gitea-bot
2667aca6cf
This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. Reviewed-on: #2175 Co-authored-by: gitea-bot <gitea-bot@alexlebens.net> Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
10972 lines
738 KiB
YAML
10972 lines
738 KiB
YAML
---
|
|
# Source: volsync/charts/volsync/templates/serviceaccount.yaml
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: volsync
|
|
labels:
|
|
helm.sh/chart: volsync-0.14.0
|
|
app.kubernetes.io/name: volsync
|
|
app.kubernetes.io/instance: volsync
|
|
app.kubernetes.io/version: "0.14.0"
|
|
app.kubernetes.io/managed-by: Helm
|
|
---
|
|
# Source: volsync/charts/volsync/templates/volsync.backube_replicationdestinations.yaml
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.19.0
|
|
helm.sh/resource-policy: keep
|
|
name: replicationdestinations.volsync.backube
|
|
spec:
|
|
group: volsync.backube
|
|
names:
|
|
kind: ReplicationDestination
|
|
listKind: ReplicationDestinationList
|
|
plural: replicationdestinations
|
|
singular: replicationdestination
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- format: date-time
|
|
jsonPath: .status.lastSyncTime
|
|
name: Last sync
|
|
type: string
|
|
- jsonPath: .status.lastSyncDuration
|
|
name: Duration
|
|
type: string
|
|
- format: date-time
|
|
jsonPath: .status.nextSyncTime
|
|
name: Next sync
|
|
type: string
|
|
name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: |-
|
|
A ReplicationDestination is a VolSync resource that you can use to define the destination of a VolSync replication
|
|
or synchronization.
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: |-
|
|
spec is the desired state of the ReplicationDestination, including the
|
|
replication method to use and its configuration.
|
|
properties:
|
|
external:
|
|
description: |-
|
|
external defines the configuration when using an external replication
|
|
provider.
|
|
properties:
|
|
parameters:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
parameters are provider-specific key/value configuration parameters. For
|
|
more information, please see the documentation of the specific
|
|
replication provider being used.
|
|
type: object
|
|
provider:
|
|
description: |-
|
|
provider is the name of the external replication provider. The name
|
|
should be of the form: domain.com/provider.
|
|
type: string
|
|
type: object
|
|
paused:
|
|
description: paused can be used to temporarily stop replication. Defaults to "false".
|
|
type: boolean
|
|
rclone:
|
|
description: rclone defines the configuration when using Rclone-based replication.
|
|
properties:
|
|
accessModes:
|
|
description: accessModes specifies the access modes for the destination volume.
|
|
items:
|
|
type: string
|
|
minItems: 1
|
|
type: array
|
|
capacity:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: capacity is the size of the destination volume to create.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
cleanupTempPVC:
|
|
description: |-
|
|
Set this to true to delete the temp destination PVC (dynamically provisioned
|
|
by VolSync) at the end of each successful ReplicationDestination sync iteration.
|
|
If destinationPVC is set, this will have no effect, VolSync will only
|
|
cleanup temp PVCs that it deployed.
|
|
Note that if this is set to true, every sync this ReplicationDestination
|
|
makes will re-provision a new temp destination PVC and all data
|
|
will need to be sent again during the sync.
|
|
Dynamically provisioned destination PVCs will always be deleted if the
|
|
owning ReplicationDestination is removed, even if this setting is false.
|
|
The default is false.
|
|
type: boolean
|
|
copyMethod:
|
|
description: |-
|
|
copyMethod describes how a point-in-time (PiT) image of the destination
|
|
volume should be created.
|
|
enum:
|
|
- Direct
|
|
- None
|
|
- Clone
|
|
- Snapshot
|
|
type: string
|
|
customCA:
|
|
description: customCA is a custom CA that will be used to verify the remote
|
|
properties:
|
|
configMapName:
|
|
description: |-
|
|
The name of a ConfigMap that contains the custom CA certificate
|
|
If ConfigMapName is used then SecretName should not be set
|
|
type: string
|
|
key:
|
|
description: The key within the Secret or ConfigMap containing the CA certificate
|
|
type: string
|
|
secretName:
|
|
description: |-
|
|
The name of a Secret that contains the custom CA certificate
|
|
If SecretName is used then ConfigMapName should not be set
|
|
type: string
|
|
type: object
|
|
destinationPVC:
|
|
description: |-
|
|
destinationPVC is a PVC to use as the transfer destination instead of
|
|
automatically provisioning one. Either this field or both capacity and
|
|
accessModes must be specified.
|
|
type: string
|
|
moverAffinity:
|
|
description: MoverAffinity allows specifying the PodAffinity that will be used by the data mover
|
|
properties:
|
|
nodeAffinity:
|
|
description: Describes node affinity scheduling rules for the pod.
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and adding
|
|
"weight" to the sum if the node matches the corresponding matchExpressions; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: |-
|
|
An empty preferred scheduling term matches all objects with implicit weight 0
|
|
(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
|
|
properties:
|
|
preference:
|
|
description: A node selector term, associated with the corresponding weight.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements by node's labels.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchFields:
|
|
description: A list of node selector requirements by node's fields.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
weight:
|
|
description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- preference
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to an update), the system
|
|
may or may not try to eventually evict the pod from its node.
|
|
properties:
|
|
nodeSelectorTerms:
|
|
description: Required. A list of node selector terms. The terms are ORed.
|
|
items:
|
|
description: |-
|
|
A null or empty node selector term matches no objects. The requirements of
|
|
them are ANDed.
|
|
The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements by node's labels.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchFields:
|
|
description: A list of node selector requirements by node's fields.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- nodeSelectorTerms
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
podAffinity:
|
|
description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and adding
|
|
"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: |-
|
|
weight associated with matching the corresponding podAffinityTerm,
|
|
in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod label update), the
|
|
system may or may not try to eventually evict the pod from its node.
|
|
When there are multiple elements, the lists of nodes corresponding to each
|
|
podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: |-
|
|
Defines a set of pods (namely those matching the labelSelector
|
|
relative to the given namespace(s)) that this pod should be
|
|
co-located (affinity) or not co-located (anti-affinity) with,
|
|
where co-located is defined as running on a node whose value of
|
|
the label with key <topologyKey> matches that of any node on which
|
|
a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
podAntiAffinity:
|
|
description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the anti-affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling anti-affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and subtracting
|
|
"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: |-
|
|
weight associated with matching the corresponding podAffinityTerm,
|
|
in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the anti-affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the anti-affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod label update), the
|
|
system may or may not try to eventually evict the pod from its node.
|
|
When there are multiple elements, the lists of nodes corresponding to each
|
|
podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: |-
|
|
Defines a set of pods (namely those matching the labelSelector
|
|
relative to the given namespace(s)) that this pod should be
|
|
co-located (affinity) or not co-located (anti-affinity) with,
|
|
where co-located is defined as running on a node whose value of
|
|
the label with key <topologyKey> matches that of any node on which
|
|
a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
type: object
|
|
moverPodLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Labels that should be added to data mover pods
|
|
These will be in addition to any labels that VolSync may add
|
|
type: object
|
|
moverResources:
|
|
description: |-
|
|
Resources represents compute resources required by the data mover container.
|
|
Immutable.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
|
This should only be used by advanced users as this can result in a mover
|
|
pod being unschedulable or crashing due to limited resources.
|
|
properties:
|
|
claims:
|
|
description: |-
|
|
Claims lists the names of resources, defined in spec.resourceClaims,
|
|
that are used by this container.
|
|
|
|
This field depends on the
|
|
DynamicResourceAllocation feature gate.
|
|
|
|
This field is immutable. It can only be set for containers.
|
|
items:
|
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
|
properties:
|
|
name:
|
|
description: |-
|
|
Name must match the name of one entry in pod.spec.resourceClaims of
|
|
the Pod where this field is used. It makes that resource available
|
|
inside a container.
|
|
type: string
|
|
request:
|
|
description: |-
|
|
Request is the name chosen for a request in the referenced claim.
|
|
If empty, everything from the claim is made available, otherwise
|
|
only the result of this request.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-map-keys:
|
|
- name
|
|
x-kubernetes-list-type: map
|
|
limits:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Limits describes the maximum amount of compute resources allowed.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
requests:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Requests describes the minimum amount of compute resources required.
|
|
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
|
|
otherwise to an implementation-defined value. Requests cannot exceed Limits.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
type: object
|
|
moverSecurityContext:
|
|
description: |-
|
|
MoverSecurityContext allows specifying the PodSecurityContext that will
|
|
be used by the data mover
|
|
properties:
|
|
appArmorProfile:
|
|
description: |-
|
|
appArmorProfile is the AppArmor options to use by the containers in this pod.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
localhostProfile:
|
|
description: |-
|
|
localhostProfile indicates a profile loaded on the node that should be used.
|
|
The profile must be preconfigured on the node to work.
|
|
Must match the loaded name of the profile.
|
|
Must be set if and only if type is "Localhost".
|
|
type: string
|
|
type:
|
|
description: |-
|
|
type indicates which kind of AppArmor profile will be applied.
|
|
Valid options are:
|
|
Localhost - a profile pre-loaded on the node.
|
|
RuntimeDefault - the container runtime's default profile.
|
|
Unconfined - no AppArmor enforcement.
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
fsGroup:
|
|
description: |-
|
|
A special supplemental group that applies to all containers in a pod.
|
|
Some volume types allow the Kubelet to change the ownership of that volume
|
|
to be owned by the pod:
|
|
|
|
1. The owning GID will be the FSGroup
|
|
2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
|
|
3. The permission bits are OR'd with rw-rw----
|
|
|
|
If unset, the Kubelet will not modify the ownership and permissions of any volume.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
fsGroupChangePolicy:
|
|
description: |-
|
|
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
|
|
before being exposed inside Pod. This field will only apply to
|
|
volume types which support fsGroup based ownership(and permissions).
|
|
It will have no effect on ephemeral volume types such as: secret, configmaps
|
|
and emptydir.
|
|
Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
runAsGroup:
|
|
description: |-
|
|
The GID to run the entrypoint of the container process.
|
|
Uses runtime default if unset.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence
|
|
for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
runAsNonRoot:
|
|
description: |-
|
|
Indicates that the container must run as a non-root user.
|
|
If true, the Kubelet will validate the image at runtime to ensure that it
|
|
does not run as UID 0 (root) and fail to start the container if it does.
|
|
If unset or false, no such validation will be performed.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
type: boolean
|
|
runAsUser:
|
|
description: |-
|
|
The UID to run the entrypoint of the container process.
|
|
Defaults to user specified in image metadata if unspecified.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence
|
|
for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
seLinuxChangePolicy:
|
|
description: |-
|
|
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
|
|
It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
|
|
Valid values are "MountOption" and "Recursive".
|
|
|
|
"Recursive" means relabeling of all files on all Pod volumes by the container runtime.
|
|
This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
|
|
|
|
"MountOption" mounts all eligible Pod volumes with `-o context` mount option.
|
|
This requires all Pods that share the same volume to use the same SELinux label.
|
|
It is not possible to share the same volume among privileged and unprivileged Pods.
|
|
Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
|
|
whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
|
|
CSIDriver instance. Other volumes are always re-labelled recursively.
|
|
"MountOption" value is allowed only when SELinuxMount feature gate is enabled.
|
|
|
|
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
|
|
If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
|
|
and "Recursive" for all other volumes.
|
|
|
|
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
|
|
|
|
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
seLinuxOptions:
|
|
description: |-
|
|
The SELinux context to be applied to all containers.
|
|
If unspecified, the container runtime will allocate a random SELinux context for each
|
|
container. May also be set in SecurityContext. If set in
|
|
both SecurityContext and PodSecurityContext, the value specified in SecurityContext
|
|
takes precedence for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
level:
|
|
description: Level is SELinux level label that applies to the container.
|
|
type: string
|
|
role:
|
|
description: Role is a SELinux role label that applies to the container.
|
|
type: string
|
|
type:
|
|
description: Type is a SELinux type label that applies to the container.
|
|
type: string
|
|
user:
|
|
description: User is a SELinux user label that applies to the container.
|
|
type: string
|
|
type: object
|
|
seccompProfile:
|
|
description: |-
|
|
The seccomp options to use by the containers in this pod.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
localhostProfile:
|
|
description: |-
|
|
localhostProfile indicates a profile defined in a file on the node should be used.
|
|
The profile must be preconfigured on the node to work.
|
|
Must be a descending path, relative to the kubelet's configured seccomp profile location.
|
|
Must be set if type is "Localhost". Must NOT be set for any other type.
|
|
type: string
|
|
type:
|
|
description: |-
|
|
type indicates which kind of seccomp profile will be applied.
|
|
Valid options are:
|
|
|
|
Localhost - a profile defined in a file on the node should be used.
|
|
RuntimeDefault - the container runtime default profile should be used.
|
|
Unconfined - no profile should be applied.
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
supplementalGroups:
|
|
description: |-
|
|
A list of groups applied to the first process run in each container, in
|
|
addition to the container's primary GID and fsGroup (if specified). If
|
|
the SupplementalGroupsPolicy feature is enabled, the
|
|
supplementalGroupsPolicy field determines whether these are in addition
|
|
to or instead of any group memberships defined in the container image.
|
|
If unspecified, no additional groups are added, though group memberships
|
|
defined in the container image may still be used, depending on the
|
|
supplementalGroupsPolicy field.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
items:
|
|
format: int64
|
|
type: integer
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
supplementalGroupsPolicy:
|
|
description: |-
|
|
Defines how supplemental groups of the first container processes are calculated.
|
|
Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
|
|
(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
|
|
and the container runtime must implement support for this feature.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
sysctls:
|
|
description: |-
|
|
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
|
|
sysctls (by the container runtime) might fail to launch.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
items:
|
|
description: Sysctl defines a kernel parameter to be set
|
|
properties:
|
|
name:
|
|
description: Name of a property to set
|
|
type: string
|
|
value:
|
|
description: Value of a property to set
|
|
type: string
|
|
required:
|
|
- name
|
|
- value
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
windowsOptions:
|
|
description: |-
|
|
The Windows specific settings applied to all containers.
|
|
If unspecified, the options within a container's SecurityContext will be used.
|
|
If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
Note that this field cannot be set when spec.os.name is linux.
|
|
properties:
|
|
gmsaCredentialSpec:
|
|
description: |-
|
|
GMSACredentialSpec is where the GMSA admission webhook
|
|
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
|
|
GMSA credential spec named by the GMSACredentialSpecName field.
|
|
type: string
|
|
gmsaCredentialSpecName:
|
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
|
type: string
|
|
hostProcess:
|
|
description: |-
|
|
HostProcess determines if a container should be run as a 'Host Process' container.
|
|
All of a Pod's containers must have the same effective HostProcess value
|
|
(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
|
|
In addition, if HostProcess is true then HostNetwork must also be set to true.
|
|
type: boolean
|
|
runAsUserName:
|
|
description: |-
|
|
The UserName in Windows to run the entrypoint of the container process.
|
|
Defaults to the user specified in image metadata if unspecified.
|
|
May also be set in PodSecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
moverServiceAccount:
|
|
description: |-
|
|
MoverServiceAccount allows specifying the name of the service account
|
|
that will be used by the data mover. This should only be used by advanced
|
|
users who want to override the service account normally used by the mover.
|
|
The service account needs to exist in the same namespace as this CR.
|
|
type: string
|
|
moverVolumes:
|
|
description: |-
|
|
MoverVolumes are PVCs or Secrets that should additionally be mounted to the mover job pod.
|
|
This should only be used by advanced users.
|
|
items:
|
|
properties:
|
|
mountPath:
|
|
description: |-
|
|
Path to give the volume when mounting under /mnt in the mover job pod.
|
|
For example if mountPath is 'my-pvc' then this moverVolume will be mounted in the mover pod
|
|
at /mnt/my-pvc
|
|
type: string
|
|
volumeSource:
|
|
description: volumeSource represents the secret or PersistentVolumeClaim that should be mounted to the mover pod.
|
|
properties:
|
|
persistentVolumeClaim:
|
|
description: |-
|
|
persistentVolumeClaimVolumeSource represents a reference to a
|
|
PersistentVolumeClaim in the same namespace.
|
|
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
|
|
nolint:lll
|
|
properties:
|
|
claimName:
|
|
description: |-
|
|
claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
|
|
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
|
|
type: string
|
|
readOnly:
|
|
description: |-
|
|
readOnly Will force the ReadOnly setting in VolumeMounts.
|
|
Default false.
|
|
type: boolean
|
|
required:
|
|
- claimName
|
|
type: object
|
|
secret:
|
|
description: |-
|
|
secret represents a secret that should populate this volume.
|
|
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
|
|
properties:
|
|
defaultMode:
|
|
description: |-
|
|
defaultMode is Optional: mode bits used to set permissions on created files by default.
|
|
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
|
|
YAML accepts both octal and decimal values, JSON requires decimal values
|
|
for mode bits. Defaults to 0644.
|
|
Directories within the path are not affected by this setting.
|
|
This might be in conflict with other options that affect the file
|
|
mode, like fsGroup, and the result can be other mode bits set.
|
|
format: int32
|
|
type: integer
|
|
items:
|
|
description: |-
|
|
items If unspecified, each key-value pair in the Data field of the referenced
|
|
Secret will be projected into the volume as a file whose name is the
|
|
key and content is the value. If specified, the listed keys will be
|
|
projected into the specified paths, and unlisted keys will not be
|
|
present. If a key is specified which is not present in the Secret,
|
|
the volume setup will error unless it is marked optional. Paths must be
|
|
relative and may not contain the '..' path or start with '..'.
|
|
items:
|
|
description: Maps a string key to a path within a volume.
|
|
properties:
|
|
key:
|
|
description: key is the key to project.
|
|
type: string
|
|
mode:
|
|
description: |-
|
|
mode is Optional: mode bits used to set permissions on this file.
|
|
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
|
|
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
|
|
If not specified, the volume defaultMode will be used.
|
|
This might be in conflict with other options that affect the file
|
|
mode, like fsGroup, and the result can be other mode bits set.
|
|
format: int32
|
|
type: integer
|
|
path:
|
|
description: |-
|
|
path is the relative path of the file to map the key to.
|
|
May not be an absolute path.
|
|
May not contain the path element '..'.
|
|
May not start with the string '..'.
|
|
type: string
|
|
required:
|
|
- key
|
|
- path
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
optional:
|
|
description: optional field specify whether the Secret or its keys must be defined
|
|
type: boolean
|
|
secretName:
|
|
description: |-
|
|
secretName is the name of the secret in the pod's namespace to use.
|
|
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
|
|
type: string
|
|
type: object
|
|
type: object
|
|
required:
|
|
- mountPath
|
|
- volumeSource
|
|
type: object
|
|
type: array
|
|
rcloneConfig:
|
|
description: RcloneConfig is the rclone secret name
|
|
type: string
|
|
rcloneConfigSection:
|
|
description: RcloneConfigSection is the section in rclone_config file to use for the current job.
|
|
type: string
|
|
rcloneDestPath:
|
|
description: RcloneDestPath is the remote path to sync to.
|
|
type: string
|
|
storageClassName:
|
|
description: |-
|
|
storageClassName can be used to specify the StorageClass of the
|
|
destination volume. If not set, the default StorageClass will be used.
|
|
type: string
|
|
volumeSnapshotClassName:
|
|
description: |-
|
|
volumeSnapshotClassName can be used to specify the VSC to be used if
|
|
copyMethod is Snapshot. If not set, the default VSC is used.
|
|
type: string
|
|
type: object
|
|
restic:
|
|
description: restic defines the configuration when using Restic-based replication.
|
|
properties:
|
|
accessModes:
|
|
description: accessModes specifies the access modes for the destination volume.
|
|
items:
|
|
type: string
|
|
minItems: 1
|
|
type: array
|
|
cacheAccessModes:
|
|
description: accessModes can be used to set the accessModes of restic metadata cache volume
|
|
items:
|
|
type: string
|
|
type: array
|
|
cacheCapacity:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: cacheCapacity can be used to set the size of the restic metadata cache volume
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
cacheStorageClassName:
|
|
description: |-
|
|
cacheStorageClassName can be used to set the StorageClass of the restic
|
|
metadata cache volume
|
|
type: string
|
|
capacity:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: capacity is the size of the destination volume to create.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
cleanupCachePVC:
|
|
description: |-
|
|
Set this to true to delete the restic cache PVC (dynamically provisioned
|
|
by VolSync) at the end of each successful ReplicationDestination sync iteration.
|
|
Cache PVCs will always be deleted if the owning ReplicationDestination is
|
|
removed, even if this setting is false.
|
|
The default is false.
|
|
type: boolean
|
|
cleanupTempPVC:
|
|
description: |-
|
|
Set this to true to delete the temp destination PVC (dynamically provisioned
|
|
by VolSync) at the end of each successful ReplicationDestination sync iteration.
|
|
If destinationPVC is set, this will have no effect, VolSync will only
|
|
cleanup temp PVCs that it deployed.
|
|
Note that if this is set to true, every sync this ReplicationDestination
|
|
makes will re-provision a new temp destination PVC and all data
|
|
will need to be sent again during the sync.
|
|
Dynamically provisioned destination PVCs will always be deleted if the
|
|
owning ReplicationDestination is removed, even if this setting is false.
|
|
The default is false.
|
|
type: boolean
|
|
copyMethod:
|
|
description: |-
|
|
copyMethod describes how a point-in-time (PiT) image of the destination
|
|
volume should be created.
|
|
enum:
|
|
- Direct
|
|
- None
|
|
- Clone
|
|
- Snapshot
|
|
type: string
|
|
customCA:
|
|
description: customCA is a custom CA that will be used to verify the remote
|
|
properties:
|
|
configMapName:
|
|
description: |-
|
|
The name of a ConfigMap that contains the custom CA certificate
|
|
If ConfigMapName is used then SecretName should not be set
|
|
type: string
|
|
key:
|
|
description: The key within the Secret or ConfigMap containing the CA certificate
|
|
type: string
|
|
secretName:
|
|
description: |-
|
|
The name of a Secret that contains the custom CA certificate
|
|
If SecretName is used then ConfigMapName should not be set
|
|
type: string
|
|
type: object
|
|
destinationPVC:
|
|
description: |-
|
|
destinationPVC is a PVC to use as the transfer destination instead of
|
|
automatically provisioning one. Either this field or both capacity and
|
|
accessModes must be specified.
|
|
type: string
|
|
enableFileDeletion:
|
|
description: |-
|
|
enableFileDeletion will pass the --delete flag to the restic restore command.
|
|
This will remove files and directories in the pvc that do not exist in the snapshot being restored.
|
|
Defaults to false.
|
|
type: boolean
|
|
moverAffinity:
|
|
description: MoverAffinity allows specifying the PodAffinity that will be used by the data mover
|
|
properties:
|
|
nodeAffinity:
|
|
description: Describes node affinity scheduling rules for the pod.
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and adding
|
|
"weight" to the sum if the node matches the corresponding matchExpressions; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: |-
|
|
An empty preferred scheduling term matches all objects with implicit weight 0
|
|
(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
|
|
properties:
|
|
preference:
|
|
description: A node selector term, associated with the corresponding weight.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements by node's labels.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchFields:
|
|
description: A list of node selector requirements by node's fields.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
weight:
|
|
description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- preference
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to an update), the system
|
|
may or may not try to eventually evict the pod from its node.
|
|
properties:
|
|
nodeSelectorTerms:
|
|
description: Required. A list of node selector terms. The terms are ORed.
|
|
items:
|
|
description: |-
|
|
A null or empty node selector term matches no objects. The requirements of
|
|
them are ANDed.
|
|
The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements by node's labels.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchFields:
|
|
description: A list of node selector requirements by node's fields.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- nodeSelectorTerms
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
podAffinity:
|
|
description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and adding
|
|
"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: |-
|
|
weight associated with matching the corresponding podAffinityTerm,
|
|
in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod label update), the
|
|
system may or may not try to eventually evict the pod from its node.
|
|
When there are multiple elements, the lists of nodes corresponding to each
|
|
podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: |-
|
|
Defines a set of pods (namely those matching the labelSelector
|
|
relative to the given namespace(s)) that this pod should be
|
|
co-located (affinity) or not co-located (anti-affinity) with,
|
|
where co-located is defined as running on a node whose value of
|
|
the label with key <topologyKey> matches that of any node on which
|
|
a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
podAntiAffinity:
|
|
description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the anti-affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling anti-affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and subtracting
|
|
"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: |-
|
|
weight associated with matching the corresponding podAffinityTerm,
|
|
in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the anti-affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the anti-affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod label update), the
|
|
system may or may not try to eventually evict the pod from its node.
|
|
When there are multiple elements, the lists of nodes corresponding to each
|
|
podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: |-
|
|
Defines a set of pods (namely those matching the labelSelector
|
|
relative to the given namespace(s)) that this pod should be
|
|
co-located (affinity) or not co-located (anti-affinity) with,
|
|
where co-located is defined as running on a node whose value of
|
|
the label with key <topologyKey> matches that of any node on which
|
|
a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
type: object
|
|
moverPodLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Labels that should be added to data mover pods
|
|
These will be in addition to any labels that VolSync may add
|
|
type: object
|
|
moverResources:
|
|
description: |-
|
|
Resources represents compute resources required by the data mover container.
|
|
Immutable.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
|
This should only be used by advanced users as this can result in a mover
|
|
pod being unschedulable or crashing due to limited resources.
|
|
properties:
|
|
claims:
|
|
description: |-
|
|
Claims lists the names of resources, defined in spec.resourceClaims,
|
|
that are used by this container.
|
|
|
|
This field depends on the
|
|
DynamicResourceAllocation feature gate.
|
|
|
|
This field is immutable. It can only be set for containers.
|
|
items:
|
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
|
properties:
|
|
name:
|
|
description: |-
|
|
Name must match the name of one entry in pod.spec.resourceClaims of
|
|
the Pod where this field is used. It makes that resource available
|
|
inside a container.
|
|
type: string
|
|
request:
|
|
description: |-
|
|
Request is the name chosen for a request in the referenced claim.
|
|
If empty, everything from the claim is made available, otherwise
|
|
only the result of this request.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-map-keys:
|
|
- name
|
|
x-kubernetes-list-type: map
|
|
limits:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Limits describes the maximum amount of compute resources allowed.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
requests:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Requests describes the minimum amount of compute resources required.
|
|
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
|
|
otherwise to an implementation-defined value. Requests cannot exceed Limits.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
type: object
|
|
moverSecurityContext:
|
|
description: |-
|
|
MoverSecurityContext allows specifying the PodSecurityContext that will
|
|
be used by the data mover
|
|
properties:
|
|
appArmorProfile:
|
|
description: |-
|
|
appArmorProfile is the AppArmor options to use by the containers in this pod.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
localhostProfile:
|
|
description: |-
|
|
localhostProfile indicates a profile loaded on the node that should be used.
|
|
The profile must be preconfigured on the node to work.
|
|
Must match the loaded name of the profile.
|
|
Must be set if and only if type is "Localhost".
|
|
type: string
|
|
type:
|
|
description: |-
|
|
type indicates which kind of AppArmor profile will be applied.
|
|
Valid options are:
|
|
Localhost - a profile pre-loaded on the node.
|
|
RuntimeDefault - the container runtime's default profile.
|
|
Unconfined - no AppArmor enforcement.
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
fsGroup:
|
|
description: |-
|
|
A special supplemental group that applies to all containers in a pod.
|
|
Some volume types allow the Kubelet to change the ownership of that volume
|
|
to be owned by the pod:
|
|
|
|
1. The owning GID will be the FSGroup
|
|
2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
|
|
3. The permission bits are OR'd with rw-rw----
|
|
|
|
If unset, the Kubelet will not modify the ownership and permissions of any volume.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
fsGroupChangePolicy:
|
|
description: |-
|
|
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
|
|
before being exposed inside Pod. This field will only apply to
|
|
volume types which support fsGroup based ownership(and permissions).
|
|
It will have no effect on ephemeral volume types such as: secret, configmaps
|
|
and emptydir.
|
|
Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
runAsGroup:
|
|
description: |-
|
|
The GID to run the entrypoint of the container process.
|
|
Uses runtime default if unset.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence
|
|
for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
runAsNonRoot:
|
|
description: |-
|
|
Indicates that the container must run as a non-root user.
|
|
If true, the Kubelet will validate the image at runtime to ensure that it
|
|
does not run as UID 0 (root) and fail to start the container if it does.
|
|
If unset or false, no such validation will be performed.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
type: boolean
|
|
runAsUser:
|
|
description: |-
|
|
The UID to run the entrypoint of the container process.
|
|
Defaults to user specified in image metadata if unspecified.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence
|
|
for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
seLinuxChangePolicy:
|
|
description: |-
|
|
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
|
|
It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
|
|
Valid values are "MountOption" and "Recursive".
|
|
|
|
"Recursive" means relabeling of all files on all Pod volumes by the container runtime.
|
|
This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
|
|
|
|
"MountOption" mounts all eligible Pod volumes with `-o context` mount option.
|
|
This requires all Pods that share the same volume to use the same SELinux label.
|
|
It is not possible to share the same volume among privileged and unprivileged Pods.
|
|
Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
|
|
whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
|
|
CSIDriver instance. Other volumes are always re-labelled recursively.
|
|
"MountOption" value is allowed only when SELinuxMount feature gate is enabled.
|
|
|
|
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
|
|
If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
|
|
and "Recursive" for all other volumes.
|
|
|
|
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
|
|
|
|
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
seLinuxOptions:
|
|
description: |-
|
|
The SELinux context to be applied to all containers.
|
|
If unspecified, the container runtime will allocate a random SELinux context for each
|
|
container. May also be set in SecurityContext. If set in
|
|
both SecurityContext and PodSecurityContext, the value specified in SecurityContext
|
|
takes precedence for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
level:
|
|
description: Level is SELinux level label that applies to the container.
|
|
type: string
|
|
role:
|
|
description: Role is a SELinux role label that applies to the container.
|
|
type: string
|
|
type:
|
|
description: Type is a SELinux type label that applies to the container.
|
|
type: string
|
|
user:
|
|
description: User is a SELinux user label that applies to the container.
|
|
type: string
|
|
type: object
|
|
seccompProfile:
|
|
description: |-
|
|
The seccomp options to use by the containers in this pod.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
localhostProfile:
|
|
description: |-
|
|
localhostProfile indicates a profile defined in a file on the node should be used.
|
|
The profile must be preconfigured on the node to work.
|
|
Must be a descending path, relative to the kubelet's configured seccomp profile location.
|
|
Must be set if type is "Localhost". Must NOT be set for any other type.
|
|
type: string
|
|
type:
|
|
description: |-
|
|
type indicates which kind of seccomp profile will be applied.
|
|
Valid options are:
|
|
|
|
Localhost - a profile defined in a file on the node should be used.
|
|
RuntimeDefault - the container runtime default profile should be used.
|
|
Unconfined - no profile should be applied.
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
supplementalGroups:
|
|
description: |-
|
|
A list of groups applied to the first process run in each container, in
|
|
addition to the container's primary GID and fsGroup (if specified). If
|
|
the SupplementalGroupsPolicy feature is enabled, the
|
|
supplementalGroupsPolicy field determines whether these are in addition
|
|
to or instead of any group memberships defined in the container image.
|
|
If unspecified, no additional groups are added, though group memberships
|
|
defined in the container image may still be used, depending on the
|
|
supplementalGroupsPolicy field.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
items:
|
|
format: int64
|
|
type: integer
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
supplementalGroupsPolicy:
|
|
description: |-
|
|
Defines how supplemental groups of the first container processes are calculated.
|
|
Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
|
|
(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
|
|
and the container runtime must implement support for this feature.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
sysctls:
|
|
description: |-
|
|
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
|
|
sysctls (by the container runtime) might fail to launch.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
items:
|
|
description: Sysctl defines a kernel parameter to be set
|
|
properties:
|
|
name:
|
|
description: Name of a property to set
|
|
type: string
|
|
value:
|
|
description: Value of a property to set
|
|
type: string
|
|
required:
|
|
- name
|
|
- value
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
windowsOptions:
|
|
description: |-
|
|
The Windows specific settings applied to all containers.
|
|
If unspecified, the options within a container's SecurityContext will be used.
|
|
If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
Note that this field cannot be set when spec.os.name is linux.
|
|
properties:
|
|
gmsaCredentialSpec:
|
|
description: |-
|
|
GMSACredentialSpec is where the GMSA admission webhook
|
|
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
|
|
GMSA credential spec named by the GMSACredentialSpecName field.
|
|
type: string
|
|
gmsaCredentialSpecName:
|
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
|
type: string
|
|
hostProcess:
|
|
description: |-
|
|
HostProcess determines if a container should be run as a 'Host Process' container.
|
|
All of a Pod's containers must have the same effective HostProcess value
|
|
(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
|
|
In addition, if HostProcess is true then HostNetwork must also be set to true.
|
|
type: boolean
|
|
runAsUserName:
|
|
description: |-
|
|
The UserName in Windows to run the entrypoint of the container process.
|
|
Defaults to the user specified in image metadata if unspecified.
|
|
May also be set in PodSecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
moverServiceAccount:
|
|
description: |-
|
|
MoverServiceAccount allows specifying the name of the service account
|
|
that will be used by the data mover. This should only be used by advanced
|
|
users who want to override the service account normally used by the mover.
|
|
The service account needs to exist in the same namespace as this CR.
|
|
type: string
|
|
moverVolumes:
|
|
description: |-
|
|
MoverVolumes are PVCs or Secrets that should additionally be mounted to the mover job pod.
|
|
This should only be used by advanced users.
|
|
items:
|
|
properties:
|
|
mountPath:
|
|
description: |-
|
|
Path to give the volume when mounting under /mnt in the mover job pod.
|
|
For example if mountPath is 'my-pvc' then this moverVolume will be mounted in the mover pod
|
|
at /mnt/my-pvc
|
|
type: string
|
|
volumeSource:
|
|
description: volumeSource represents the secret or PersistentVolumeClaim that should be mounted to the mover pod.
|
|
properties:
|
|
persistentVolumeClaim:
|
|
description: |-
|
|
persistentVolumeClaimVolumeSource represents a reference to a
|
|
PersistentVolumeClaim in the same namespace.
|
|
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
|
|
nolint:lll
|
|
properties:
|
|
claimName:
|
|
description: |-
|
|
claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
|
|
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
|
|
type: string
|
|
readOnly:
|
|
description: |-
|
|
readOnly Will force the ReadOnly setting in VolumeMounts.
|
|
Default false.
|
|
type: boolean
|
|
required:
|
|
- claimName
|
|
type: object
|
|
secret:
|
|
description: |-
|
|
secret represents a secret that should populate this volume.
|
|
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
|
|
properties:
|
|
defaultMode:
|
|
description: |-
|
|
defaultMode is Optional: mode bits used to set permissions on created files by default.
|
|
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
|
|
YAML accepts both octal and decimal values, JSON requires decimal values
|
|
for mode bits. Defaults to 0644.
|
|
Directories within the path are not affected by this setting.
|
|
This might be in conflict with other options that affect the file
|
|
mode, like fsGroup, and the result can be other mode bits set.
|
|
format: int32
|
|
type: integer
|
|
items:
|
|
description: |-
|
|
items If unspecified, each key-value pair in the Data field of the referenced
|
|
Secret will be projected into the volume as a file whose name is the
|
|
key and content is the value. If specified, the listed keys will be
|
|
projected into the specified paths, and unlisted keys will not be
|
|
present. If a key is specified which is not present in the Secret,
|
|
the volume setup will error unless it is marked optional. Paths must be
|
|
relative and may not contain the '..' path or start with '..'.
|
|
items:
|
|
description: Maps a string key to a path within a volume.
|
|
properties:
|
|
key:
|
|
description: key is the key to project.
|
|
type: string
|
|
mode:
|
|
description: |-
|
|
mode is Optional: mode bits used to set permissions on this file.
|
|
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
|
|
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
|
|
If not specified, the volume defaultMode will be used.
|
|
This might be in conflict with other options that affect the file
|
|
mode, like fsGroup, and the result can be other mode bits set.
|
|
format: int32
|
|
type: integer
|
|
path:
|
|
description: |-
|
|
path is the relative path of the file to map the key to.
|
|
May not be an absolute path.
|
|
May not contain the path element '..'.
|
|
May not start with the string '..'.
|
|
type: string
|
|
required:
|
|
- key
|
|
- path
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
optional:
|
|
description: optional field specify whether the Secret or its keys must be defined
|
|
type: boolean
|
|
secretName:
|
|
description: |-
|
|
secretName is the name of the secret in the pod's namespace to use.
|
|
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
|
|
type: string
|
|
type: object
|
|
type: object
|
|
required:
|
|
- mountPath
|
|
- volumeSource
|
|
type: object
|
|
type: array
|
|
previous:
|
|
description: Previous specifies the number of image to skip before selecting one to restore from
|
|
format: int32
|
|
type: integer
|
|
repository:
|
|
description: Repository is the secret name containing repository info
|
|
type: string
|
|
restoreAsOf:
|
|
description: RestoreAsOf refers to the backup that is most recent as of that time.
|
|
format: date-time
|
|
type: string
|
|
storageClassName:
|
|
description: |-
|
|
storageClassName can be used to specify the StorageClass of the
|
|
destination volume. If not set, the default StorageClass will be used.
|
|
type: string
|
|
volumeSnapshotClassName:
|
|
description: |-
|
|
volumeSnapshotClassName can be used to specify the VSC to be used if
|
|
copyMethod is Snapshot. If not set, the default VSC is used.
|
|
type: string
|
|
type: object
|
|
rsync:
|
|
description: rsync defines the configuration when using Rsync-based replication.
|
|
properties:
|
|
accessModes:
|
|
description: accessModes specifies the access modes for the destination volume.
|
|
items:
|
|
type: string
|
|
minItems: 1
|
|
type: array
|
|
address:
|
|
description: address is the remote address to connect to for replication.
|
|
type: string
|
|
capacity:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: capacity is the size of the destination volume to create.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
cleanupTempPVC:
|
|
description: |-
|
|
Set this to true to delete the temp destination PVC (dynamically provisioned
|
|
by VolSync) at the end of each successful ReplicationDestination sync iteration.
|
|
If destinationPVC is set, this will have no effect, VolSync will only
|
|
cleanup temp PVCs that it deployed.
|
|
Note that if this is set to true, every sync this ReplicationDestination
|
|
makes will re-provision a new temp destination PVC and all data
|
|
will need to be sent again during the sync.
|
|
Dynamically provisioned destination PVCs will always be deleted if the
|
|
owning ReplicationDestination is removed, even if this setting is false.
|
|
The default is false.
|
|
type: boolean
|
|
copyMethod:
|
|
description: |-
|
|
copyMethod describes how a point-in-time (PiT) image of the destination
|
|
volume should be created.
|
|
enum:
|
|
- Direct
|
|
- None
|
|
- Clone
|
|
- Snapshot
|
|
type: string
|
|
destinationPVC:
|
|
description: |-
|
|
destinationPVC is a PVC to use as the transfer destination instead of
|
|
automatically provisioning one. Either this field or both capacity and
|
|
accessModes must be specified.
|
|
type: string
|
|
moverPodLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Labels that should be added to data mover pods
|
|
These will be in addition to any labels that VolSync may add
|
|
type: object
|
|
moverResources:
|
|
description: |-
|
|
Resources represents compute resources required by the data mover container.
|
|
Immutable.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
|
This should only be used by advanced users as this can result in a mover
|
|
pod being unschedulable or crashing due to limited resources.
|
|
properties:
|
|
claims:
|
|
description: |-
|
|
Claims lists the names of resources, defined in spec.resourceClaims,
|
|
that are used by this container.
|
|
|
|
This field depends on the
|
|
DynamicResourceAllocation feature gate.
|
|
|
|
This field is immutable. It can only be set for containers.
|
|
items:
|
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
|
properties:
|
|
name:
|
|
description: |-
|
|
Name must match the name of one entry in pod.spec.resourceClaims of
|
|
the Pod where this field is used. It makes that resource available
|
|
inside a container.
|
|
type: string
|
|
request:
|
|
description: |-
|
|
Request is the name chosen for a request in the referenced claim.
|
|
If empty, everything from the claim is made available, otherwise
|
|
only the result of this request.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-map-keys:
|
|
- name
|
|
x-kubernetes-list-type: map
|
|
limits:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Limits describes the maximum amount of compute resources allowed.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
requests:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Requests describes the minimum amount of compute resources required.
|
|
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
|
|
otherwise to an implementation-defined value. Requests cannot exceed Limits.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
type: object
|
|
moverServiceAccount:
|
|
description: |-
|
|
MoverServiceAccount allows specifying the name of the service account
|
|
that will be used by the data mover. This should only be used by advanced
|
|
users who want to override the service account normally used by the mover.
|
|
The service account needs to exist in the same namespace as the ReplicationDestination.
|
|
type: string
|
|
path:
|
|
description: This field is not used and will be ignored
|
|
type: string
|
|
port:
|
|
description: port is the SSH port to connect to for replication. Defaults to 22.
|
|
format: int32
|
|
maximum: 65535
|
|
minimum: 0
|
|
type: integer
|
|
serviceAnnotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
serviceAnnotations defines annotations that will be added to the
|
|
service created for incoming SSH connections. If set, these annotations
|
|
will be used instead of any VolSync default values.
|
|
type: object
|
|
serviceType:
|
|
description: |-
|
|
serviceType determines the Service type that will be created for incoming
|
|
SSH connections.
|
|
type: string
|
|
sshKeys:
|
|
description: |-
|
|
sshKeys is the name of a Secret that contains the SSH keys to be used for
|
|
authentication. If not provided, the keys will be generated.
|
|
type: string
|
|
sshUser:
|
|
description: sshUser is the username for outgoing SSH connections. Defaults to "root".
|
|
type: string
|
|
storageClassName:
|
|
description: |-
|
|
storageClassName can be used to specify the StorageClass of the
|
|
destination volume. If not set, the default StorageClass will be used.
|
|
type: string
|
|
volumeMode:
|
|
description: |-
|
|
Will be used for the dynamic destination PVC created by VolSync.
|
|
Defaults to "Filesystem"
|
|
type: string
|
|
volumeSnapshotClassName:
|
|
description: |-
|
|
volumeSnapshotClassName can be used to specify the VSC to be used if
|
|
copyMethod is Snapshot. If not set, the default VSC is used.
|
|
type: string
|
|
type: object
|
|
rsyncTLS:
|
|
description: rsyncTLS defines the configuration when using Rsync-based replication over TLS.
|
|
properties:
|
|
accessModes:
|
|
description: accessModes specifies the access modes for the destination volume.
|
|
items:
|
|
type: string
|
|
minItems: 1
|
|
type: array
|
|
capacity:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: capacity is the size of the destination volume to create.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
cleanupTempPVC:
|
|
description: |-
|
|
Set this to true to delete the temp destination PVC (dynamically provisioned
|
|
by VolSync) at the end of each successful ReplicationDestination sync iteration.
|
|
If destinationPVC is set, this will have no effect, VolSync will only
|
|
cleanup temp PVCs that it deployed.
|
|
Note that if this is set to true, every sync this ReplicationDestination
|
|
makes will re-provision a new temp destination PVC and all data
|
|
will need to be sent again during the sync.
|
|
Dynamically provisioned destination PVCs will always be deleted if the
|
|
owning ReplicationDestination is removed, even if this setting is false.
|
|
The default is false.
|
|
type: boolean
|
|
copyMethod:
|
|
description: |-
|
|
copyMethod describes how a point-in-time (PiT) image of the destination
|
|
volume should be created.
|
|
enum:
|
|
- Direct
|
|
- None
|
|
- Clone
|
|
- Snapshot
|
|
type: string
|
|
destinationPVC:
|
|
description: |-
|
|
destinationPVC is a PVC to use as the transfer destination instead of
|
|
automatically provisioning one. Either this field or both capacity and
|
|
accessModes must be specified.
|
|
type: string
|
|
keySecret:
|
|
description: |-
|
|
keySecret is the name of a Secret that contains the TLS pre-shared key to
|
|
be used for authentication. If not provided, the key will be generated.
|
|
type: string
|
|
moverAffinity:
|
|
description: MoverAffinity allows specifying the PodAffinity that will be used by the data mover
|
|
properties:
|
|
nodeAffinity:
|
|
description: Describes node affinity scheduling rules for the pod.
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and adding
|
|
"weight" to the sum if the node matches the corresponding matchExpressions; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: |-
|
|
An empty preferred scheduling term matches all objects with implicit weight 0
|
|
(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
|
|
properties:
|
|
preference:
|
|
description: A node selector term, associated with the corresponding weight.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements by node's labels.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchFields:
|
|
description: A list of node selector requirements by node's fields.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
weight:
|
|
description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- preference
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to an update), the system
|
|
may or may not try to eventually evict the pod from its node.
|
|
properties:
|
|
nodeSelectorTerms:
|
|
description: Required. A list of node selector terms. The terms are ORed.
|
|
items:
|
|
description: |-
|
|
A null or empty node selector term matches no objects. The requirements of
|
|
them are ANDed.
|
|
The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements by node's labels.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchFields:
|
|
description: A list of node selector requirements by node's fields.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- nodeSelectorTerms
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
podAffinity:
|
|
description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and adding
|
|
"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: |-
|
|
weight associated with matching the corresponding podAffinityTerm,
|
|
in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod label update), the
|
|
system may or may not try to eventually evict the pod from its node.
|
|
When there are multiple elements, the lists of nodes corresponding to each
|
|
podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: |-
|
|
Defines a set of pods (namely those matching the labelSelector
|
|
relative to the given namespace(s)) that this pod should be
|
|
co-located (affinity) or not co-located (anti-affinity) with,
|
|
where co-located is defined as running on a node whose value of
|
|
the label with key <topologyKey> matches that of any node on which
|
|
a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
podAntiAffinity:
|
|
description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the anti-affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling anti-affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and subtracting
|
|
"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: |-
|
|
weight associated with matching the corresponding podAffinityTerm,
|
|
in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the anti-affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the anti-affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod label update), the
|
|
system may or may not try to eventually evict the pod from its node.
|
|
When there are multiple elements, the lists of nodes corresponding to each
|
|
podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: |-
|
|
Defines a set of pods (namely those matching the labelSelector
|
|
relative to the given namespace(s)) that this pod should be
|
|
co-located (affinity) or not co-located (anti-affinity) with,
|
|
where co-located is defined as running on a node whose value of
|
|
the label with key <topologyKey> matches that of any node on which
|
|
a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
type: object
|
|
moverPodLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Labels that should be added to data mover pods
|
|
These will be in addition to any labels that VolSync may add
|
|
type: object
|
|
moverResources:
|
|
description: |-
|
|
Resources represents compute resources required by the data mover container.
|
|
Immutable.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
|
This should only be used by advanced users as this can result in a mover
|
|
pod being unschedulable or crashing due to limited resources.
|
|
properties:
|
|
claims:
|
|
description: |-
|
|
Claims lists the names of resources, defined in spec.resourceClaims,
|
|
that are used by this container.
|
|
|
|
This field depends on the
|
|
DynamicResourceAllocation feature gate.
|
|
|
|
This field is immutable. It can only be set for containers.
|
|
items:
|
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
|
properties:
|
|
name:
|
|
description: |-
|
|
Name must match the name of one entry in pod.spec.resourceClaims of
|
|
the Pod where this field is used. It makes that resource available
|
|
inside a container.
|
|
type: string
|
|
request:
|
|
description: |-
|
|
Request is the name chosen for a request in the referenced claim.
|
|
If empty, everything from the claim is made available, otherwise
|
|
only the result of this request.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-map-keys:
|
|
- name
|
|
x-kubernetes-list-type: map
|
|
limits:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Limits describes the maximum amount of compute resources allowed.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
requests:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Requests describes the minimum amount of compute resources required.
|
|
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
|
|
otherwise to an implementation-defined value. Requests cannot exceed Limits.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
type: object
|
|
moverSecurityContext:
|
|
description: |-
|
|
MoverSecurityContext allows specifying the PodSecurityContext that will
|
|
be used by the data mover
|
|
properties:
|
|
appArmorProfile:
|
|
description: |-
|
|
appArmorProfile is the AppArmor options to use by the containers in this pod.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
localhostProfile:
|
|
description: |-
|
|
localhostProfile indicates a profile loaded on the node that should be used.
|
|
The profile must be preconfigured on the node to work.
|
|
Must match the loaded name of the profile.
|
|
Must be set if and only if type is "Localhost".
|
|
type: string
|
|
type:
|
|
description: |-
|
|
type indicates which kind of AppArmor profile will be applied.
|
|
Valid options are:
|
|
Localhost - a profile pre-loaded on the node.
|
|
RuntimeDefault - the container runtime's default profile.
|
|
Unconfined - no AppArmor enforcement.
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
fsGroup:
|
|
description: |-
|
|
A special supplemental group that applies to all containers in a pod.
|
|
Some volume types allow the Kubelet to change the ownership of that volume
|
|
to be owned by the pod:
|
|
|
|
1. The owning GID will be the FSGroup
|
|
2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
|
|
3. The permission bits are OR'd with rw-rw----
|
|
|
|
If unset, the Kubelet will not modify the ownership and permissions of any volume.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
fsGroupChangePolicy:
|
|
description: |-
|
|
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
|
|
before being exposed inside Pod. This field will only apply to
|
|
volume types which support fsGroup based ownership(and permissions).
|
|
It will have no effect on ephemeral volume types such as: secret, configmaps
|
|
and emptydir.
|
|
Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
runAsGroup:
|
|
description: |-
|
|
The GID to run the entrypoint of the container process.
|
|
Uses runtime default if unset.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence
|
|
for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
runAsNonRoot:
|
|
description: |-
|
|
Indicates that the container must run as a non-root user.
|
|
If true, the Kubelet will validate the image at runtime to ensure that it
|
|
does not run as UID 0 (root) and fail to start the container if it does.
|
|
If unset or false, no such validation will be performed.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
type: boolean
|
|
runAsUser:
|
|
description: |-
|
|
The UID to run the entrypoint of the container process.
|
|
Defaults to user specified in image metadata if unspecified.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence
|
|
for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
seLinuxChangePolicy:
|
|
description: |-
|
|
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
|
|
It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
|
|
Valid values are "MountOption" and "Recursive".
|
|
|
|
"Recursive" means relabeling of all files on all Pod volumes by the container runtime.
|
|
This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
|
|
|
|
"MountOption" mounts all eligible Pod volumes with `-o context` mount option.
|
|
This requires all Pods that share the same volume to use the same SELinux label.
|
|
It is not possible to share the same volume among privileged and unprivileged Pods.
|
|
Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
|
|
whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
|
|
CSIDriver instance. Other volumes are always re-labelled recursively.
|
|
"MountOption" value is allowed only when SELinuxMount feature gate is enabled.
|
|
|
|
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
|
|
If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
|
|
and "Recursive" for all other volumes.
|
|
|
|
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
|
|
|
|
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
seLinuxOptions:
|
|
description: |-
|
|
The SELinux context to be applied to all containers.
|
|
If unspecified, the container runtime will allocate a random SELinux context for each
|
|
container. May also be set in SecurityContext. If set in
|
|
both SecurityContext and PodSecurityContext, the value specified in SecurityContext
|
|
takes precedence for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
level:
|
|
description: Level is SELinux level label that applies to the container.
|
|
type: string
|
|
role:
|
|
description: Role is a SELinux role label that applies to the container.
|
|
type: string
|
|
type:
|
|
description: Type is a SELinux type label that applies to the container.
|
|
type: string
|
|
user:
|
|
description: User is a SELinux user label that applies to the container.
|
|
type: string
|
|
type: object
|
|
seccompProfile:
|
|
description: |-
|
|
The seccomp options to use by the containers in this pod.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
localhostProfile:
|
|
description: |-
|
|
localhostProfile indicates a profile defined in a file on the node should be used.
|
|
The profile must be preconfigured on the node to work.
|
|
Must be a descending path, relative to the kubelet's configured seccomp profile location.
|
|
Must be set if type is "Localhost". Must NOT be set for any other type.
|
|
type: string
|
|
type:
|
|
description: |-
|
|
type indicates which kind of seccomp profile will be applied.
|
|
Valid options are:
|
|
|
|
Localhost - a profile defined in a file on the node should be used.
|
|
RuntimeDefault - the container runtime default profile should be used.
|
|
Unconfined - no profile should be applied.
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
supplementalGroups:
|
|
description: |-
|
|
A list of groups applied to the first process run in each container, in
|
|
addition to the container's primary GID and fsGroup (if specified). If
|
|
the SupplementalGroupsPolicy feature is enabled, the
|
|
supplementalGroupsPolicy field determines whether these are in addition
|
|
to or instead of any group memberships defined in the container image.
|
|
If unspecified, no additional groups are added, though group memberships
|
|
defined in the container image may still be used, depending on the
|
|
supplementalGroupsPolicy field.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
items:
|
|
format: int64
|
|
type: integer
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
supplementalGroupsPolicy:
|
|
description: |-
|
|
Defines how supplemental groups of the first container processes are calculated.
|
|
Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
|
|
(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
|
|
and the container runtime must implement support for this feature.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
sysctls:
|
|
description: |-
|
|
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
|
|
sysctls (by the container runtime) might fail to launch.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
items:
|
|
description: Sysctl defines a kernel parameter to be set
|
|
properties:
|
|
name:
|
|
description: Name of a property to set
|
|
type: string
|
|
value:
|
|
description: Value of a property to set
|
|
type: string
|
|
required:
|
|
- name
|
|
- value
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
windowsOptions:
|
|
description: |-
|
|
The Windows specific settings applied to all containers.
|
|
If unspecified, the options within a container's SecurityContext will be used.
|
|
If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
Note that this field cannot be set when spec.os.name is linux.
|
|
properties:
|
|
gmsaCredentialSpec:
|
|
description: |-
|
|
GMSACredentialSpec is where the GMSA admission webhook
|
|
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
|
|
GMSA credential spec named by the GMSACredentialSpecName field.
|
|
type: string
|
|
gmsaCredentialSpecName:
|
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
|
type: string
|
|
hostProcess:
|
|
description: |-
|
|
HostProcess determines if a container should be run as a 'Host Process' container.
|
|
All of a Pod's containers must have the same effective HostProcess value
|
|
(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
|
|
In addition, if HostProcess is true then HostNetwork must also be set to true.
|
|
type: boolean
|
|
runAsUserName:
|
|
description: |-
|
|
The UserName in Windows to run the entrypoint of the container process.
|
|
Defaults to the user specified in image metadata if unspecified.
|
|
May also be set in PodSecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
moverServiceAccount:
|
|
description: |-
|
|
MoverServiceAccount allows specifying the name of the service account
|
|
that will be used by the data mover. This should only be used by advanced
|
|
users who want to override the service account normally used by the mover.
|
|
The service account needs to exist in the same namespace as this CR.
|
|
type: string
|
|
moverVolumes:
|
|
description: |-
|
|
MoverVolumes are PVCs or Secrets that should additionally be mounted to the mover job pod.
|
|
This should only be used by advanced users.
|
|
items:
|
|
properties:
|
|
mountPath:
|
|
description: |-
|
|
Path to give the volume when mounting under /mnt in the mover job pod.
|
|
For example if mountPath is 'my-pvc' then this moverVolume will be mounted in the mover pod
|
|
at /mnt/my-pvc
|
|
type: string
|
|
volumeSource:
|
|
description: volumeSource represents the secret or PersistentVolumeClaim that should be mounted to the mover pod.
|
|
properties:
|
|
persistentVolumeClaim:
|
|
description: |-
|
|
persistentVolumeClaimVolumeSource represents a reference to a
|
|
PersistentVolumeClaim in the same namespace.
|
|
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
|
|
nolint:lll
|
|
properties:
|
|
claimName:
|
|
description: |-
|
|
claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
|
|
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
|
|
type: string
|
|
readOnly:
|
|
description: |-
|
|
readOnly Will force the ReadOnly setting in VolumeMounts.
|
|
Default false.
|
|
type: boolean
|
|
required:
|
|
- claimName
|
|
type: object
|
|
secret:
|
|
description: |-
|
|
secret represents a secret that should populate this volume.
|
|
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
|
|
properties:
|
|
defaultMode:
|
|
description: |-
|
|
defaultMode is Optional: mode bits used to set permissions on created files by default.
|
|
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
|
|
YAML accepts both octal and decimal values, JSON requires decimal values
|
|
for mode bits. Defaults to 0644.
|
|
Directories within the path are not affected by this setting.
|
|
This might be in conflict with other options that affect the file
|
|
mode, like fsGroup, and the result can be other mode bits set.
|
|
format: int32
|
|
type: integer
|
|
items:
|
|
description: |-
|
|
items If unspecified, each key-value pair in the Data field of the referenced
|
|
Secret will be projected into the volume as a file whose name is the
|
|
key and content is the value. If specified, the listed keys will be
|
|
projected into the specified paths, and unlisted keys will not be
|
|
present. If a key is specified which is not present in the Secret,
|
|
the volume setup will error unless it is marked optional. Paths must be
|
|
relative and may not contain the '..' path or start with '..'.
|
|
items:
|
|
description: Maps a string key to a path within a volume.
|
|
properties:
|
|
key:
|
|
description: key is the key to project.
|
|
type: string
|
|
mode:
|
|
description: |-
|
|
mode is Optional: mode bits used to set permissions on this file.
|
|
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
|
|
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
|
|
If not specified, the volume defaultMode will be used.
|
|
This might be in conflict with other options that affect the file
|
|
mode, like fsGroup, and the result can be other mode bits set.
|
|
format: int32
|
|
type: integer
|
|
path:
|
|
description: |-
|
|
path is the relative path of the file to map the key to.
|
|
May not be an absolute path.
|
|
May not contain the path element '..'.
|
|
May not start with the string '..'.
|
|
type: string
|
|
required:
|
|
- key
|
|
- path
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
optional:
|
|
description: optional field specify whether the Secret or its keys must be defined
|
|
type: boolean
|
|
secretName:
|
|
description: |-
|
|
secretName is the name of the secret in the pod's namespace to use.
|
|
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
|
|
type: string
|
|
type: object
|
|
type: object
|
|
required:
|
|
- mountPath
|
|
- volumeSource
|
|
type: object
|
|
type: array
|
|
serviceAnnotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
serviceAnnotations defines annotations that will be added to the
|
|
service created for incoming SSH connections. If set, these annotations
|
|
will be used instead of any VolSync default values.
|
|
type: object
|
|
serviceType:
|
|
description: |-
|
|
serviceType determines the Service type that will be created for incoming
|
|
TLS connections.
|
|
type: string
|
|
storageClassName:
|
|
description: |-
|
|
storageClassName can be used to specify the StorageClass of the
|
|
destination volume. If not set, the default StorageClass will be used.
|
|
type: string
|
|
volumeMode:
|
|
description: |-
|
|
Will be used for the dynamic destination PVC created by VolSync.
|
|
Defaults to "Filesystem"
|
|
type: string
|
|
volumeSnapshotClassName:
|
|
description: |-
|
|
volumeSnapshotClassName can be used to specify the VSC to be used if
|
|
copyMethod is Snapshot. If not set, the default VSC is used.
|
|
type: string
|
|
type: object
|
|
trigger:
|
|
description: |-
|
|
trigger determines if/when the destination should attempt to synchronize
|
|
data with the source.
|
|
properties:
|
|
manual:
|
|
description: |-
|
|
manual is a string value that schedules a manual trigger.
|
|
Once a sync completes then status.lastManualSync is set to the same string value.
|
|
A consumer of a manual trigger should set spec.trigger.manual to a known value
|
|
and then wait for lastManualSync to be updated by the operator to the same value,
|
|
which means that the manual trigger will then pause and wait for further
|
|
updates to the trigger.
|
|
type: string
|
|
schedule:
|
|
description: |-
|
|
schedule is a cronspec (https://en.wikipedia.org/wiki/Cron#Overview) that
|
|
can be used to schedule replication to occur at regular, time-based
|
|
intervals.
|
|
nolint:lll
|
|
pattern: ^(@(annually|yearly|monthly|weekly|daily|hourly))|((((\d+,)*\d+|(\d+(\/|-)\d+)|\*(\/\d+)?)\s?){5})$
|
|
type: string
|
|
type: object
|
|
type: object
|
|
status:
|
|
description: |-
|
|
status is the observed state of the ReplicationDestination as determined
|
|
by the controller.
|
|
properties:
|
|
conditions:
|
|
description: |-
|
|
conditions represent the latest available observations of the
|
|
destination's state.
|
|
items:
|
|
description: Condition contains details for one aspect of the current state of this API Resource.
|
|
properties:
|
|
lastTransitionTime:
|
|
description: |-
|
|
lastTransitionTime is the last time the condition transitioned from one status to another.
|
|
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: |-
|
|
message is a human readable message indicating details about the transition.
|
|
This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: |-
|
|
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
|
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
|
with respect to the current state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: |-
|
|
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
|
Producers of specific condition types may define expected values and meanings for this field,
|
|
and whether the values are considered a guaranteed API.
|
|
The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
external:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
external contains provider-specific status information. For more details,
|
|
please see the documentation of the specific replication provider being
|
|
used.
|
|
type: object
|
|
lastManualSync:
|
|
description: lastManualSync is set to the last spec.trigger.manual when the manual sync is done.
|
|
type: string
|
|
lastSyncDuration:
|
|
description: |-
|
|
lastSyncDuration is the amount of time required to send the most recent
|
|
update.
|
|
type: string
|
|
lastSyncStartTime:
|
|
description: lastSyncStartTime is the time the most recent synchronization started.
|
|
format: date-time
|
|
type: string
|
|
lastSyncTime:
|
|
description: lastSyncTime is the time of the most recent successful synchronization.
|
|
format: date-time
|
|
type: string
|
|
latestImage:
|
|
description: |-
|
|
latestImage in the object holding the most recent consistent replicated
|
|
image.
|
|
properties:
|
|
apiGroup:
|
|
description: |-
|
|
APIGroup is the group for the resource being referenced.
|
|
If APIGroup is not specified, the specified Kind must be in the core API group.
|
|
For any other third-party types, APIGroup is required.
|
|
type: string
|
|
kind:
|
|
description: Kind is the type of resource being referenced
|
|
type: string
|
|
name:
|
|
description: Name is the name of resource being referenced
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
latestMoverStatus:
|
|
description: Logs/Summary from latest mover job
|
|
properties:
|
|
logs:
|
|
type: string
|
|
result:
|
|
type: string
|
|
type: object
|
|
nextSyncTime:
|
|
description: |-
|
|
nextSyncTime is the time when the next volume synchronization is
|
|
scheduled to start (for schedule-based synchronization).
|
|
format: date-time
|
|
type: string
|
|
rsync:
|
|
description: rsync contains status information for Rsync-based replication.
|
|
properties:
|
|
address:
|
|
description: |-
|
|
address is the address to connect to for incoming SSH replication
|
|
connections.
|
|
type: string
|
|
port:
|
|
description: |-
|
|
port is the SSH port to connect to for incoming SSH replication
|
|
connections.
|
|
format: int32
|
|
type: integer
|
|
sshKeys:
|
|
description: |-
|
|
sshKeys is the name of a Secret that contains the SSH keys to be used for
|
|
authentication. If not provided in .spec.rsync.sshKeys, SSH keys will be
|
|
generated and the appropriate keys for the remote side will be placed
|
|
here.
|
|
type: string
|
|
type: object
|
|
rsyncTLS:
|
|
description: rsyncTLS contains status information for Rsync-based replication over TLS.
|
|
properties:
|
|
address:
|
|
description: address is the address to connect to for incoming TLS connections.
|
|
type: string
|
|
keySecret:
|
|
description: |-
|
|
keySecret is the name of a Secret that contains the TLS pre-shared key to
|
|
be used for authentication. If not provided in .spec.rsyncTLS.keySecret,
|
|
the key Secret will be generated and named here.
|
|
type: string
|
|
port:
|
|
description: port is the port to connect to for incoming replication connections.
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
---
|
|
# Source: volsync/charts/volsync/templates/volsync.backube_replicationsources.yaml
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.19.0
|
|
helm.sh/resource-policy: keep
|
|
name: replicationsources.volsync.backube
|
|
spec:
|
|
group: volsync.backube
|
|
names:
|
|
kind: ReplicationSource
|
|
listKind: ReplicationSourceList
|
|
plural: replicationsources
|
|
singular: replicationsource
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .spec.sourcePVC
|
|
name: Source
|
|
type: string
|
|
- format: date-time
|
|
jsonPath: .status.lastSyncTime
|
|
name: Last sync
|
|
type: string
|
|
- jsonPath: .status.lastSyncDuration
|
|
name: Duration
|
|
type: string
|
|
- format: date-time
|
|
jsonPath: .status.nextSyncTime
|
|
name: Next sync
|
|
type: string
|
|
name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: |-
|
|
A ReplicationSource is a VolSync resource that you can use to define the source PVC and replication mover type,
|
|
enabling you to replicate or synchronize PVC data to a remote location.
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: |-
|
|
spec is the desired state of the ReplicationSource, including the
|
|
replication method to use and its configuration.
|
|
properties:
|
|
external:
|
|
description: |-
|
|
external defines the configuration when using an external replication
|
|
provider.
|
|
properties:
|
|
parameters:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
parameters are provider-specific key/value configuration parameters. For
|
|
more information, please see the documentation of the specific
|
|
replication provider being used.
|
|
type: object
|
|
provider:
|
|
description: |-
|
|
provider is the name of the external replication provider. The name
|
|
should be of the form: domain.com/provider.
|
|
type: string
|
|
type: object
|
|
paused:
|
|
description: paused can be used to temporarily stop replication. Defaults to "false".
|
|
type: boolean
|
|
rclone:
|
|
description: rclone defines the configuration when using Rclone-based replication.
|
|
properties:
|
|
accessModes:
|
|
description: accessModes can be used to override the accessModes of the PiT image.
|
|
items:
|
|
type: string
|
|
minItems: 1
|
|
type: array
|
|
capacity:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: capacity can be used to override the capacity of the PiT image.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
copyMethod:
|
|
description: |-
|
|
copyMethod describes how a point-in-time (PiT) image of the source volume
|
|
should be created.
|
|
enum:
|
|
- Direct
|
|
- None
|
|
- Clone
|
|
- Snapshot
|
|
type: string
|
|
customCA:
|
|
description: customCA is a custom CA that will be used to verify the remote
|
|
properties:
|
|
configMapName:
|
|
description: |-
|
|
The name of a ConfigMap that contains the custom CA certificate
|
|
If ConfigMapName is used then SecretName should not be set
|
|
type: string
|
|
key:
|
|
description: The key within the Secret or ConfigMap containing the CA certificate
|
|
type: string
|
|
secretName:
|
|
description: |-
|
|
The name of a Secret that contains the custom CA certificate
|
|
If SecretName is used then ConfigMapName should not be set
|
|
type: string
|
|
type: object
|
|
moverAffinity:
|
|
description: MoverAffinity allows specifying the PodAffinity that will be used by the data mover
|
|
properties:
|
|
nodeAffinity:
|
|
description: Describes node affinity scheduling rules for the pod.
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and adding
|
|
"weight" to the sum if the node matches the corresponding matchExpressions; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: |-
|
|
An empty preferred scheduling term matches all objects with implicit weight 0
|
|
(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
|
|
properties:
|
|
preference:
|
|
description: A node selector term, associated with the corresponding weight.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements by node's labels.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchFields:
|
|
description: A list of node selector requirements by node's fields.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
weight:
|
|
description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- preference
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to an update), the system
|
|
may or may not try to eventually evict the pod from its node.
|
|
properties:
|
|
nodeSelectorTerms:
|
|
description: Required. A list of node selector terms. The terms are ORed.
|
|
items:
|
|
description: |-
|
|
A null or empty node selector term matches no objects. The requirements of
|
|
them are ANDed.
|
|
The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements by node's labels.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchFields:
|
|
description: A list of node selector requirements by node's fields.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- nodeSelectorTerms
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
podAffinity:
|
|
description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and adding
|
|
"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: |-
|
|
weight associated with matching the corresponding podAffinityTerm,
|
|
in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod label update), the
|
|
system may or may not try to eventually evict the pod from its node.
|
|
When there are multiple elements, the lists of nodes corresponding to each
|
|
podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: |-
|
|
Defines a set of pods (namely those matching the labelSelector
|
|
relative to the given namespace(s)) that this pod should be
|
|
co-located (affinity) or not co-located (anti-affinity) with,
|
|
where co-located is defined as running on a node whose value of
|
|
the label with key <topologyKey> matches that of any node on which
|
|
a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
podAntiAffinity:
|
|
description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the anti-affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling anti-affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and subtracting
|
|
"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: |-
|
|
weight associated with matching the corresponding podAffinityTerm,
|
|
in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the anti-affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the anti-affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod label update), the
|
|
system may or may not try to eventually evict the pod from its node.
|
|
When there are multiple elements, the lists of nodes corresponding to each
|
|
podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: |-
|
|
Defines a set of pods (namely those matching the labelSelector
|
|
relative to the given namespace(s)) that this pod should be
|
|
co-located (affinity) or not co-located (anti-affinity) with,
|
|
where co-located is defined as running on a node whose value of
|
|
the label with key <topologyKey> matches that of any node on which
|
|
a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
type: object
|
|
moverPodLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Labels that should be added to data mover pods
|
|
These will be in addition to any labels that VolSync may add
|
|
type: object
|
|
moverResources:
|
|
description: |-
|
|
Resources represents compute resources required by the data mover container.
|
|
Immutable.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
|
This should only be used by advanced users as this can result in a mover
|
|
pod being unschedulable or crashing due to limited resources.
|
|
properties:
|
|
claims:
|
|
description: |-
|
|
Claims lists the names of resources, defined in spec.resourceClaims,
|
|
that are used by this container.
|
|
|
|
This field depends on the
|
|
DynamicResourceAllocation feature gate.
|
|
|
|
This field is immutable. It can only be set for containers.
|
|
items:
|
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
|
properties:
|
|
name:
|
|
description: |-
|
|
Name must match the name of one entry in pod.spec.resourceClaims of
|
|
the Pod where this field is used. It makes that resource available
|
|
inside a container.
|
|
type: string
|
|
request:
|
|
description: |-
|
|
Request is the name chosen for a request in the referenced claim.
|
|
If empty, everything from the claim is made available, otherwise
|
|
only the result of this request.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-map-keys:
|
|
- name
|
|
x-kubernetes-list-type: map
|
|
limits:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Limits describes the maximum amount of compute resources allowed.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
requests:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Requests describes the minimum amount of compute resources required.
|
|
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
|
|
otherwise to an implementation-defined value. Requests cannot exceed Limits.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
type: object
|
|
moverSecurityContext:
|
|
description: |-
|
|
MoverSecurityContext allows specifying the PodSecurityContext that will
|
|
be used by the data mover
|
|
properties:
|
|
appArmorProfile:
|
|
description: |-
|
|
appArmorProfile is the AppArmor options to use by the containers in this pod.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
localhostProfile:
|
|
description: |-
|
|
localhostProfile indicates a profile loaded on the node that should be used.
|
|
The profile must be preconfigured on the node to work.
|
|
Must match the loaded name of the profile.
|
|
Must be set if and only if type is "Localhost".
|
|
type: string
|
|
type:
|
|
description: |-
|
|
type indicates which kind of AppArmor profile will be applied.
|
|
Valid options are:
|
|
Localhost - a profile pre-loaded on the node.
|
|
RuntimeDefault - the container runtime's default profile.
|
|
Unconfined - no AppArmor enforcement.
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
fsGroup:
|
|
description: |-
|
|
A special supplemental group that applies to all containers in a pod.
|
|
Some volume types allow the Kubelet to change the ownership of that volume
|
|
to be owned by the pod:
|
|
|
|
1. The owning GID will be the FSGroup
|
|
2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
|
|
3. The permission bits are OR'd with rw-rw----
|
|
|
|
If unset, the Kubelet will not modify the ownership and permissions of any volume.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
fsGroupChangePolicy:
|
|
description: |-
|
|
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
|
|
before being exposed inside Pod. This field will only apply to
|
|
volume types which support fsGroup based ownership(and permissions).
|
|
It will have no effect on ephemeral volume types such as: secret, configmaps
|
|
and emptydir.
|
|
Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
runAsGroup:
|
|
description: |-
|
|
The GID to run the entrypoint of the container process.
|
|
Uses runtime default if unset.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence
|
|
for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
runAsNonRoot:
|
|
description: |-
|
|
Indicates that the container must run as a non-root user.
|
|
If true, the Kubelet will validate the image at runtime to ensure that it
|
|
does not run as UID 0 (root) and fail to start the container if it does.
|
|
If unset or false, no such validation will be performed.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
type: boolean
|
|
runAsUser:
|
|
description: |-
|
|
The UID to run the entrypoint of the container process.
|
|
Defaults to user specified in image metadata if unspecified.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence
|
|
for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
seLinuxChangePolicy:
|
|
description: |-
|
|
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
|
|
It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
|
|
Valid values are "MountOption" and "Recursive".
|
|
|
|
"Recursive" means relabeling of all files on all Pod volumes by the container runtime.
|
|
This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
|
|
|
|
"MountOption" mounts all eligible Pod volumes with `-o context` mount option.
|
|
This requires all Pods that share the same volume to use the same SELinux label.
|
|
It is not possible to share the same volume among privileged and unprivileged Pods.
|
|
Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
|
|
whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
|
|
CSIDriver instance. Other volumes are always re-labelled recursively.
|
|
"MountOption" value is allowed only when SELinuxMount feature gate is enabled.
|
|
|
|
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
|
|
If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
|
|
and "Recursive" for all other volumes.
|
|
|
|
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
|
|
|
|
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
seLinuxOptions:
|
|
description: |-
|
|
The SELinux context to be applied to all containers.
|
|
If unspecified, the container runtime will allocate a random SELinux context for each
|
|
container. May also be set in SecurityContext. If set in
|
|
both SecurityContext and PodSecurityContext, the value specified in SecurityContext
|
|
takes precedence for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
level:
|
|
description: Level is SELinux level label that applies to the container.
|
|
type: string
|
|
role:
|
|
description: Role is a SELinux role label that applies to the container.
|
|
type: string
|
|
type:
|
|
description: Type is a SELinux type label that applies to the container.
|
|
type: string
|
|
user:
|
|
description: User is a SELinux user label that applies to the container.
|
|
type: string
|
|
type: object
|
|
seccompProfile:
|
|
description: |-
|
|
The seccomp options to use by the containers in this pod.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
localhostProfile:
|
|
description: |-
|
|
localhostProfile indicates a profile defined in a file on the node should be used.
|
|
The profile must be preconfigured on the node to work.
|
|
Must be a descending path, relative to the kubelet's configured seccomp profile location.
|
|
Must be set if type is "Localhost". Must NOT be set for any other type.
|
|
type: string
|
|
type:
|
|
description: |-
|
|
type indicates which kind of seccomp profile will be applied.
|
|
Valid options are:
|
|
|
|
Localhost - a profile defined in a file on the node should be used.
|
|
RuntimeDefault - the container runtime default profile should be used.
|
|
Unconfined - no profile should be applied.
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
supplementalGroups:
|
|
description: |-
|
|
A list of groups applied to the first process run in each container, in
|
|
addition to the container's primary GID and fsGroup (if specified). If
|
|
the SupplementalGroupsPolicy feature is enabled, the
|
|
supplementalGroupsPolicy field determines whether these are in addition
|
|
to or instead of any group memberships defined in the container image.
|
|
If unspecified, no additional groups are added, though group memberships
|
|
defined in the container image may still be used, depending on the
|
|
supplementalGroupsPolicy field.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
items:
|
|
format: int64
|
|
type: integer
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
supplementalGroupsPolicy:
|
|
description: |-
|
|
Defines how supplemental groups of the first container processes are calculated.
|
|
Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
|
|
(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
|
|
and the container runtime must implement support for this feature.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
sysctls:
|
|
description: |-
|
|
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
|
|
sysctls (by the container runtime) might fail to launch.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
items:
|
|
description: Sysctl defines a kernel parameter to be set
|
|
properties:
|
|
name:
|
|
description: Name of a property to set
|
|
type: string
|
|
value:
|
|
description: Value of a property to set
|
|
type: string
|
|
required:
|
|
- name
|
|
- value
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
windowsOptions:
|
|
description: |-
|
|
The Windows specific settings applied to all containers.
|
|
If unspecified, the options within a container's SecurityContext will be used.
|
|
If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
Note that this field cannot be set when spec.os.name is linux.
|
|
properties:
|
|
gmsaCredentialSpec:
|
|
description: |-
|
|
GMSACredentialSpec is where the GMSA admission webhook
|
|
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
|
|
GMSA credential spec named by the GMSACredentialSpecName field.
|
|
type: string
|
|
gmsaCredentialSpecName:
|
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
|
type: string
|
|
hostProcess:
|
|
description: |-
|
|
HostProcess determines if a container should be run as a 'Host Process' container.
|
|
All of a Pod's containers must have the same effective HostProcess value
|
|
(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
|
|
In addition, if HostProcess is true then HostNetwork must also be set to true.
|
|
type: boolean
|
|
runAsUserName:
|
|
description: |-
|
|
The UserName in Windows to run the entrypoint of the container process.
|
|
Defaults to the user specified in image metadata if unspecified.
|
|
May also be set in PodSecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
moverServiceAccount:
|
|
description: |-
|
|
MoverServiceAccount allows specifying the name of the service account
|
|
that will be used by the data mover. This should only be used by advanced
|
|
users who want to override the service account normally used by the mover.
|
|
The service account needs to exist in the same namespace as this CR.
|
|
type: string
|
|
moverVolumes:
|
|
description: |-
|
|
MoverVolumes are PVCs or Secrets that should additionally be mounted to the mover job pod.
|
|
This should only be used by advanced users.
|
|
items:
|
|
properties:
|
|
mountPath:
|
|
description: |-
|
|
Path to give the volume when mounting under /mnt in the mover job pod.
|
|
For example if mountPath is 'my-pvc' then this moverVolume will be mounted in the mover pod
|
|
at /mnt/my-pvc
|
|
type: string
|
|
volumeSource:
|
|
description: volumeSource represents the secret or PersistentVolumeClaim that should be mounted to the mover pod.
|
|
properties:
|
|
persistentVolumeClaim:
|
|
description: |-
|
|
persistentVolumeClaimVolumeSource represents a reference to a
|
|
PersistentVolumeClaim in the same namespace.
|
|
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
|
|
nolint:lll
|
|
properties:
|
|
claimName:
|
|
description: |-
|
|
claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
|
|
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
|
|
type: string
|
|
readOnly:
|
|
description: |-
|
|
readOnly Will force the ReadOnly setting in VolumeMounts.
|
|
Default false.
|
|
type: boolean
|
|
required:
|
|
- claimName
|
|
type: object
|
|
secret:
|
|
description: |-
|
|
secret represents a secret that should populate this volume.
|
|
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
|
|
properties:
|
|
defaultMode:
|
|
description: |-
|
|
defaultMode is Optional: mode bits used to set permissions on created files by default.
|
|
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
|
|
YAML accepts both octal and decimal values, JSON requires decimal values
|
|
for mode bits. Defaults to 0644.
|
|
Directories within the path are not affected by this setting.
|
|
This might be in conflict with other options that affect the file
|
|
mode, like fsGroup, and the result can be other mode bits set.
|
|
format: int32
|
|
type: integer
|
|
items:
|
|
description: |-
|
|
items If unspecified, each key-value pair in the Data field of the referenced
|
|
Secret will be projected into the volume as a file whose name is the
|
|
key and content is the value. If specified, the listed keys will be
|
|
projected into the specified paths, and unlisted keys will not be
|
|
present. If a key is specified which is not present in the Secret,
|
|
the volume setup will error unless it is marked optional. Paths must be
|
|
relative and may not contain the '..' path or start with '..'.
|
|
items:
|
|
description: Maps a string key to a path within a volume.
|
|
properties:
|
|
key:
|
|
description: key is the key to project.
|
|
type: string
|
|
mode:
|
|
description: |-
|
|
mode is Optional: mode bits used to set permissions on this file.
|
|
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
|
|
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
|
|
If not specified, the volume defaultMode will be used.
|
|
This might be in conflict with other options that affect the file
|
|
mode, like fsGroup, and the result can be other mode bits set.
|
|
format: int32
|
|
type: integer
|
|
path:
|
|
description: |-
|
|
path is the relative path of the file to map the key to.
|
|
May not be an absolute path.
|
|
May not contain the path element '..'.
|
|
May not start with the string '..'.
|
|
type: string
|
|
required:
|
|
- key
|
|
- path
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
optional:
|
|
description: optional field specify whether the Secret or its keys must be defined
|
|
type: boolean
|
|
secretName:
|
|
description: |-
|
|
secretName is the name of the secret in the pod's namespace to use.
|
|
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
|
|
type: string
|
|
type: object
|
|
type: object
|
|
required:
|
|
- mountPath
|
|
- volumeSource
|
|
type: object
|
|
type: array
|
|
rcloneConfig:
|
|
description: RcloneConfig is the rclone secret name
|
|
type: string
|
|
rcloneConfigSection:
|
|
description: RcloneConfigSection is the section in rclone_config file to use for the current job.
|
|
type: string
|
|
rcloneDestPath:
|
|
description: RcloneDestPath is the remote path to sync to.
|
|
type: string
|
|
storageClassName:
|
|
description: |-
|
|
storageClassName can be used to override the StorageClass of the PiT
|
|
image.
|
|
type: string
|
|
volumeSnapshotClassName:
|
|
description: |-
|
|
volumeSnapshotClassName can be used to specify the VSC to be used if
|
|
copyMethod is Snapshot. If not set, the default VSC is used.
|
|
type: string
|
|
type: object
|
|
restic:
|
|
description: restic defines the configuration when using Restic-based replication.
|
|
properties:
|
|
accessModes:
|
|
description: accessModes can be used to override the accessModes of the PiT image.
|
|
items:
|
|
type: string
|
|
minItems: 1
|
|
type: array
|
|
cacheAccessModes:
|
|
description: CacheAccessModes can be used to set the accessModes of restic metadata cache volume
|
|
items:
|
|
type: string
|
|
type: array
|
|
cacheCapacity:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: cacheCapacity can be used to set the size of the restic metadata cache volume
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
cacheStorageClassName:
|
|
description: |-
|
|
cacheStorageClassName can be used to set the StorageClass of the restic
|
|
metadata cache volume
|
|
type: string
|
|
capacity:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: capacity can be used to override the capacity of the PiT image.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
copyMethod:
|
|
description: |-
|
|
copyMethod describes how a point-in-time (PiT) image of the source volume
|
|
should be created.
|
|
enum:
|
|
- Direct
|
|
- None
|
|
- Clone
|
|
- Snapshot
|
|
type: string
|
|
customCA:
|
|
description: customCA is a custom CA that will be used to verify the remote
|
|
properties:
|
|
configMapName:
|
|
description: |-
|
|
The name of a ConfigMap that contains the custom CA certificate
|
|
If ConfigMapName is used then SecretName should not be set
|
|
type: string
|
|
key:
|
|
description: The key within the Secret or ConfigMap containing the CA certificate
|
|
type: string
|
|
secretName:
|
|
description: |-
|
|
The name of a Secret that contains the custom CA certificate
|
|
If SecretName is used then ConfigMapName should not be set
|
|
type: string
|
|
type: object
|
|
moverAffinity:
|
|
description: MoverAffinity allows specifying the PodAffinity that will be used by the data mover
|
|
properties:
|
|
nodeAffinity:
|
|
description: Describes node affinity scheduling rules for the pod.
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and adding
|
|
"weight" to the sum if the node matches the corresponding matchExpressions; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: |-
|
|
An empty preferred scheduling term matches all objects with implicit weight 0
|
|
(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
|
|
properties:
|
|
preference:
|
|
description: A node selector term, associated with the corresponding weight.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements by node's labels.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchFields:
|
|
description: A list of node selector requirements by node's fields.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
weight:
|
|
description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- preference
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to an update), the system
|
|
may or may not try to eventually evict the pod from its node.
|
|
properties:
|
|
nodeSelectorTerms:
|
|
description: Required. A list of node selector terms. The terms are ORed.
|
|
items:
|
|
description: |-
|
|
A null or empty node selector term matches no objects. The requirements of
|
|
them are ANDed.
|
|
The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements by node's labels.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchFields:
|
|
description: A list of node selector requirements by node's fields.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- nodeSelectorTerms
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
podAffinity:
|
|
description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and adding
|
|
"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: |-
|
|
weight associated with matching the corresponding podAffinityTerm,
|
|
in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod label update), the
|
|
system may or may not try to eventually evict the pod from its node.
|
|
When there are multiple elements, the lists of nodes corresponding to each
|
|
podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: |-
|
|
Defines a set of pods (namely those matching the labelSelector
|
|
relative to the given namespace(s)) that this pod should be
|
|
co-located (affinity) or not co-located (anti-affinity) with,
|
|
where co-located is defined as running on a node whose value of
|
|
the label with key <topologyKey> matches that of any node on which
|
|
a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
podAntiAffinity:
|
|
description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the anti-affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling anti-affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and subtracting
|
|
"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: |-
|
|
weight associated with matching the corresponding podAffinityTerm,
|
|
in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the anti-affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the anti-affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod label update), the
|
|
system may or may not try to eventually evict the pod from its node.
|
|
When there are multiple elements, the lists of nodes corresponding to each
|
|
podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: |-
|
|
Defines a set of pods (namely those matching the labelSelector
|
|
relative to the given namespace(s)) that this pod should be
|
|
co-located (affinity) or not co-located (anti-affinity) with,
|
|
where co-located is defined as running on a node whose value of
|
|
the label with key <topologyKey> matches that of any node on which
|
|
a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
type: object
|
|
moverPodLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Labels that should be added to data mover pods
|
|
These will be in addition to any labels that VolSync may add
|
|
type: object
|
|
moverResources:
|
|
description: |-
|
|
Resources represents compute resources required by the data mover container.
|
|
Immutable.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
|
This should only be used by advanced users as this can result in a mover
|
|
pod being unschedulable or crashing due to limited resources.
|
|
properties:
|
|
claims:
|
|
description: |-
|
|
Claims lists the names of resources, defined in spec.resourceClaims,
|
|
that are used by this container.
|
|
|
|
This field depends on the
|
|
DynamicResourceAllocation feature gate.
|
|
|
|
This field is immutable. It can only be set for containers.
|
|
items:
|
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
|
properties:
|
|
name:
|
|
description: |-
|
|
Name must match the name of one entry in pod.spec.resourceClaims of
|
|
the Pod where this field is used. It makes that resource available
|
|
inside a container.
|
|
type: string
|
|
request:
|
|
description: |-
|
|
Request is the name chosen for a request in the referenced claim.
|
|
If empty, everything from the claim is made available, otherwise
|
|
only the result of this request.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-map-keys:
|
|
- name
|
|
x-kubernetes-list-type: map
|
|
limits:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Limits describes the maximum amount of compute resources allowed.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
requests:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Requests describes the minimum amount of compute resources required.
|
|
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
|
|
otherwise to an implementation-defined value. Requests cannot exceed Limits.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
type: object
|
|
moverSecurityContext:
|
|
description: |-
|
|
MoverSecurityContext allows specifying the PodSecurityContext that will
|
|
be used by the data mover
|
|
properties:
|
|
appArmorProfile:
|
|
description: |-
|
|
appArmorProfile is the AppArmor options to use by the containers in this pod.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
localhostProfile:
|
|
description: |-
|
|
localhostProfile indicates a profile loaded on the node that should be used.
|
|
The profile must be preconfigured on the node to work.
|
|
Must match the loaded name of the profile.
|
|
Must be set if and only if type is "Localhost".
|
|
type: string
|
|
type:
|
|
description: |-
|
|
type indicates which kind of AppArmor profile will be applied.
|
|
Valid options are:
|
|
Localhost - a profile pre-loaded on the node.
|
|
RuntimeDefault - the container runtime's default profile.
|
|
Unconfined - no AppArmor enforcement.
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
fsGroup:
|
|
description: |-
|
|
A special supplemental group that applies to all containers in a pod.
|
|
Some volume types allow the Kubelet to change the ownership of that volume
|
|
to be owned by the pod:
|
|
|
|
1. The owning GID will be the FSGroup
|
|
2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
|
|
3. The permission bits are OR'd with rw-rw----
|
|
|
|
If unset, the Kubelet will not modify the ownership and permissions of any volume.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
fsGroupChangePolicy:
|
|
description: |-
|
|
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
|
|
before being exposed inside Pod. This field will only apply to
|
|
volume types which support fsGroup based ownership(and permissions).
|
|
It will have no effect on ephemeral volume types such as: secret, configmaps
|
|
and emptydir.
|
|
Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
runAsGroup:
|
|
description: |-
|
|
The GID to run the entrypoint of the container process.
|
|
Uses runtime default if unset.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence
|
|
for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
runAsNonRoot:
|
|
description: |-
|
|
Indicates that the container must run as a non-root user.
|
|
If true, the Kubelet will validate the image at runtime to ensure that it
|
|
does not run as UID 0 (root) and fail to start the container if it does.
|
|
If unset or false, no such validation will be performed.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
type: boolean
|
|
runAsUser:
|
|
description: |-
|
|
The UID to run the entrypoint of the container process.
|
|
Defaults to user specified in image metadata if unspecified.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence
|
|
for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
seLinuxChangePolicy:
|
|
description: |-
|
|
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
|
|
It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
|
|
Valid values are "MountOption" and "Recursive".
|
|
|
|
"Recursive" means relabeling of all files on all Pod volumes by the container runtime.
|
|
This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
|
|
|
|
"MountOption" mounts all eligible Pod volumes with `-o context` mount option.
|
|
This requires all Pods that share the same volume to use the same SELinux label.
|
|
It is not possible to share the same volume among privileged and unprivileged Pods.
|
|
Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
|
|
whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
|
|
CSIDriver instance. Other volumes are always re-labelled recursively.
|
|
"MountOption" value is allowed only when SELinuxMount feature gate is enabled.
|
|
|
|
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
|
|
If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
|
|
and "Recursive" for all other volumes.
|
|
|
|
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
|
|
|
|
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
seLinuxOptions:
|
|
description: |-
|
|
The SELinux context to be applied to all containers.
|
|
If unspecified, the container runtime will allocate a random SELinux context for each
|
|
container. May also be set in SecurityContext. If set in
|
|
both SecurityContext and PodSecurityContext, the value specified in SecurityContext
|
|
takes precedence for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
level:
|
|
description: Level is SELinux level label that applies to the container.
|
|
type: string
|
|
role:
|
|
description: Role is a SELinux role label that applies to the container.
|
|
type: string
|
|
type:
|
|
description: Type is a SELinux type label that applies to the container.
|
|
type: string
|
|
user:
|
|
description: User is a SELinux user label that applies to the container.
|
|
type: string
|
|
type: object
|
|
seccompProfile:
|
|
description: |-
|
|
The seccomp options to use by the containers in this pod.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
localhostProfile:
|
|
description: |-
|
|
localhostProfile indicates a profile defined in a file on the node should be used.
|
|
The profile must be preconfigured on the node to work.
|
|
Must be a descending path, relative to the kubelet's configured seccomp profile location.
|
|
Must be set if type is "Localhost". Must NOT be set for any other type.
|
|
type: string
|
|
type:
|
|
description: |-
|
|
type indicates which kind of seccomp profile will be applied.
|
|
Valid options are:
|
|
|
|
Localhost - a profile defined in a file on the node should be used.
|
|
RuntimeDefault - the container runtime default profile should be used.
|
|
Unconfined - no profile should be applied.
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
supplementalGroups:
|
|
description: |-
|
|
A list of groups applied to the first process run in each container, in
|
|
addition to the container's primary GID and fsGroup (if specified). If
|
|
the SupplementalGroupsPolicy feature is enabled, the
|
|
supplementalGroupsPolicy field determines whether these are in addition
|
|
to or instead of any group memberships defined in the container image.
|
|
If unspecified, no additional groups are added, though group memberships
|
|
defined in the container image may still be used, depending on the
|
|
supplementalGroupsPolicy field.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
items:
|
|
format: int64
|
|
type: integer
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
supplementalGroupsPolicy:
|
|
description: |-
|
|
Defines how supplemental groups of the first container processes are calculated.
|
|
Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
|
|
(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
|
|
and the container runtime must implement support for this feature.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
sysctls:
|
|
description: |-
|
|
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
|
|
sysctls (by the container runtime) might fail to launch.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
items:
|
|
description: Sysctl defines a kernel parameter to be set
|
|
properties:
|
|
name:
|
|
description: Name of a property to set
|
|
type: string
|
|
value:
|
|
description: Value of a property to set
|
|
type: string
|
|
required:
|
|
- name
|
|
- value
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
windowsOptions:
|
|
description: |-
|
|
The Windows specific settings applied to all containers.
|
|
If unspecified, the options within a container's SecurityContext will be used.
|
|
If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
Note that this field cannot be set when spec.os.name is linux.
|
|
properties:
|
|
gmsaCredentialSpec:
|
|
description: |-
|
|
GMSACredentialSpec is where the GMSA admission webhook
|
|
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
|
|
GMSA credential spec named by the GMSACredentialSpecName field.
|
|
type: string
|
|
gmsaCredentialSpecName:
|
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
|
type: string
|
|
hostProcess:
|
|
description: |-
|
|
HostProcess determines if a container should be run as a 'Host Process' container.
|
|
All of a Pod's containers must have the same effective HostProcess value
|
|
(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
|
|
In addition, if HostProcess is true then HostNetwork must also be set to true.
|
|
type: boolean
|
|
runAsUserName:
|
|
description: |-
|
|
The UserName in Windows to run the entrypoint of the container process.
|
|
Defaults to the user specified in image metadata if unspecified.
|
|
May also be set in PodSecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
moverServiceAccount:
|
|
description: |-
|
|
MoverServiceAccount allows specifying the name of the service account
|
|
that will be used by the data mover. This should only be used by advanced
|
|
users who want to override the service account normally used by the mover.
|
|
The service account needs to exist in the same namespace as this CR.
|
|
type: string
|
|
moverVolumes:
|
|
description: |-
|
|
MoverVolumes are PVCs or Secrets that should additionally be mounted to the mover job pod.
|
|
This should only be used by advanced users.
|
|
items:
|
|
properties:
|
|
mountPath:
|
|
description: |-
|
|
Path to give the volume when mounting under /mnt in the mover job pod.
|
|
For example if mountPath is 'my-pvc' then this moverVolume will be mounted in the mover pod
|
|
at /mnt/my-pvc
|
|
type: string
|
|
volumeSource:
|
|
description: volumeSource represents the secret or PersistentVolumeClaim that should be mounted to the mover pod.
|
|
properties:
|
|
persistentVolumeClaim:
|
|
description: |-
|
|
persistentVolumeClaimVolumeSource represents a reference to a
|
|
PersistentVolumeClaim in the same namespace.
|
|
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
|
|
nolint:lll
|
|
properties:
|
|
claimName:
|
|
description: |-
|
|
claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
|
|
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
|
|
type: string
|
|
readOnly:
|
|
description: |-
|
|
readOnly Will force the ReadOnly setting in VolumeMounts.
|
|
Default false.
|
|
type: boolean
|
|
required:
|
|
- claimName
|
|
type: object
|
|
secret:
|
|
description: |-
|
|
secret represents a secret that should populate this volume.
|
|
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
|
|
properties:
|
|
defaultMode:
|
|
description: |-
|
|
defaultMode is Optional: mode bits used to set permissions on created files by default.
|
|
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
|
|
YAML accepts both octal and decimal values, JSON requires decimal values
|
|
for mode bits. Defaults to 0644.
|
|
Directories within the path are not affected by this setting.
|
|
This might be in conflict with other options that affect the file
|
|
mode, like fsGroup, and the result can be other mode bits set.
|
|
format: int32
|
|
type: integer
|
|
items:
|
|
description: |-
|
|
items If unspecified, each key-value pair in the Data field of the referenced
|
|
Secret will be projected into the volume as a file whose name is the
|
|
key and content is the value. If specified, the listed keys will be
|
|
projected into the specified paths, and unlisted keys will not be
|
|
present. If a key is specified which is not present in the Secret,
|
|
the volume setup will error unless it is marked optional. Paths must be
|
|
relative and may not contain the '..' path or start with '..'.
|
|
items:
|
|
description: Maps a string key to a path within a volume.
|
|
properties:
|
|
key:
|
|
description: key is the key to project.
|
|
type: string
|
|
mode:
|
|
description: |-
|
|
mode is Optional: mode bits used to set permissions on this file.
|
|
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
|
|
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
|
|
If not specified, the volume defaultMode will be used.
|
|
This might be in conflict with other options that affect the file
|
|
mode, like fsGroup, and the result can be other mode bits set.
|
|
format: int32
|
|
type: integer
|
|
path:
|
|
description: |-
|
|
path is the relative path of the file to map the key to.
|
|
May not be an absolute path.
|
|
May not contain the path element '..'.
|
|
May not start with the string '..'.
|
|
type: string
|
|
required:
|
|
- key
|
|
- path
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
optional:
|
|
description: optional field specify whether the Secret or its keys must be defined
|
|
type: boolean
|
|
secretName:
|
|
description: |-
|
|
secretName is the name of the secret in the pod's namespace to use.
|
|
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
|
|
type: string
|
|
type: object
|
|
type: object
|
|
required:
|
|
- mountPath
|
|
- volumeSource
|
|
type: object
|
|
type: array
|
|
pruneIntervalDays:
|
|
description: PruneIntervalDays define how often to prune the repository
|
|
format: int32
|
|
type: integer
|
|
repository:
|
|
description: Repository is the secret name containing repository info
|
|
type: string
|
|
retain:
|
|
description: ResticRetainPolicy define the retain policy
|
|
properties:
|
|
daily:
|
|
description: Daily defines the number of snapshots to be kept daily
|
|
format: int32
|
|
type: integer
|
|
hourly:
|
|
description: Hourly defines the number of snapshots to be kept hourly
|
|
format: int32
|
|
type: integer
|
|
last:
|
|
description: Last defines the number of snapshots to be kept
|
|
type: string
|
|
monthly:
|
|
description: Monthly defines the number of snapshots to be kept monthly
|
|
format: int32
|
|
type: integer
|
|
weekly:
|
|
description: Weekly defines the number of snapshots to be kept weekly
|
|
format: int32
|
|
type: integer
|
|
within:
|
|
description: Within defines the number of snapshots to be kept Within the given time period
|
|
type: string
|
|
yearly:
|
|
description: Yearly defines the number of snapshots to be kept yearly
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
storageClassName:
|
|
description: |-
|
|
storageClassName can be used to override the StorageClass of the PiT
|
|
image.
|
|
type: string
|
|
unlock:
|
|
description: |-
|
|
unlock is a string value that schedules an unlock on the restic repository during
|
|
the next sync operation.
|
|
Once a sync completes then status.restic.lastUnlocked is set to the same string value.
|
|
To unlock a repository, set spec.restic.unlock to a known value and then wait for
|
|
lastUnlocked to be updated by the operator to the same value,
|
|
which means that the sync unlocked the repository by running a restic unlock command and
|
|
then ran a backup.
|
|
Unlock will not be run again unless spec.restic.unlock is set to a different value.
|
|
type: string
|
|
volumeSnapshotClassName:
|
|
description: |-
|
|
volumeSnapshotClassName can be used to specify the VSC to be used if
|
|
copyMethod is Snapshot. If not set, the default VSC is used.
|
|
type: string
|
|
type: object
|
|
rsync:
|
|
description: rsync defines the configuration when using Rsync-based replication.
|
|
properties:
|
|
accessModes:
|
|
description: accessModes can be used to override the accessModes of the PiT image.
|
|
items:
|
|
type: string
|
|
minItems: 1
|
|
type: array
|
|
address:
|
|
description: address is the remote address to connect to for replication.
|
|
type: string
|
|
capacity:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: capacity can be used to override the capacity of the PiT image.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
copyMethod:
|
|
description: |-
|
|
copyMethod describes how a point-in-time (PiT) image of the source volume
|
|
should be created.
|
|
enum:
|
|
- Direct
|
|
- None
|
|
- Clone
|
|
- Snapshot
|
|
type: string
|
|
moverPodLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Labels that should be added to data mover pods
|
|
These will be in addition to any labels that VolSync may add
|
|
type: object
|
|
moverResources:
|
|
description: |-
|
|
Resources represents compute resources required by the data mover container.
|
|
Immutable.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
|
This should only be used by advanced users as this can result in a mover
|
|
pod being unschedulable or crashing due to limited resources.
|
|
properties:
|
|
claims:
|
|
description: |-
|
|
Claims lists the names of resources, defined in spec.resourceClaims,
|
|
that are used by this container.
|
|
|
|
This field depends on the
|
|
DynamicResourceAllocation feature gate.
|
|
|
|
This field is immutable. It can only be set for containers.
|
|
items:
|
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
|
properties:
|
|
name:
|
|
description: |-
|
|
Name must match the name of one entry in pod.spec.resourceClaims of
|
|
the Pod where this field is used. It makes that resource available
|
|
inside a container.
|
|
type: string
|
|
request:
|
|
description: |-
|
|
Request is the name chosen for a request in the referenced claim.
|
|
If empty, everything from the claim is made available, otherwise
|
|
only the result of this request.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-map-keys:
|
|
- name
|
|
x-kubernetes-list-type: map
|
|
limits:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Limits describes the maximum amount of compute resources allowed.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
requests:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Requests describes the minimum amount of compute resources required.
|
|
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
|
|
otherwise to an implementation-defined value. Requests cannot exceed Limits.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
type: object
|
|
moverServiceAccount:
|
|
description: |-
|
|
MoverServiceAccount allows specifying the name of the service account
|
|
that will be used by the data mover. This should only be used by advanced
|
|
users who want to override the service account normally used by the mover.
|
|
The service account needs to exist in the same namespace as the ReplicationSource.
|
|
type: string
|
|
path:
|
|
description: This field is not used and will be ignored
|
|
type: string
|
|
port:
|
|
description: port is the SSH port to connect to for replication. Defaults to 22.
|
|
format: int32
|
|
maximum: 65535
|
|
minimum: 0
|
|
type: integer
|
|
serviceType:
|
|
description: |-
|
|
serviceType determines the Service type that will be created for incoming
|
|
SSH connections.
|
|
type: string
|
|
sshKeys:
|
|
description: |-
|
|
sshKeys is the name of a Secret that contains the SSH keys to be used for
|
|
authentication. If not provided, the keys will be generated.
|
|
type: string
|
|
sshUser:
|
|
description: sshUser is the username for outgoing SSH connections. Defaults to "root".
|
|
type: string
|
|
storageClassName:
|
|
description: |-
|
|
storageClassName can be used to override the StorageClass of the PiT
|
|
image.
|
|
type: string
|
|
volumeSnapshotClassName:
|
|
description: |-
|
|
volumeSnapshotClassName can be used to specify the VSC to be used if
|
|
copyMethod is Snapshot. If not set, the default VSC is used.
|
|
type: string
|
|
type: object
|
|
rsyncTLS:
|
|
description: rsyncTLS defines the configuration when using Rsync-based replication over TLS.
|
|
properties:
|
|
accessModes:
|
|
description: accessModes can be used to override the accessModes of the PiT image.
|
|
items:
|
|
type: string
|
|
minItems: 1
|
|
type: array
|
|
address:
|
|
description: address is the remote address to connect to for replication.
|
|
type: string
|
|
capacity:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: capacity can be used to override the capacity of the PiT image.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
copyMethod:
|
|
description: |-
|
|
copyMethod describes how a point-in-time (PiT) image of the source volume
|
|
should be created.
|
|
enum:
|
|
- Direct
|
|
- None
|
|
- Clone
|
|
- Snapshot
|
|
type: string
|
|
keySecret:
|
|
description: |-
|
|
keySecret is the name of a Secret that contains the TLS pre-shared key to
|
|
be used for authentication. If not provided, the key will be generated.
|
|
type: string
|
|
moverAffinity:
|
|
description: MoverAffinity allows specifying the PodAffinity that will be used by the data mover
|
|
properties:
|
|
nodeAffinity:
|
|
description: Describes node affinity scheduling rules for the pod.
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and adding
|
|
"weight" to the sum if the node matches the corresponding matchExpressions; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: |-
|
|
An empty preferred scheduling term matches all objects with implicit weight 0
|
|
(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
|
|
properties:
|
|
preference:
|
|
description: A node selector term, associated with the corresponding weight.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements by node's labels.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchFields:
|
|
description: A list of node selector requirements by node's fields.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
weight:
|
|
description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- preference
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to an update), the system
|
|
may or may not try to eventually evict the pod from its node.
|
|
properties:
|
|
nodeSelectorTerms:
|
|
description: Required. A list of node selector terms. The terms are ORed.
|
|
items:
|
|
description: |-
|
|
A null or empty node selector term matches no objects. The requirements of
|
|
them are ANDed.
|
|
The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements by node's labels.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchFields:
|
|
description: A list of node selector requirements by node's fields.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- nodeSelectorTerms
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
podAffinity:
|
|
description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and adding
|
|
"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: |-
|
|
weight associated with matching the corresponding podAffinityTerm,
|
|
in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod label update), the
|
|
system may or may not try to eventually evict the pod from its node.
|
|
When there are multiple elements, the lists of nodes corresponding to each
|
|
podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: |-
|
|
Defines a set of pods (namely those matching the labelSelector
|
|
relative to the given namespace(s)) that this pod should be
|
|
co-located (affinity) or not co-located (anti-affinity) with,
|
|
where co-located is defined as running on a node whose value of
|
|
the label with key <topologyKey> matches that of any node on which
|
|
a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
podAntiAffinity:
|
|
description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the anti-affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling anti-affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and subtracting
|
|
"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: |-
|
|
weight associated with matching the corresponding podAffinityTerm,
|
|
in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the anti-affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the anti-affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod label update), the
|
|
system may or may not try to eventually evict the pod from its node.
|
|
When there are multiple elements, the lists of nodes corresponding to each
|
|
podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: |-
|
|
Defines a set of pods (namely those matching the labelSelector
|
|
relative to the given namespace(s)) that this pod should be
|
|
co-located (affinity) or not co-located (anti-affinity) with,
|
|
where co-located is defined as running on a node whose value of
|
|
the label with key <topologyKey> matches that of any node on which
|
|
a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
type: object
|
|
moverPodLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Labels that should be added to data mover pods
|
|
These will be in addition to any labels that VolSync may add
|
|
type: object
|
|
moverResources:
|
|
description: |-
|
|
Resources represents compute resources required by the data mover container.
|
|
Immutable.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
|
This should only be used by advanced users as this can result in a mover
|
|
pod being unschedulable or crashing due to limited resources.
|
|
properties:
|
|
claims:
|
|
description: |-
|
|
Claims lists the names of resources, defined in spec.resourceClaims,
|
|
that are used by this container.
|
|
|
|
This field depends on the
|
|
DynamicResourceAllocation feature gate.
|
|
|
|
This field is immutable. It can only be set for containers.
|
|
items:
|
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
|
properties:
|
|
name:
|
|
description: |-
|
|
Name must match the name of one entry in pod.spec.resourceClaims of
|
|
the Pod where this field is used. It makes that resource available
|
|
inside a container.
|
|
type: string
|
|
request:
|
|
description: |-
|
|
Request is the name chosen for a request in the referenced claim.
|
|
If empty, everything from the claim is made available, otherwise
|
|
only the result of this request.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-map-keys:
|
|
- name
|
|
x-kubernetes-list-type: map
|
|
limits:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Limits describes the maximum amount of compute resources allowed.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
requests:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Requests describes the minimum amount of compute resources required.
|
|
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
|
|
otherwise to an implementation-defined value. Requests cannot exceed Limits.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
type: object
|
|
moverSecurityContext:
|
|
description: |-
|
|
MoverSecurityContext allows specifying the PodSecurityContext that will
|
|
be used by the data mover
|
|
properties:
|
|
appArmorProfile:
|
|
description: |-
|
|
appArmorProfile is the AppArmor options to use by the containers in this pod.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
localhostProfile:
|
|
description: |-
|
|
localhostProfile indicates a profile loaded on the node that should be used.
|
|
The profile must be preconfigured on the node to work.
|
|
Must match the loaded name of the profile.
|
|
Must be set if and only if type is "Localhost".
|
|
type: string
|
|
type:
|
|
description: |-
|
|
type indicates which kind of AppArmor profile will be applied.
|
|
Valid options are:
|
|
Localhost - a profile pre-loaded on the node.
|
|
RuntimeDefault - the container runtime's default profile.
|
|
Unconfined - no AppArmor enforcement.
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
fsGroup:
|
|
description: |-
|
|
A special supplemental group that applies to all containers in a pod.
|
|
Some volume types allow the Kubelet to change the ownership of that volume
|
|
to be owned by the pod:
|
|
|
|
1. The owning GID will be the FSGroup
|
|
2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
|
|
3. The permission bits are OR'd with rw-rw----
|
|
|
|
If unset, the Kubelet will not modify the ownership and permissions of any volume.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
fsGroupChangePolicy:
|
|
description: |-
|
|
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
|
|
before being exposed inside Pod. This field will only apply to
|
|
volume types which support fsGroup based ownership(and permissions).
|
|
It will have no effect on ephemeral volume types such as: secret, configmaps
|
|
and emptydir.
|
|
Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
runAsGroup:
|
|
description: |-
|
|
The GID to run the entrypoint of the container process.
|
|
Uses runtime default if unset.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence
|
|
for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
runAsNonRoot:
|
|
description: |-
|
|
Indicates that the container must run as a non-root user.
|
|
If true, the Kubelet will validate the image at runtime to ensure that it
|
|
does not run as UID 0 (root) and fail to start the container if it does.
|
|
If unset or false, no such validation will be performed.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
type: boolean
|
|
runAsUser:
|
|
description: |-
|
|
The UID to run the entrypoint of the container process.
|
|
Defaults to user specified in image metadata if unspecified.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence
|
|
for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
seLinuxChangePolicy:
|
|
description: |-
|
|
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
|
|
It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
|
|
Valid values are "MountOption" and "Recursive".
|
|
|
|
"Recursive" means relabeling of all files on all Pod volumes by the container runtime.
|
|
This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
|
|
|
|
"MountOption" mounts all eligible Pod volumes with `-o context` mount option.
|
|
This requires all Pods that share the same volume to use the same SELinux label.
|
|
It is not possible to share the same volume among privileged and unprivileged Pods.
|
|
Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
|
|
whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
|
|
CSIDriver instance. Other volumes are always re-labelled recursively.
|
|
"MountOption" value is allowed only when SELinuxMount feature gate is enabled.
|
|
|
|
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
|
|
If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
|
|
and "Recursive" for all other volumes.
|
|
|
|
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
|
|
|
|
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
seLinuxOptions:
|
|
description: |-
|
|
The SELinux context to be applied to all containers.
|
|
If unspecified, the container runtime will allocate a random SELinux context for each
|
|
container. May also be set in SecurityContext. If set in
|
|
both SecurityContext and PodSecurityContext, the value specified in SecurityContext
|
|
takes precedence for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
level:
|
|
description: Level is SELinux level label that applies to the container.
|
|
type: string
|
|
role:
|
|
description: Role is a SELinux role label that applies to the container.
|
|
type: string
|
|
type:
|
|
description: Type is a SELinux type label that applies to the container.
|
|
type: string
|
|
user:
|
|
description: User is a SELinux user label that applies to the container.
|
|
type: string
|
|
type: object
|
|
seccompProfile:
|
|
description: |-
|
|
The seccomp options to use by the containers in this pod.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
localhostProfile:
|
|
description: |-
|
|
localhostProfile indicates a profile defined in a file on the node should be used.
|
|
The profile must be preconfigured on the node to work.
|
|
Must be a descending path, relative to the kubelet's configured seccomp profile location.
|
|
Must be set if type is "Localhost". Must NOT be set for any other type.
|
|
type: string
|
|
type:
|
|
description: |-
|
|
type indicates which kind of seccomp profile will be applied.
|
|
Valid options are:
|
|
|
|
Localhost - a profile defined in a file on the node should be used.
|
|
RuntimeDefault - the container runtime default profile should be used.
|
|
Unconfined - no profile should be applied.
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
supplementalGroups:
|
|
description: |-
|
|
A list of groups applied to the first process run in each container, in
|
|
addition to the container's primary GID and fsGroup (if specified). If
|
|
the SupplementalGroupsPolicy feature is enabled, the
|
|
supplementalGroupsPolicy field determines whether these are in addition
|
|
to or instead of any group memberships defined in the container image.
|
|
If unspecified, no additional groups are added, though group memberships
|
|
defined in the container image may still be used, depending on the
|
|
supplementalGroupsPolicy field.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
items:
|
|
format: int64
|
|
type: integer
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
supplementalGroupsPolicy:
|
|
description: |-
|
|
Defines how supplemental groups of the first container processes are calculated.
|
|
Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
|
|
(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
|
|
and the container runtime must implement support for this feature.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
sysctls:
|
|
description: |-
|
|
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
|
|
sysctls (by the container runtime) might fail to launch.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
items:
|
|
description: Sysctl defines a kernel parameter to be set
|
|
properties:
|
|
name:
|
|
description: Name of a property to set
|
|
type: string
|
|
value:
|
|
description: Value of a property to set
|
|
type: string
|
|
required:
|
|
- name
|
|
- value
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
windowsOptions:
|
|
description: |-
|
|
The Windows specific settings applied to all containers.
|
|
If unspecified, the options within a container's SecurityContext will be used.
|
|
If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
Note that this field cannot be set when spec.os.name is linux.
|
|
properties:
|
|
gmsaCredentialSpec:
|
|
description: |-
|
|
GMSACredentialSpec is where the GMSA admission webhook
|
|
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
|
|
GMSA credential spec named by the GMSACredentialSpecName field.
|
|
type: string
|
|
gmsaCredentialSpecName:
|
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
|
type: string
|
|
hostProcess:
|
|
description: |-
|
|
HostProcess determines if a container should be run as a 'Host Process' container.
|
|
All of a Pod's containers must have the same effective HostProcess value
|
|
(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
|
|
In addition, if HostProcess is true then HostNetwork must also be set to true.
|
|
type: boolean
|
|
runAsUserName:
|
|
description: |-
|
|
The UserName in Windows to run the entrypoint of the container process.
|
|
Defaults to the user specified in image metadata if unspecified.
|
|
May also be set in PodSecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
moverServiceAccount:
|
|
description: |-
|
|
MoverServiceAccount allows specifying the name of the service account
|
|
that will be used by the data mover. This should only be used by advanced
|
|
users who want to override the service account normally used by the mover.
|
|
The service account needs to exist in the same namespace as this CR.
|
|
type: string
|
|
moverVolumes:
|
|
description: |-
|
|
MoverVolumes are PVCs or Secrets that should additionally be mounted to the mover job pod.
|
|
This should only be used by advanced users.
|
|
items:
|
|
properties:
|
|
mountPath:
|
|
description: |-
|
|
Path to give the volume when mounting under /mnt in the mover job pod.
|
|
For example if mountPath is 'my-pvc' then this moverVolume will be mounted in the mover pod
|
|
at /mnt/my-pvc
|
|
type: string
|
|
volumeSource:
|
|
description: volumeSource represents the secret or PersistentVolumeClaim that should be mounted to the mover pod.
|
|
properties:
|
|
persistentVolumeClaim:
|
|
description: |-
|
|
persistentVolumeClaimVolumeSource represents a reference to a
|
|
PersistentVolumeClaim in the same namespace.
|
|
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
|
|
nolint:lll
|
|
properties:
|
|
claimName:
|
|
description: |-
|
|
claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
|
|
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
|
|
type: string
|
|
readOnly:
|
|
description: |-
|
|
readOnly Will force the ReadOnly setting in VolumeMounts.
|
|
Default false.
|
|
type: boolean
|
|
required:
|
|
- claimName
|
|
type: object
|
|
secret:
|
|
description: |-
|
|
secret represents a secret that should populate this volume.
|
|
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
|
|
properties:
|
|
defaultMode:
|
|
description: |-
|
|
defaultMode is Optional: mode bits used to set permissions on created files by default.
|
|
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
|
|
YAML accepts both octal and decimal values, JSON requires decimal values
|
|
for mode bits. Defaults to 0644.
|
|
Directories within the path are not affected by this setting.
|
|
This might be in conflict with other options that affect the file
|
|
mode, like fsGroup, and the result can be other mode bits set.
|
|
format: int32
|
|
type: integer
|
|
items:
|
|
description: |-
|
|
items If unspecified, each key-value pair in the Data field of the referenced
|
|
Secret will be projected into the volume as a file whose name is the
|
|
key and content is the value. If specified, the listed keys will be
|
|
projected into the specified paths, and unlisted keys will not be
|
|
present. If a key is specified which is not present in the Secret,
|
|
the volume setup will error unless it is marked optional. Paths must be
|
|
relative and may not contain the '..' path or start with '..'.
|
|
items:
|
|
description: Maps a string key to a path within a volume.
|
|
properties:
|
|
key:
|
|
description: key is the key to project.
|
|
type: string
|
|
mode:
|
|
description: |-
|
|
mode is Optional: mode bits used to set permissions on this file.
|
|
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
|
|
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
|
|
If not specified, the volume defaultMode will be used.
|
|
This might be in conflict with other options that affect the file
|
|
mode, like fsGroup, and the result can be other mode bits set.
|
|
format: int32
|
|
type: integer
|
|
path:
|
|
description: |-
|
|
path is the relative path of the file to map the key to.
|
|
May not be an absolute path.
|
|
May not contain the path element '..'.
|
|
May not start with the string '..'.
|
|
type: string
|
|
required:
|
|
- key
|
|
- path
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
optional:
|
|
description: optional field specify whether the Secret or its keys must be defined
|
|
type: boolean
|
|
secretName:
|
|
description: |-
|
|
secretName is the name of the secret in the pod's namespace to use.
|
|
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
|
|
type: string
|
|
type: object
|
|
type: object
|
|
required:
|
|
- mountPath
|
|
- volumeSource
|
|
type: object
|
|
type: array
|
|
port:
|
|
description: port is the port to connect to for replication. Defaults to 8000.
|
|
format: int32
|
|
maximum: 65535
|
|
minimum: 0
|
|
type: integer
|
|
storageClassName:
|
|
description: |-
|
|
storageClassName can be used to override the StorageClass of the PiT
|
|
image.
|
|
type: string
|
|
volumeSnapshotClassName:
|
|
description: |-
|
|
volumeSnapshotClassName can be used to specify the VSC to be used if
|
|
copyMethod is Snapshot. If not set, the default VSC is used.
|
|
type: string
|
|
type: object
|
|
sourcePVC:
|
|
description: sourcePVC is the name of the PersistentVolumeClaim (PVC) to replicate.
|
|
type: string
|
|
syncthing:
|
|
description: syncthing defines the configuration when using Syncthing-based replication.
|
|
properties:
|
|
configAccessModes:
|
|
description: Used to set the accessModes of Syncthing config volume.
|
|
items:
|
|
type: string
|
|
type: array
|
|
configCapacity:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Used to set the size of the Syncthing config volume.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
configStorageClassName:
|
|
description: Used to set the StorageClass of the Syncthing config volume.
|
|
type: string
|
|
moverAffinity:
|
|
description: MoverAffinity allows specifying the PodAffinity that will be used by the data mover
|
|
properties:
|
|
nodeAffinity:
|
|
description: Describes node affinity scheduling rules for the pod.
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and adding
|
|
"weight" to the sum if the node matches the corresponding matchExpressions; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: |-
|
|
An empty preferred scheduling term matches all objects with implicit weight 0
|
|
(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
|
|
properties:
|
|
preference:
|
|
description: A node selector term, associated with the corresponding weight.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements by node's labels.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchFields:
|
|
description: A list of node selector requirements by node's fields.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
weight:
|
|
description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- preference
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to an update), the system
|
|
may or may not try to eventually evict the pod from its node.
|
|
properties:
|
|
nodeSelectorTerms:
|
|
description: Required. A list of node selector terms. The terms are ORed.
|
|
items:
|
|
description: |-
|
|
A null or empty node selector term matches no objects. The requirements of
|
|
them are ANDed.
|
|
The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements by node's labels.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchFields:
|
|
description: A list of node selector requirements by node's fields.
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- nodeSelectorTerms
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
type: object
|
|
podAffinity:
|
|
description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and adding
|
|
"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: |-
|
|
weight associated with matching the corresponding podAffinityTerm,
|
|
in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod label update), the
|
|
system may or may not try to eventually evict the pod from its node.
|
|
When there are multiple elements, the lists of nodes corresponding to each
|
|
podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: |-
|
|
Defines a set of pods (namely those matching the labelSelector
|
|
relative to the given namespace(s)) that this pod should be
|
|
co-located (affinity) or not co-located (anti-affinity) with,
|
|
where co-located is defined as running on a node whose value of
|
|
the label with key <topologyKey> matches that of any node on which
|
|
a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
podAntiAffinity:
|
|
description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the anti-affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling anti-affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and subtracting
|
|
"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the
|
|
node(s) with the highest sum are the most preferred.
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated with the corresponding weight.
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
weight:
|
|
description: |-
|
|
weight associated with matching the corresponding podAffinityTerm,
|
|
in the range 1-100.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the anti-affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the anti-affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod label update), the
|
|
system may or may not try to eventually evict the pod from its node.
|
|
When there are multiple elements, the lists of nodes corresponding to each
|
|
podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
|
items:
|
|
description: |-
|
|
Defines a set of pods (namely those matching the labelSelector
|
|
relative to the given namespace(s)) that this pod should be
|
|
co-located (affinity) or not co-located (anti-affinity) with,
|
|
where co-located is defined as running on a node whose value of
|
|
the label with key <topologyKey> matches that of any node on which
|
|
a pod of the set of pods is running
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
items:
|
|
type: string
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
required:
|
|
- topologyKey
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
type: object
|
|
type: object
|
|
moverPodLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
Labels that should be added to data mover pods
|
|
These will be in addition to any labels that VolSync may add
|
|
type: object
|
|
moverResources:
|
|
description: |-
|
|
Resources represents compute resources required by the data mover container.
|
|
Immutable.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
|
This should only be used by advanced users as this can result in a mover
|
|
pod being unschedulable or crashing due to limited resources.
|
|
properties:
|
|
claims:
|
|
description: |-
|
|
Claims lists the names of resources, defined in spec.resourceClaims,
|
|
that are used by this container.
|
|
|
|
This field depends on the
|
|
DynamicResourceAllocation feature gate.
|
|
|
|
This field is immutable. It can only be set for containers.
|
|
items:
|
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
|
properties:
|
|
name:
|
|
description: |-
|
|
Name must match the name of one entry in pod.spec.resourceClaims of
|
|
the Pod where this field is used. It makes that resource available
|
|
inside a container.
|
|
type: string
|
|
request:
|
|
description: |-
|
|
Request is the name chosen for a request in the referenced claim.
|
|
If empty, everything from the claim is made available, otherwise
|
|
only the result of this request.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-map-keys:
|
|
- name
|
|
x-kubernetes-list-type: map
|
|
limits:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Limits describes the maximum amount of compute resources allowed.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
requests:
|
|
additionalProperties:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
description: |-
|
|
Requests describes the minimum amount of compute resources required.
|
|
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
|
|
otherwise to an implementation-defined value. Requests cannot exceed Limits.
|
|
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
|
type: object
|
|
type: object
|
|
moverSecurityContext:
|
|
description: |-
|
|
MoverSecurityContext allows specifying the PodSecurityContext that will
|
|
be used by the data mover
|
|
properties:
|
|
appArmorProfile:
|
|
description: |-
|
|
appArmorProfile is the AppArmor options to use by the containers in this pod.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
localhostProfile:
|
|
description: |-
|
|
localhostProfile indicates a profile loaded on the node that should be used.
|
|
The profile must be preconfigured on the node to work.
|
|
Must match the loaded name of the profile.
|
|
Must be set if and only if type is "Localhost".
|
|
type: string
|
|
type:
|
|
description: |-
|
|
type indicates which kind of AppArmor profile will be applied.
|
|
Valid options are:
|
|
Localhost - a profile pre-loaded on the node.
|
|
RuntimeDefault - the container runtime's default profile.
|
|
Unconfined - no AppArmor enforcement.
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
fsGroup:
|
|
description: |-
|
|
A special supplemental group that applies to all containers in a pod.
|
|
Some volume types allow the Kubelet to change the ownership of that volume
|
|
to be owned by the pod:
|
|
|
|
1. The owning GID will be the FSGroup
|
|
2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
|
|
3. The permission bits are OR'd with rw-rw----
|
|
|
|
If unset, the Kubelet will not modify the ownership and permissions of any volume.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
fsGroupChangePolicy:
|
|
description: |-
|
|
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
|
|
before being exposed inside Pod. This field will only apply to
|
|
volume types which support fsGroup based ownership(and permissions).
|
|
It will have no effect on ephemeral volume types such as: secret, configmaps
|
|
and emptydir.
|
|
Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
runAsGroup:
|
|
description: |-
|
|
The GID to run the entrypoint of the container process.
|
|
Uses runtime default if unset.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence
|
|
for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
runAsNonRoot:
|
|
description: |-
|
|
Indicates that the container must run as a non-root user.
|
|
If true, the Kubelet will validate the image at runtime to ensure that it
|
|
does not run as UID 0 (root) and fail to start the container if it does.
|
|
If unset or false, no such validation will be performed.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
type: boolean
|
|
runAsUser:
|
|
description: |-
|
|
The UID to run the entrypoint of the container process.
|
|
Defaults to user specified in image metadata if unspecified.
|
|
May also be set in SecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence
|
|
for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
format: int64
|
|
type: integer
|
|
seLinuxChangePolicy:
|
|
description: |-
|
|
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
|
|
It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
|
|
Valid values are "MountOption" and "Recursive".
|
|
|
|
"Recursive" means relabeling of all files on all Pod volumes by the container runtime.
|
|
This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
|
|
|
|
"MountOption" mounts all eligible Pod volumes with `-o context` mount option.
|
|
This requires all Pods that share the same volume to use the same SELinux label.
|
|
It is not possible to share the same volume among privileged and unprivileged Pods.
|
|
Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
|
|
whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
|
|
CSIDriver instance. Other volumes are always re-labelled recursively.
|
|
"MountOption" value is allowed only when SELinuxMount feature gate is enabled.
|
|
|
|
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
|
|
If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
|
|
and "Recursive" for all other volumes.
|
|
|
|
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
|
|
|
|
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
seLinuxOptions:
|
|
description: |-
|
|
The SELinux context to be applied to all containers.
|
|
If unspecified, the container runtime will allocate a random SELinux context for each
|
|
container. May also be set in SecurityContext. If set in
|
|
both SecurityContext and PodSecurityContext, the value specified in SecurityContext
|
|
takes precedence for that container.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
level:
|
|
description: Level is SELinux level label that applies to the container.
|
|
type: string
|
|
role:
|
|
description: Role is a SELinux role label that applies to the container.
|
|
type: string
|
|
type:
|
|
description: Type is a SELinux type label that applies to the container.
|
|
type: string
|
|
user:
|
|
description: User is a SELinux user label that applies to the container.
|
|
type: string
|
|
type: object
|
|
seccompProfile:
|
|
description: |-
|
|
The seccomp options to use by the containers in this pod.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
properties:
|
|
localhostProfile:
|
|
description: |-
|
|
localhostProfile indicates a profile defined in a file on the node should be used.
|
|
The profile must be preconfigured on the node to work.
|
|
Must be a descending path, relative to the kubelet's configured seccomp profile location.
|
|
Must be set if type is "Localhost". Must NOT be set for any other type.
|
|
type: string
|
|
type:
|
|
description: |-
|
|
type indicates which kind of seccomp profile will be applied.
|
|
Valid options are:
|
|
|
|
Localhost - a profile defined in a file on the node should be used.
|
|
RuntimeDefault - the container runtime default profile should be used.
|
|
Unconfined - no profile should be applied.
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
supplementalGroups:
|
|
description: |-
|
|
A list of groups applied to the first process run in each container, in
|
|
addition to the container's primary GID and fsGroup (if specified). If
|
|
the SupplementalGroupsPolicy feature is enabled, the
|
|
supplementalGroupsPolicy field determines whether these are in addition
|
|
to or instead of any group memberships defined in the container image.
|
|
If unspecified, no additional groups are added, though group memberships
|
|
defined in the container image may still be used, depending on the
|
|
supplementalGroupsPolicy field.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
items:
|
|
format: int64
|
|
type: integer
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
supplementalGroupsPolicy:
|
|
description: |-
|
|
Defines how supplemental groups of the first container processes are calculated.
|
|
Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
|
|
(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
|
|
and the container runtime must implement support for this feature.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
type: string
|
|
sysctls:
|
|
description: |-
|
|
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
|
|
sysctls (by the container runtime) might fail to launch.
|
|
Note that this field cannot be set when spec.os.name is windows.
|
|
items:
|
|
description: Sysctl defines a kernel parameter to be set
|
|
properties:
|
|
name:
|
|
description: Name of a property to set
|
|
type: string
|
|
value:
|
|
description: Value of a property to set
|
|
type: string
|
|
required:
|
|
- name
|
|
- value
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
windowsOptions:
|
|
description: |-
|
|
The Windows specific settings applied to all containers.
|
|
If unspecified, the options within a container's SecurityContext will be used.
|
|
If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
Note that this field cannot be set when spec.os.name is linux.
|
|
properties:
|
|
gmsaCredentialSpec:
|
|
description: |-
|
|
GMSACredentialSpec is where the GMSA admission webhook
|
|
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
|
|
GMSA credential spec named by the GMSACredentialSpecName field.
|
|
type: string
|
|
gmsaCredentialSpecName:
|
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
|
type: string
|
|
hostProcess:
|
|
description: |-
|
|
HostProcess determines if a container should be run as a 'Host Process' container.
|
|
All of a Pod's containers must have the same effective HostProcess value
|
|
(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
|
|
In addition, if HostProcess is true then HostNetwork must also be set to true.
|
|
type: boolean
|
|
runAsUserName:
|
|
description: |-
|
|
The UserName in Windows to run the entrypoint of the container process.
|
|
Defaults to the user specified in image metadata if unspecified.
|
|
May also be set in PodSecurityContext. If set in both SecurityContext and
|
|
PodSecurityContext, the value specified in SecurityContext takes precedence.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
moverServiceAccount:
|
|
description: |-
|
|
MoverServiceAccount allows specifying the name of the service account
|
|
that will be used by the data mover. This should only be used by advanced
|
|
users who want to override the service account normally used by the mover.
|
|
The service account needs to exist in the same namespace as this CR.
|
|
type: string
|
|
moverVolumes:
|
|
description: |-
|
|
MoverVolumes are PVCs or Secrets that should additionally be mounted to the mover job pod.
|
|
This should only be used by advanced users.
|
|
items:
|
|
properties:
|
|
mountPath:
|
|
description: |-
|
|
Path to give the volume when mounting under /mnt in the mover job pod.
|
|
For example if mountPath is 'my-pvc' then this moverVolume will be mounted in the mover pod
|
|
at /mnt/my-pvc
|
|
type: string
|
|
volumeSource:
|
|
description: volumeSource represents the secret or PersistentVolumeClaim that should be mounted to the mover pod.
|
|
properties:
|
|
persistentVolumeClaim:
|
|
description: |-
|
|
persistentVolumeClaimVolumeSource represents a reference to a
|
|
PersistentVolumeClaim in the same namespace.
|
|
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
|
|
nolint:lll
|
|
properties:
|
|
claimName:
|
|
description: |-
|
|
claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
|
|
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
|
|
type: string
|
|
readOnly:
|
|
description: |-
|
|
readOnly Will force the ReadOnly setting in VolumeMounts.
|
|
Default false.
|
|
type: boolean
|
|
required:
|
|
- claimName
|
|
type: object
|
|
secret:
|
|
description: |-
|
|
secret represents a secret that should populate this volume.
|
|
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
|
|
properties:
|
|
defaultMode:
|
|
description: |-
|
|
defaultMode is Optional: mode bits used to set permissions on created files by default.
|
|
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
|
|
YAML accepts both octal and decimal values, JSON requires decimal values
|
|
for mode bits. Defaults to 0644.
|
|
Directories within the path are not affected by this setting.
|
|
This might be in conflict with other options that affect the file
|
|
mode, like fsGroup, and the result can be other mode bits set.
|
|
format: int32
|
|
type: integer
|
|
items:
|
|
description: |-
|
|
items If unspecified, each key-value pair in the Data field of the referenced
|
|
Secret will be projected into the volume as a file whose name is the
|
|
key and content is the value. If specified, the listed keys will be
|
|
projected into the specified paths, and unlisted keys will not be
|
|
present. If a key is specified which is not present in the Secret,
|
|
the volume setup will error unless it is marked optional. Paths must be
|
|
relative and may not contain the '..' path or start with '..'.
|
|
items:
|
|
description: Maps a string key to a path within a volume.
|
|
properties:
|
|
key:
|
|
description: key is the key to project.
|
|
type: string
|
|
mode:
|
|
description: |-
|
|
mode is Optional: mode bits used to set permissions on this file.
|
|
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
|
|
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
|
|
If not specified, the volume defaultMode will be used.
|
|
This might be in conflict with other options that affect the file
|
|
mode, like fsGroup, and the result can be other mode bits set.
|
|
format: int32
|
|
type: integer
|
|
path:
|
|
description: |-
|
|
path is the relative path of the file to map the key to.
|
|
May not be an absolute path.
|
|
May not contain the path element '..'.
|
|
May not start with the string '..'.
|
|
type: string
|
|
required:
|
|
- key
|
|
- path
|
|
type: object
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
optional:
|
|
description: optional field specify whether the Secret or its keys must be defined
|
|
type: boolean
|
|
secretName:
|
|
description: |-
|
|
secretName is the name of the secret in the pod's namespace to use.
|
|
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
|
|
type: string
|
|
type: object
|
|
type: object
|
|
required:
|
|
- mountPath
|
|
- volumeSource
|
|
type: object
|
|
type: array
|
|
peers:
|
|
description: List of Syncthing peers to be connected for syncing
|
|
items:
|
|
description: |-
|
|
SyncthingPeer Defines the necessary information needed by VolSync
|
|
to configure a given peer with the running Syncthing instance.
|
|
properties:
|
|
ID:
|
|
description: The peer's Syncthing ID.
|
|
type: string
|
|
address:
|
|
description: The peer's address that our Syncthing node will connect to.
|
|
type: string
|
|
introducer:
|
|
description: |-
|
|
A flag that determines whether this peer should
|
|
introduce us to other peers sharing this volume.
|
|
It is HIGHLY recommended that two Syncthing peers do NOT
|
|
set each other as introducers as you will have a difficult time
|
|
disconnecting the two.
|
|
type: boolean
|
|
required:
|
|
- ID
|
|
- address
|
|
- introducer
|
|
type: object
|
|
type: array
|
|
serviceType:
|
|
description: Type of service to be used when exposing the Syncthing peer
|
|
type: string
|
|
type: object
|
|
trigger:
|
|
description: |-
|
|
trigger determines when the latest state of the volume will be captured
|
|
(and potentially replicated to the destination).
|
|
properties:
|
|
manual:
|
|
description: |-
|
|
manual is a string value that schedules a manual trigger.
|
|
Once a sync completes then status.lastManualSync is set to the same string value.
|
|
A consumer of a manual trigger should set spec.trigger.manual to a known value
|
|
and then wait for lastManualSync to be updated by the operator to the same value,
|
|
which means that the manual trigger will then pause and wait for further
|
|
updates to the trigger.
|
|
type: string
|
|
schedule:
|
|
description: |-
|
|
schedule is a cronspec (https://en.wikipedia.org/wiki/Cron#Overview) that
|
|
can be used to schedule replication to occur at regular, time-based
|
|
intervals.
|
|
nolint:lll
|
|
pattern: ^(@(annually|yearly|monthly|weekly|daily|hourly))|((((\d+,)*\d+|(\d+(\/|-)\d+)|\*(\/\d+)?)\s?){5})$
|
|
type: string
|
|
type: object
|
|
type: object
|
|
status:
|
|
description: |-
|
|
status is the observed state of the ReplicationSource as determined by
|
|
the controller.
|
|
properties:
|
|
conditions:
|
|
description: |-
|
|
conditions represent the latest available observations of the
|
|
source's state.
|
|
items:
|
|
description: Condition contains details for one aspect of the current state of this API Resource.
|
|
properties:
|
|
lastTransitionTime:
|
|
description: |-
|
|
lastTransitionTime is the last time the condition transitioned from one status to another.
|
|
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: |-
|
|
message is a human readable message indicating details about the transition.
|
|
This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: |-
|
|
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
|
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
|
with respect to the current state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: |-
|
|
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
|
Producers of specific condition types may define expected values and meanings for this field,
|
|
and whether the values are considered a guaranteed API.
|
|
The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
external:
|
|
additionalProperties:
|
|
type: string
|
|
description: |-
|
|
external contains provider-specific status information. For more details,
|
|
please see the documentation of the specific replication provider being
|
|
used.
|
|
type: object
|
|
lastManualSync:
|
|
description: lastManualSync is set to the last spec.trigger.manual when the manual sync is done.
|
|
type: string
|
|
lastSyncDuration:
|
|
description: |-
|
|
lastSyncDuration is the amount of time required to send the most recent
|
|
update.
|
|
type: string
|
|
lastSyncStartTime:
|
|
description: lastSyncStartTime is the time the most recent synchronization started.
|
|
format: date-time
|
|
type: string
|
|
lastSyncTime:
|
|
description: lastSyncTime is the time of the most recent successful synchronization.
|
|
format: date-time
|
|
type: string
|
|
latestMoverStatus:
|
|
description: Logs/Summary from latest mover job
|
|
properties:
|
|
logs:
|
|
type: string
|
|
result:
|
|
type: string
|
|
type: object
|
|
nextSyncTime:
|
|
description: |-
|
|
nextSyncTime is the time when the next volume synchronization is
|
|
scheduled to start (for schedule-based synchronization).
|
|
format: date-time
|
|
type: string
|
|
restic:
|
|
description: restic contains status information for Restic-based replication.
|
|
properties:
|
|
lastPruned:
|
|
description: lastPruned in the object holding the time of last pruned
|
|
format: date-time
|
|
type: string
|
|
lastUnlocked:
|
|
description: |-
|
|
lastUnlocked is set to the last spec.restic.unlock when a sync is done that unlocks the
|
|
restic repository.
|
|
type: string
|
|
type: object
|
|
rsync:
|
|
description: rsync contains status information for Rsync-based replication.
|
|
properties:
|
|
address:
|
|
description: |-
|
|
address is the address to connect to for incoming SSH replication
|
|
connections.
|
|
type: string
|
|
port:
|
|
description: |-
|
|
port is the SSH port to connect to for incoming SSH replication
|
|
connections.
|
|
format: int32
|
|
type: integer
|
|
sshKeys:
|
|
description: |-
|
|
sshKeys is the name of a Secret that contains the SSH keys to be used for
|
|
authentication. If not provided in .spec.rsync.sshKeys, SSH keys will be
|
|
generated and the appropriate keys for the remote side will be placed
|
|
here.
|
|
type: string
|
|
type: object
|
|
rsyncTLS:
|
|
description: rsyncTLS contains status information for Rsync-based replication over TLS.
|
|
properties:
|
|
keySecret:
|
|
description: |-
|
|
keySecret is the name of a Secret that contains the TLS pre-shared key to
|
|
be used for authentication. If not provided in .spec.rsyncTLS.keySecret,
|
|
the key Secret will be generated and named here.
|
|
type: string
|
|
type: object
|
|
syncthing:
|
|
description: contains status information when Syncthing-based replication is used.
|
|
properties:
|
|
ID:
|
|
description: Device ID of the current syncthing device
|
|
type: string
|
|
address:
|
|
description: Service address where Syncthing is exposed to the rest of the world
|
|
type: string
|
|
peers:
|
|
description: List of the Syncthing nodes we are currently connected to.
|
|
items:
|
|
description: |-
|
|
SyncthingPeerStatus Is a struct that contains information pertaining to
|
|
the status of a given Syncthing peer.
|
|
properties:
|
|
ID:
|
|
description: ID Is the peer's Syncthing ID.
|
|
type: string
|
|
address:
|
|
description: The address of the Syncthing peer.
|
|
type: string
|
|
connected:
|
|
description: Flag indicating whether peer is currently connected.
|
|
type: boolean
|
|
introducedBy:
|
|
description: The ID of the Syncthing peer that this one was introduced by.
|
|
type: string
|
|
name:
|
|
description: A friendly name to associate the given device.
|
|
type: string
|
|
required:
|
|
- ID
|
|
- address
|
|
- connected
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
---
|
|
# Source: volsync/charts/volsync/templates/clusterrole-manager.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: volsync-manager
|
|
labels:
|
|
helm.sh/chart: volsync-0.14.0
|
|
app.kubernetes.io/name: volsync
|
|
app.kubernetes.io/instance: volsync
|
|
app.kubernetes.io/version: "0.14.0"
|
|
app.kubernetes.io/managed-by: Helm
|
|
rules:
|
|
- apiGroups:
|
|
- apps
|
|
resources:
|
|
- deployments
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- deletecollection
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- batch
|
|
resources:
|
|
- jobs
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- deletecollection
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- namespaces
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- nodes
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- persistentvolumeclaims
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- deletecollection
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- persistentvolumeclaims/finalizers
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- persistentvolumes
|
|
verbs:
|
|
- get
|
|
- list
|
|
- patch
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- pods
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- pods/log
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- secrets
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- serviceaccounts
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- services
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- events.k8s.io
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- populator.storage.k8s.io
|
|
resources:
|
|
- volumepopulators
|
|
verbs:
|
|
- create
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- rbac.authorization.k8s.io
|
|
resources:
|
|
- rolebindings
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- rbac.authorization.k8s.io
|
|
resources:
|
|
- roles
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- security.openshift.io
|
|
resources:
|
|
- securitycontextconstraints
|
|
verbs:
|
|
- create
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- security.openshift.io
|
|
resourceNames:
|
|
- volsync-privileged-mover
|
|
resources:
|
|
- securitycontextconstraints
|
|
verbs:
|
|
- use
|
|
- apiGroups:
|
|
- snapshot.storage.k8s.io
|
|
resources:
|
|
- volumesnapshots
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- deletecollection
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- storage.k8s.io
|
|
resources:
|
|
- storageclasses
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- volsync.backube
|
|
resources:
|
|
- replicationdestinations
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- volsync.backube
|
|
resources:
|
|
- replicationdestinations/finalizers
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- volsync.backube
|
|
resources:
|
|
- replicationdestinations/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- volsync.backube
|
|
resources:
|
|
- replicationsources
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- volsync.backube
|
|
resources:
|
|
- replicationsources/finalizers
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- volsync.backube
|
|
resources:
|
|
- replicationsources/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
---
|
|
# Source: volsync/charts/volsync/templates/clusterrolebinding-manager.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: volsync-manager
|
|
labels:
|
|
helm.sh/chart: volsync-0.14.0
|
|
app.kubernetes.io/name: volsync
|
|
app.kubernetes.io/instance: volsync
|
|
app.kubernetes.io/version: "0.14.0"
|
|
app.kubernetes.io/managed-by: Helm
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: volsync-manager
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: volsync
|
|
namespace: volsync
|
|
---
|
|
# Source: volsync/charts/volsync/templates/role-leader-election.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: volsync-leader-election
|
|
labels:
|
|
helm.sh/chart: volsync-0.14.0
|
|
app.kubernetes.io/name: volsync
|
|
app.kubernetes.io/instance: volsync
|
|
app.kubernetes.io/version: "0.14.0"
|
|
app.kubernetes.io/managed-by: Helm
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- patch
|
|
- delete
|
|
- apiGroups:
|
|
- coordination.k8s.io
|
|
resources:
|
|
- leases
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- patch
|
|
- delete
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- patch
|
|
---
|
|
# Source: volsync/charts/volsync/templates/rolebinding-leader-election.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: volsync-leader-election
|
|
labels:
|
|
helm.sh/chart: volsync-0.14.0
|
|
app.kubernetes.io/name: volsync
|
|
app.kubernetes.io/instance: volsync
|
|
app.kubernetes.io/version: "0.14.0"
|
|
app.kubernetes.io/managed-by: Helm
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: volsync-leader-election
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: volsync
|
|
namespace: volsync
|
|
---
|
|
# Source: volsync/charts/volsync/templates/service-metrics.yaml
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: volsync-metrics
|
|
labels:
|
|
control-plane: volsync-controller
|
|
helm.sh/chart: volsync-0.14.0
|
|
app.kubernetes.io/name: volsync
|
|
app.kubernetes.io/instance: volsync
|
|
app.kubernetes.io/version: "0.14.0"
|
|
app.kubernetes.io/managed-by: Helm
|
|
spec:
|
|
ports:
|
|
- name: https
|
|
port: 8443
|
|
targetPort: https
|
|
selector:
|
|
control-plane: volsync-controller
|
|
---
|
|
# Source: volsync/charts/volsync/templates/deployment-controller.yaml
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: volsync
|
|
labels:
|
|
control-plane: volsync-controller
|
|
helm.sh/chart: volsync-0.14.0
|
|
app.kubernetes.io/name: volsync
|
|
app.kubernetes.io/instance: volsync
|
|
app.kubernetes.io/version: "0.14.0"
|
|
app.kubernetes.io/managed-by: Helm
|
|
spec:
|
|
replicas: 3
|
|
selector:
|
|
matchLabels:
|
|
control-plane: volsync-controller
|
|
app.kubernetes.io/name: volsync
|
|
app.kubernetes.io/instance: volsync
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
kubectl.kubernetes.io/default-container: manager
|
|
labels:
|
|
control-plane: volsync-controller
|
|
app.kubernetes.io/name: volsync
|
|
app.kubernetes.io/instance: volsync
|
|
spec:
|
|
serviceAccountName: volsync
|
|
# The default for podSecurityContext is moved here so that we can probe
|
|
# the cluster and and adjust the template
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
# When not OpenShift, we need to set the UID
|
|
runAsUser: 65534
|
|
runAsGroup: 65534
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
containers:
|
|
- name: kube-rbac-proxy
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- "ALL"
|
|
readOnlyRootFilesystem: true
|
|
image: "quay.io/brancz/kube-rbac-proxy:v0.19.0"
|
|
args:
|
|
- --secure-listen-address=0.0.0.0:8443
|
|
- --upstream=http://127.0.0.1:8080/
|
|
- --logtostderr=true
|
|
- "--tls-min-version=VersionTLS12"
|
|
- --v=0
|
|
- --ignore-paths=/metrics
|
|
ports:
|
|
- containerPort: 8443
|
|
protocol: TCP
|
|
name: https
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 128Mi
|
|
requests:
|
|
cpu: 5m
|
|
memory: 64Mi
|
|
- name: manager
|
|
args:
|
|
- --health-probe-bind-address=:8081
|
|
- --metrics-bind-address=127.0.0.1:8080
|
|
- --leader-elect
|
|
- --rclone-container-image=quay.io/backube/volsync:0.14.0
|
|
- --restic-container-image=quay.io/backube/volsync:0.14.0
|
|
- --rsync-container-image=quay.io/backube/volsync:0.14.0
|
|
- --rsync-tls-container-image=quay.io/backube/volsync:0.14.0
|
|
- --syncthing-container-image=quay.io/backube/volsync:0.14.0
|
|
- --scc-name=volsync-privileged-mover
|
|
command:
|
|
- /manager
|
|
image: "quay.io/backube/volsync:0.14.0"
|
|
imagePullPolicy: IfNotPresent
|
|
env:
|
|
- name: VOLSYNC_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 8081
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 20
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /readyz
|
|
port: 8081
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
resources:
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 128Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
volumeMounts:
|
|
- name: tempdir
|
|
mountPath: /tmp
|
|
terminationGracePeriodSeconds: 10
|
|
volumes:
|
|
- name: tempdir
|
|
emptyDir:
|
|
medium: "Memory"
|