStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -398,11 +347,9 @@ type (
Context *context.Context
Call call
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnStreamSendMsgDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnStreamCloseSendStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -411,11 +358,9 @@ type (
Context *context.Context
Call call
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnStreamCloseSendDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverBalancerInitStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -425,11 +370,9 @@ type (
Call call
Name string
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverBalancerInitDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverBalancerDialEntrypointStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -439,11 +382,9 @@ type (
Call call
Address string
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverBalancerDialEntrypointDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverBalancerCloseStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -452,11 +393,9 @@ type (
Context *context.Context
Call call
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverBalancerCloseDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverBalancerChooseEndpointStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -465,12 +404,22 @@ type (
Context *context.Context
Call call
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverBalancerChooseEndpointDoneInfo struct {
Endpoint EndpointInfo
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
+ DriverBalancerGetConnStartInfo struct {
+ // Context make available context in trace callback function.
+ // Pointer to context provide replacement of context in trace callback function.
+ // Warning: concurrent access to pointer on client side must be excluded.
+ // Safe replacement of context are provided only inside callback function
+ Context *context.Context
+ Call call
+ }
+ DriverBalancerGetConnDoneInfo struct {
+ Endpoint EndpointInfo
+ Error error
+ }
DriverRepeaterWakeUpStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -481,11 +430,9 @@ type (
Name string
Event string
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverRepeaterWakeUpDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverGetCredentialsStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -494,12 +441,10 @@ type (
Context *context.Context
Call call
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverGetCredentialsDoneInfo struct {
Token string
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverInitStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -511,11 +456,9 @@ type (
Database string
Secure bool
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverInitDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverWithStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -527,11 +470,9 @@ type (
Database string
Secure bool
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverWithDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnPoolNewStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -540,9 +481,7 @@ type (
Context *context.Context
Call call
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
- DriverConnPoolNewDoneInfo struct{}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
+ DriverConnPoolNewDoneInfo struct{}
DriverConnPoolReleaseStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -551,11 +490,31 @@ type (
Context *context.Context
Call call
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverConnPoolReleaseDoneInfo struct {
Error error
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
+ DriverConnPoolAttachStartInfo struct {
+ // Context make available context in trace callback function.
+ // Pointer to context provide replacement of context in trace callback function.
+ // Warning: concurrent access to pointer on client side must be excluded.
+ // Safe replacement of context are provided only inside callback function
+ Context *context.Context
+ Call call
+ }
+ DriverConnPoolAttachDoneInfo struct {
+ Error error
+ }
+ DriverConnPoolDetachStartInfo struct {
+ // Context make available context in trace callback function.
+ // Pointer to context provide replacement of context in trace callback function.
+ // Warning: concurrent access to pointer on client side must be excluded.
+ // Safe replacement of context are provided only inside callback function
+ Context *context.Context
+ Call call
+ }
+ DriverConnPoolDetachDoneInfo struct {
+ Error error
+ }
DriverCloseStartInfo struct {
// Context make available context in trace callback function.
// Pointer to context provide replacement of context in trace callback function.
@@ -564,7 +523,6 @@ type (
Context *context.Context
Call call
}
- // Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
DriverCloseDoneInfo struct {
Error error
}
diff --git a/trace/driver_gtrace.go b/trace/driver_gtrace.go
index 50491225a..ab34dd3ca 100644
--- a/trace/driver_gtrace.go
+++ b/trace/driver_gtrace.go
@@ -12,11 +12,9 @@ type driverComposeOptions struct {
}
// DriverOption specified Driver compose option
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
type DriverComposeOption func(o *driverComposeOptions)
// WithDriverPanicCallback specified behavior on panic
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func WithDriverPanicCallback(cb func(e interface{})) DriverComposeOption {
return func(o *driverComposeOptions) {
o.panicCallback = cb
@@ -24,7 +22,6 @@ func WithDriverPanicCallback(cb func(e interface{})) DriverComposeOption {
}
// Compose returns a new Driver which has functional fields composed both from t and x.
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func (t *Driver) Compose(x *Driver, opts ...DriverComposeOption) *Driver {
var ret Driver
options := driverComposeOptions{}
@@ -173,6 +170,76 @@ func (t *Driver) Compose(x *Driver, opts ...DriverComposeOption) *Driver {
}
}
}
+ {
+ h1 := t.OnPoolAttach
+ h2 := x.OnPoolAttach
+ ret.OnPoolAttach = func(d DriverConnPoolAttachStartInfo) func(DriverConnPoolAttachDoneInfo) {
+ if options.panicCallback != nil {
+ defer func() {
+ if e := recover(); e != nil {
+ options.panicCallback(e)
+ }
+ }()
+ }
+ var r, r1 func(DriverConnPoolAttachDoneInfo)
+ if h1 != nil {
+ r = h1(d)
+ }
+ if h2 != nil {
+ r1 = h2(d)
+ }
+ return func(d DriverConnPoolAttachDoneInfo) {
+ if options.panicCallback != nil {
+ defer func() {
+ if e := recover(); e != nil {
+ options.panicCallback(e)
+ }
+ }()
+ }
+ if r != nil {
+ r(d)
+ }
+ if r1 != nil {
+ r1(d)
+ }
+ }
+ }
+ }
+ {
+ h1 := t.OnPoolDetach
+ h2 := x.OnPoolDetach
+ ret.OnPoolDetach = func(d DriverConnPoolDetachStartInfo) func(DriverConnPoolDetachDoneInfo) {
+ if options.panicCallback != nil {
+ defer func() {
+ if e := recover(); e != nil {
+ options.panicCallback(e)
+ }
+ }()
+ }
+ var r, r1 func(DriverConnPoolDetachDoneInfo)
+ if h1 != nil {
+ r = h1(d)
+ }
+ if h2 != nil {
+ r1 = h2(d)
+ }
+ return func(d DriverConnPoolDetachDoneInfo) {
+ if options.panicCallback != nil {
+ defer func() {
+ if e := recover(); e != nil {
+ options.panicCallback(e)
+ }
+ }()
+ }
+ if r != nil {
+ r(d)
+ }
+ if r1 != nil {
+ r1(d)
+ }
+ }
+ }
+ }
{
h1 := t.OnPoolRelease
h2 := x.OnPoolRelease
@@ -524,9 +591,9 @@ func (t *Driver) Compose(x *Driver, opts ...DriverComposeOption) *Driver {
}
}
{
- h1 := t.OnConnAllow
- h2 := x.OnConnAllow
- ret.OnConnAllow = func(d DriverConnAllowStartInfo) func(DriverConnAllowDoneInfo) {
+ h1 := t.OnConnUnban
+ h2 := x.OnConnUnban
+ ret.OnConnUnban = func(d DriverConnUnbanStartInfo) func(DriverConnUnbanDoneInfo) {
if options.panicCallback != nil {
defer func() {
if e := recover(); e != nil {
@@ -534,14 +601,14 @@ func (t *Driver) Compose(x *Driver, opts ...DriverComposeOption) *Driver {
}
}()
}
- var r, r1 func(DriverConnAllowDoneInfo)
+ var r, r1 func(DriverConnUnbanDoneInfo)
if h1 != nil {
r = h1(d)
}
if h2 != nil {
r1 = h2(d)
}
- return func(d DriverConnAllowDoneInfo) {
+ return func(d DriverConnUnbanDoneInfo) {
if options.panicCallback != nil {
defer func() {
if e := recover(); e != nil {
@@ -733,6 +800,41 @@ func (t *Driver) Compose(x *Driver, opts ...DriverComposeOption) *Driver {
}
}
}
+ {
+ h1 := t.OnBalancerGetConn
+ h2 := x.OnBalancerGetConn
+ ret.OnBalancerGetConn = func(d DriverBalancerGetConnStartInfo) func(DriverBalancerGetConnDoneInfo) {
+ if options.panicCallback != nil {
+ defer func() {
+ if e := recover(); e != nil {
+ options.panicCallback(e)
+ }
+ }()
+ }
+ var r, r1 func(DriverBalancerGetConnDoneInfo)
+ if h1 != nil {
+ r = h1(d)
+ }
+ if h2 != nil {
+ r1 = h2(d)
+ }
+ return func(d DriverBalancerGetConnDoneInfo) {
+ if options.panicCallback != nil {
+ defer func() {
+ if e := recover(); e != nil {
+ options.panicCallback(e)
+ }
+ }()
+ }
+ if r != nil {
+ r(d)
+ }
+ if r1 != nil {
+ r1(d)
+ }
+ }
+ }
+ }
{
h1 := t.OnBalancerChooseEndpoint
h2 := x.OnBalancerChooseEndpoint
@@ -838,6 +940,41 @@ func (t *Driver) Compose(x *Driver, opts ...DriverComposeOption) *Driver {
}
}
}
+ {
+ h1 := t.OnBalancerMarkConnAsBad
+ h2 := x.OnBalancerMarkConnAsBad
+ ret.OnBalancerMarkConnAsBad = func(d DriverBalancerMarkConnAsBadStartInfo) func(DriverBalancerMarkConnAsBadDoneInfo) {
+ if options.panicCallback != nil {
+ defer func() {
+ if e := recover(); e != nil {
+ options.panicCallback(e)
+ }
+ }()
+ }
+ var r, r1 func(DriverBalancerMarkConnAsBadDoneInfo)
+ if h1 != nil {
+ r = h1(d)
+ }
+ if h2 != nil {
+ r1 = h2(d)
+ }
+ return func(d DriverBalancerMarkConnAsBadDoneInfo) {
+ if options.panicCallback != nil {
+ defer func() {
+ if e := recover(); e != nil {
+ options.panicCallback(e)
+ }
+ }()
+ }
+ if r != nil {
+ r(d)
+ }
+ if r1 != nil {
+ r1(d)
+ }
+ }
+ }
+ }
{
h1 := t.OnGetCredentials
h2 := x.OnGetCredentials
@@ -935,6 +1072,36 @@ func (t *Driver) onPoolNew(d DriverConnPoolNewStartInfo) func(DriverConnPoolNewD
}
return res
}
+func (t *Driver) onPoolAttach(d DriverConnPoolAttachStartInfo) func(DriverConnPoolAttachDoneInfo) {
+ fn := t.OnPoolAttach
+ if fn == nil {
+ return func(DriverConnPoolAttachDoneInfo) {
+ return
+ }
+ }
+ res := fn(d)
+ if res == nil {
+ return func(DriverConnPoolAttachDoneInfo) {
+ return
+ }
+ }
+ return res
+}
+func (t *Driver) onPoolDetach(d DriverConnPoolDetachStartInfo) func(DriverConnPoolDetachDoneInfo) {
+ fn := t.OnPoolDetach
+ if fn == nil {
+ return func(DriverConnPoolDetachDoneInfo) {
+ return
+ }
+ }
+ res := fn(d)
+ if res == nil {
+ return func(DriverConnPoolDetachDoneInfo) {
+ return
+ }
+ }
+ return res
+}
func (t *Driver) onPoolRelease(d DriverConnPoolReleaseStartInfo) func(DriverConnPoolReleaseDoneInfo) {
fn := t.OnPoolRelease
if fn == nil {
@@ -1085,16 +1252,16 @@ func (t *Driver) onConnBan(d DriverConnBanStartInfo) func(DriverConnBanDoneInfo)
}
return res
}
-func (t *Driver) onConnAllow(d DriverConnAllowStartInfo) func(DriverConnAllowDoneInfo) {
- fn := t.OnConnAllow
+func (t *Driver) onConnUnban(d DriverConnUnbanStartInfo) func(DriverConnUnbanDoneInfo) {
+ fn := t.OnConnUnban
if fn == nil {
- return func(DriverConnAllowDoneInfo) {
+ return func(DriverConnUnbanDoneInfo) {
return
}
}
res := fn(d)
if res == nil {
- return func(DriverConnAllowDoneInfo) {
+ return func(DriverConnUnbanDoneInfo) {
return
}
}
@@ -1175,6 +1342,21 @@ func (t *Driver) onBalancerClose(d DriverBalancerCloseStartInfo) func(DriverBala
}
return res
}
+func (t *Driver) onBalancerGetConn(d DriverBalancerGetConnStartInfo) func(DriverBalancerGetConnDoneInfo) {
+ fn := t.OnBalancerGetConn
+ if fn == nil {
+ return func(DriverBalancerGetConnDoneInfo) {
+ return
+ }
+ }
+ res := fn(d)
+ if res == nil {
+ return func(DriverBalancerGetConnDoneInfo) {
+ return
+ }
+ }
+ return res
+}
func (t *Driver) onBalancerChooseEndpoint(d DriverBalancerChooseEndpointStartInfo) func(DriverBalancerChooseEndpointDoneInfo) {
fn := t.OnBalancerChooseEndpoint
if fn == nil {
@@ -1220,6 +1402,21 @@ func (t *Driver) onBalancerUpdate(d DriverBalancerUpdateStartInfo) func(DriverBa
}
return res
}
+func (t *Driver) onBalancerMarkConnAsBad(d DriverBalancerMarkConnAsBadStartInfo) func(DriverBalancerMarkConnAsBadDoneInfo) {
+ fn := t.OnBalancerMarkConnAsBad
+ if fn == nil {
+ return func(DriverBalancerMarkConnAsBadDoneInfo) {
+ return
+ }
+ }
+ res := fn(d)
+ if res == nil {
+ return func(DriverBalancerMarkConnAsBadDoneInfo) {
+ return
+ }
+ }
+ return res
+}
func (t *Driver) onGetCredentials(d DriverGetCredentialsStartInfo) func(DriverGetCredentialsDoneInfo) {
fn := t.OnGetCredentials
if fn == nil {
@@ -1235,7 +1432,6 @@ func (t *Driver) onGetCredentials(d DriverGetCredentialsStartInfo) func(DriverGe
}
return res
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnInit(t *Driver, c *context.Context, call call, endpoint string, database string, secure bool) func(error) {
var p DriverInitStartInfo
p.Context = c
@@ -1250,7 +1446,6 @@ func DriverOnInit(t *Driver, c *context.Context, call call, endpoint string, dat
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnWith(t *Driver, c *context.Context, call call, endpoint string, database string, secure bool) func(error) {
var p DriverWithStartInfo
p.Context = c
@@ -1265,7 +1460,6 @@ func DriverOnWith(t *Driver, c *context.Context, call call, endpoint string, dat
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnClose(t *Driver, c *context.Context, call call) func(error) {
var p DriverCloseStartInfo
p.Context = c
@@ -1277,7 +1471,6 @@ func DriverOnClose(t *Driver, c *context.Context, call call) func(error) {
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnPoolNew(t *Driver, c *context.Context, call call) func() {
var p DriverConnPoolNewStartInfo
p.Context = c
@@ -1288,7 +1481,28 @@ func DriverOnPoolNew(t *Driver, c *context.Context, call call) func() {
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
+func DriverOnPoolAttach(t *Driver, c *context.Context, call call) func(error) {
+ var p DriverConnPoolAttachStartInfo
+ p.Context = c
+ p.Call = call
+ res := t.onPoolAttach(p)
+ return func(e error) {
+ var p DriverConnPoolAttachDoneInfo
+ p.Error = e
+ res(p)
+ }
+}
+func DriverOnPoolDetach(t *Driver, c *context.Context, call call) func(error) {
+ var p DriverConnPoolDetachStartInfo
+ p.Context = c
+ p.Call = call
+ res := t.onPoolDetach(p)
+ return func(e error) {
+ var p DriverConnPoolDetachDoneInfo
+ p.Error = e
+ res(p)
+ }
+}
func DriverOnPoolRelease(t *Driver, c *context.Context, call call) func(error) {
var p DriverConnPoolReleaseStartInfo
p.Context = c
@@ -1300,7 +1514,6 @@ func DriverOnPoolRelease(t *Driver, c *context.Context, call call) func(error) {
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnResolve(t *Driver, call call, target string, resolved []string) func(error) {
var p DriverResolveStartInfo
p.Call = call
@@ -1313,7 +1526,6 @@ func DriverOnResolve(t *Driver, call call, target string, resolved []string) fun
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnConnStateChange(t *Driver, c *context.Context, call call, endpoint EndpointInfo, state ConnState) func(state ConnState) {
var p DriverConnStateChangeStartInfo
p.Context = c
@@ -1327,7 +1539,6 @@ func DriverOnConnStateChange(t *Driver, c *context.Context, call call, endpoint
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnConnInvoke(t *Driver, c *context.Context, call call, endpoint EndpointInfo, m Method) func(_ error, issues []Issue, opID string, state ConnState, metadata map[string][]string) {
var p DriverConnInvokeStartInfo
p.Context = c
@@ -1345,7 +1556,6 @@ func DriverOnConnInvoke(t *Driver, c *context.Context, call call, endpoint Endpo
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnConnNewStream(t *Driver, c *context.Context, call call, endpoint EndpointInfo, m Method) func(_ error, state ConnState) {
var p DriverConnNewStreamStartInfo
p.Context = c
@@ -1360,7 +1570,6 @@ func DriverOnConnNewStream(t *Driver, c *context.Context, call call, endpoint En
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnConnStreamRecvMsg(t *Driver, c *context.Context, call call) func(error) {
var p DriverConnStreamRecvMsgStartInfo
p.Context = c
@@ -1372,7 +1581,6 @@ func DriverOnConnStreamRecvMsg(t *Driver, c *context.Context, call call) func(er
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnConnStreamSendMsg(t *Driver, c *context.Context, call call) func(error) {
var p DriverConnStreamSendMsgStartInfo
p.Context = c
@@ -1384,7 +1592,6 @@ func DriverOnConnStreamSendMsg(t *Driver, c *context.Context, call call) func(er
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnConnStreamCloseSend(t *Driver, c *context.Context, call call) func(error) {
var p DriverConnStreamCloseSendStartInfo
p.Context = c
@@ -1396,7 +1603,6 @@ func DriverOnConnStreamCloseSend(t *Driver, c *context.Context, call call) func(
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnConnDial(t *Driver, c *context.Context, call call, endpoint EndpointInfo) func(error) {
var p DriverConnDialStartInfo
p.Context = c
@@ -1409,7 +1615,6 @@ func DriverOnConnDial(t *Driver, c *context.Context, call call, endpoint Endpoin
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnConnBan(t *Driver, c *context.Context, call call, endpoint EndpointInfo, state ConnState, cause error) func(state ConnState) {
var p DriverConnBanStartInfo
p.Context = c
@@ -1424,21 +1629,19 @@ func DriverOnConnBan(t *Driver, c *context.Context, call call, endpoint Endpoint
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
-func DriverOnConnAllow(t *Driver, c *context.Context, call call, endpoint EndpointInfo, state ConnState) func(state ConnState) {
- var p DriverConnAllowStartInfo
+func DriverOnConnUnban(t *Driver, c *context.Context, call call, endpoint EndpointInfo, state ConnState) func(state ConnState) {
+ var p DriverConnUnbanStartInfo
p.Context = c
p.Call = call
p.Endpoint = endpoint
p.State = state
- res := t.onConnAllow(p)
+ res := t.onConnUnban(p)
return func(state ConnState) {
- var p DriverConnAllowDoneInfo
+ var p DriverConnUnbanDoneInfo
p.State = state
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnConnPark(t *Driver, c *context.Context, call call, endpoint EndpointInfo) func(error) {
var p DriverConnParkStartInfo
p.Context = c
@@ -1451,7 +1654,6 @@ func DriverOnConnPark(t *Driver, c *context.Context, call call, endpoint Endpoin
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnConnClose(t *Driver, c *context.Context, call call, endpoint EndpointInfo) func(error) {
var p DriverConnCloseStartInfo
p.Context = c
@@ -1464,7 +1666,6 @@ func DriverOnConnClose(t *Driver, c *context.Context, call call, endpoint Endpoi
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnRepeaterWakeUp(t *Driver, c *context.Context, call call, name string, event string) func(error) {
var p DriverRepeaterWakeUpStartInfo
p.Context = c
@@ -1478,7 +1679,6 @@ func DriverOnRepeaterWakeUp(t *Driver, c *context.Context, call call, name strin
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnBalancerInit(t *Driver, c *context.Context, call call, name string) func(error) {
var p DriverBalancerInitStartInfo
p.Context = c
@@ -1491,7 +1691,6 @@ func DriverOnBalancerInit(t *Driver, c *context.Context, call call, name string)
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnBalancerClose(t *Driver, c *context.Context, call call) func(error) {
var p DriverBalancerCloseStartInfo
p.Context = c
@@ -1503,7 +1702,18 @@ func DriverOnBalancerClose(t *Driver, c *context.Context, call call) func(error)
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
+func DriverOnBalancerGetConn(t *Driver, c *context.Context, call call) func(endpoint EndpointInfo, _ error) {
+ var p DriverBalancerGetConnStartInfo
+ p.Context = c
+ p.Call = call
+ res := t.onBalancerGetConn(p)
+ return func(endpoint EndpointInfo, e error) {
+ var p DriverBalancerGetConnDoneInfo
+ p.Endpoint = endpoint
+ p.Error = e
+ res(p)
+ }
+}
func DriverOnBalancerChooseEndpoint(t *Driver, c *context.Context, call call) func(endpoint EndpointInfo, _ error) {
var p DriverBalancerChooseEndpointStartInfo
p.Context = c
@@ -1516,7 +1726,6 @@ func DriverOnBalancerChooseEndpoint(t *Driver, c *context.Context, call call) fu
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnBalancerClusterDiscoveryAttempt(t *Driver, c *context.Context, call call, address string) func(error) {
var p DriverBalancerClusterDiscoveryAttemptStartInfo
p.Context = c
@@ -1529,7 +1738,6 @@ func DriverOnBalancerClusterDiscoveryAttempt(t *Driver, c *context.Context, call
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
func DriverOnBalancerUpdate(t *Driver, c *context.Context, call call, needLocalDC bool) func(endpoints []EndpointInfo, added []EndpointInfo, dropped []EndpointInfo, localDC string) {
var p DriverBalancerUpdateStartInfo
p.Context = c
@@ -1545,7 +1753,20 @@ func DriverOnBalancerUpdate(t *Driver, c *context.Context, call call, needLocalD
res(p)
}
}
-// Internals: https://github.com/ydb-platform/ydb-go-sdk/blob/master/VERSIONING.md#internals
+func DriverOnBalancerMarkConnAsBad(t *Driver, c *context.Context, call call, endpoint EndpointInfo, cause error) func(prefer []EndpointInfo, fallback []EndpointInfo) {
+ var p DriverBalancerMarkConnAsBadStartInfo
+ p.Context = c
+ p.Call = call
+ p.Endpoint = endpoint
+ p.Cause = cause
+ res := t.onBalancerMarkConnAsBad(p)
+ return func(prefer []EndpointInfo, fallback []EndpointInfo) {
+ var p DriverBalancerMarkConnAsBadDoneInfo
+ p.Prefer = prefer
+ p.Fallback = fallback
+ res(p)
+ }
+}
func DriverOnGetCredentials(t *Driver, c *context.Context, call call) func(token string, _ error) {
var p DriverGetCredentialsStartInfo
p.Context = c