From 2b6da7e700525c4d8c959091af7813291a5d8c03 Mon Sep 17 00:00:00 2001 From: Andrej Krejcir Date: Tue, 5 Nov 2024 16:38:08 +0100 Subject: [PATCH 1/4] cleanup: remove deprecated API version v1beta1 The version v1beta2 was introduced in v0.18.0. Users probably have updated to this API version by now. Signed-off-by: Andrej Krejcir --- PROJECT | 14 - api/v1beta1/groupversion_info.go | 36 - api/v1beta1/ssp_types.go | 171 - api/v1beta1/zz_generated.deepcopy.go | 299 -- config/crd/bases/ssp.kubevirt.io_ssps.yaml | 3255 ----------------- config/webhook/manifests.yaml | 1 - data/crd/ssp.kubevirt.io_ssps.yaml | 3255 ----------------- .../ssp-operator.clusterserviceversion.yaml | 3 - docs/configuration.md | 6 +- internal/common/scheme.go | 2 - tests/tests_suite_test.go | 2 - tests/webhook_test.go | 17 - .../api/v1beta1/groupversion_info.go | 36 - .../ssp-operator/api/v1beta1/ssp_types.go | 171 - .../api/v1beta1/zz_generated.deepcopy.go | 299 -- vendor/modules.txt | 1 - webhooks/ssp_webhook.go | 60 +- webhooks/ssp_webhook_test.go | 65 +- 18 files changed, 18 insertions(+), 7675 deletions(-) delete mode 100644 api/v1beta1/groupversion_info.go delete mode 100644 api/v1beta1/ssp_types.go delete mode 100644 api/v1beta1/zz_generated.deepcopy.go delete mode 100644 vendor/kubevirt.io/ssp-operator/api/v1beta1/groupversion_info.go delete mode 100644 vendor/kubevirt.io/ssp-operator/api/v1beta1/ssp_types.go delete mode 100644 vendor/kubevirt.io/ssp-operator/api/v1beta1/zz_generated.deepcopy.go diff --git a/PROJECT b/PROJECT index 91986d824..2c41f4bfa 100644 --- a/PROJECT +++ b/PROJECT @@ -17,20 +17,6 @@ resources: # defaulting: true validation: true webhookVersion: v1 -- api: - crdVersion: v1 - namespaced: true - controller: true - domain: kubevirt.io - group: ssp - kind: SSP - path: kubevirt.io/ssp-operator/api/v1beta1 - version: v1beta1 - webhooks: - # conversion: true - # defaulting: true - validation: true - webhookVersion: v1 version: "3" plugins: manifests.sdk.operatorframework.io/v2: {} diff --git a/api/v1beta1/groupversion_info.go b/api/v1beta1/groupversion_info.go deleted file mode 100644 index 6a35a63df..000000000 --- a/api/v1beta1/groupversion_info.go +++ /dev/null @@ -1,36 +0,0 @@ -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package v1beta1 contains API Schema definitions for the ssp v1beta1 API group -// +kubebuilder:object:generate=true -// +groupName=ssp.kubevirt.io -package v1beta1 - -import ( - "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" -) - -var ( - // GroupVersion is group version used to register these objects - GroupVersion = schema.GroupVersion{Group: "ssp.kubevirt.io", Version: "v1beta1"} - - // SchemeBuilder is used to add go types to the GroupVersionKind scheme - SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} - - // AddToScheme adds the types in this group-version to the given scheme. - AddToScheme = SchemeBuilder.AddToScheme -) diff --git a/api/v1beta1/ssp_types.go b/api/v1beta1/ssp_types.go deleted file mode 100644 index 1f962e17d..000000000 --- a/api/v1beta1/ssp_types.go +++ /dev/null @@ -1,171 +0,0 @@ -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - ocpv1 "github.com/openshift/api/config/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - cdiv1beta1 "kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1" - lifecycleapi "kubevirt.io/controller-lifecycle-operator-sdk/api" -) - -const ( - OperatorPausedAnnotation = "kubevirt.io/operator.paused" -) - -type TemplateValidator struct { - // Replicas is the number of replicas of the template validator pod - //+kubebuilder:validation:Minimum=0 - //+kubebuilder:default=2 - Replicas *int32 `json:"replicas,omitempty"` - - // Placement describes the node scheduling configuration - Placement *lifecycleapi.NodePlacement `json:"placement,omitempty"` -} - -type CommonTemplates struct { - // Namespace is the k8s namespace where CommonTemplates should be installed - //+kubebuilder:validation:MaxLength=63 - //+kubebuilder:validation:Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - Namespace string `json:"namespace"` - - // DataImportCronTemplates defines a list of DataImportCrons managed by the SSP - // Operator. This is intended for images used by CommonTemplates. - DataImportCronTemplates []DataImportCronTemplate `json:"dataImportCronTemplates,omitempty"` -} - -type NodeLabeller struct { - // Placement describes the node scheduling configuration - Placement *lifecycleapi.NodePlacement `json:"placement,omitempty"` -} - -type CommonInstancetypes struct { - // URL of a remote Kustomize target from which to generate and deploy resources. - // - // The following caveats apply to the provided URL: - // - // * Only 'https://' and 'git://' URLs are supported. - // - // * The URL must include '?ref=$ref' or '?version=$ref' pinning it to a specific - // reference. It is recommended that the reference be a specific commit or tag - // to ensure the generated contents does not change over time. As such it is - // recommended not to use branches as the ref for the time being. - // - // * Only VirtualMachineClusterPreference and VirtualMachineClusterInstancetype - // resources generated from the URL are deployed by the operand. - // - // See the following Kustomize documentation for more details: - // - // remote targets - // https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md - URL *string `json:"url,omitempty"` -} - -// SSPSpec defines the desired state of SSP -type SSPSpec struct { - // TemplateValidator is configuration of the template validator operand - TemplateValidator *TemplateValidator `json:"templateValidator,omitempty"` - - // CommonTemplates is the configuration of the common templates operand - CommonTemplates CommonTemplates `json:"commonTemplates"` - - // NodeLabeller is configuration of the node-labeller operand - NodeLabeller *NodeLabeller `json:"nodeLabeller,omitempty"` - - // TLSSecurityProfile is a configuration for the TLS. - TLSSecurityProfile *ocpv1.TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` - - // CommonInstancetypes is the configuration of the common-instancetypes operand - CommonInstancetypes *CommonInstancetypes `json:"commonInstancetypes,omitempty"` - - // TektonPipelines is the configuration of the tekton-pipelines operand - TektonPipelines *TektonPipelines `json:"tektonPipelines,omitempty"` - - // TektonTasks is the configuration of the tekton-tasks operand - TektonTasks *TektonTasks `json:"tektonTasks,omitempty"` - - // FeatureGates is the configuration of the tekton operands - FeatureGates *FeatureGates `json:"featureGates,omitempty"` -} - -// TektonPipelines defines the desired state of pipelines -type TektonPipelines struct { - Namespace string `json:"namespace,omitempty"` -} - -// TektonTasks defines variables for configuration of tasks -type TektonTasks struct { - Namespace string `json:"namespace,omitempty"` -} - -// FeatureGates defines feature gate for tto operator -type FeatureGates struct { - DeployTektonTaskResources bool `json:"deployTektonTaskResources,omitempty"` -} - -// DataImportCronTemplate defines the template type for DataImportCrons. -// It requires metadata.name to be specified while leaving namespace as optional. -type DataImportCronTemplate struct { - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec cdiv1beta1.DataImportCronSpec `json:"spec"` -} - -// AsDataImportCron converts the DataImportCronTemplate to a cdiv1beta1.DataImportCron -func (t *DataImportCronTemplate) AsDataImportCron() cdiv1beta1.DataImportCron { - return cdiv1beta1.DataImportCron{ - ObjectMeta: t.ObjectMeta, - Spec: t.Spec, - } -} - -// SSPStatus defines the observed state of SSP -type SSPStatus struct { - lifecycleapi.Status `json:",inline"` - - // Paused is true when the operator notices paused annotation. - Paused bool `json:"paused,omitempty"` - - // ObservedGeneration is the latest generation observed by the operator. - ObservedGeneration int64 `json:"observedGeneration,omitempty"` -} - -// +kubebuilder:object:root=true -// +kubebuilder:subresource:status -// +kubebuilder:deprecatedversion:warning="ssp.kubevirt.io/v1beta1 ssp is deprecated" -// SSP is the Schema for the ssps API -// +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=".status.phase" -type SSP struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec SSPSpec `json:"spec,omitempty"` - Status SSPStatus `json:"status,omitempty"` -} - -// +kubebuilder:object:root=true - -// SSPList contains a list of SSP -type SSPList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []SSP `json:"items"` -} - -func init() { - SchemeBuilder.Register(&SSP{}, &SSPList{}) -} diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go deleted file mode 100644 index 92c3e9d9c..000000000 --- a/api/v1beta1/zz_generated.deepcopy.go +++ /dev/null @@ -1,299 +0,0 @@ -//go:build !ignore_autogenerated - -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by controller-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "github.com/openshift/api/config/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CommonInstancetypes) DeepCopyInto(out *CommonInstancetypes) { - *out = *in - if in.URL != nil { - in, out := &in.URL, &out.URL - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonInstancetypes. -func (in *CommonInstancetypes) DeepCopy() *CommonInstancetypes { - if in == nil { - return nil - } - out := new(CommonInstancetypes) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CommonTemplates) DeepCopyInto(out *CommonTemplates) { - *out = *in - if in.DataImportCronTemplates != nil { - in, out := &in.DataImportCronTemplates, &out.DataImportCronTemplates - *out = make([]DataImportCronTemplate, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonTemplates. -func (in *CommonTemplates) DeepCopy() *CommonTemplates { - if in == nil { - return nil - } - out := new(CommonTemplates) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DataImportCronTemplate) DeepCopyInto(out *DataImportCronTemplate) { - *out = *in - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataImportCronTemplate. -func (in *DataImportCronTemplate) DeepCopy() *DataImportCronTemplate { - if in == nil { - return nil - } - out := new(DataImportCronTemplate) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FeatureGates) DeepCopyInto(out *FeatureGates) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGates. -func (in *FeatureGates) DeepCopy() *FeatureGates { - if in == nil { - return nil - } - out := new(FeatureGates) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeLabeller) DeepCopyInto(out *NodeLabeller) { - *out = *in - if in.Placement != nil { - in, out := &in.Placement, &out.Placement - *out = (*in).DeepCopy() - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeLabeller. -func (in *NodeLabeller) DeepCopy() *NodeLabeller { - if in == nil { - return nil - } - out := new(NodeLabeller) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SSP) DeepCopyInto(out *SSP) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSP. -func (in *SSP) DeepCopy() *SSP { - if in == nil { - return nil - } - out := new(SSP) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *SSP) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SSPList) DeepCopyInto(out *SSPList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]SSP, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSPList. -func (in *SSPList) DeepCopy() *SSPList { - if in == nil { - return nil - } - out := new(SSPList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *SSPList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SSPSpec) DeepCopyInto(out *SSPSpec) { - *out = *in - if in.TemplateValidator != nil { - in, out := &in.TemplateValidator, &out.TemplateValidator - *out = new(TemplateValidator) - (*in).DeepCopyInto(*out) - } - in.CommonTemplates.DeepCopyInto(&out.CommonTemplates) - if in.NodeLabeller != nil { - in, out := &in.NodeLabeller, &out.NodeLabeller - *out = new(NodeLabeller) - (*in).DeepCopyInto(*out) - } - if in.TLSSecurityProfile != nil { - in, out := &in.TLSSecurityProfile, &out.TLSSecurityProfile - *out = new(v1.TLSSecurityProfile) - (*in).DeepCopyInto(*out) - } - if in.CommonInstancetypes != nil { - in, out := &in.CommonInstancetypes, &out.CommonInstancetypes - *out = new(CommonInstancetypes) - (*in).DeepCopyInto(*out) - } - if in.TektonPipelines != nil { - in, out := &in.TektonPipelines, &out.TektonPipelines - *out = new(TektonPipelines) - **out = **in - } - if in.TektonTasks != nil { - in, out := &in.TektonTasks, &out.TektonTasks - *out = new(TektonTasks) - **out = **in - } - if in.FeatureGates != nil { - in, out := &in.FeatureGates, &out.FeatureGates - *out = new(FeatureGates) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSPSpec. -func (in *SSPSpec) DeepCopy() *SSPSpec { - if in == nil { - return nil - } - out := new(SSPSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SSPStatus) DeepCopyInto(out *SSPStatus) { - *out = *in - in.Status.DeepCopyInto(&out.Status) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSPStatus. -func (in *SSPStatus) DeepCopy() *SSPStatus { - if in == nil { - return nil - } - out := new(SSPStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TektonPipelines) DeepCopyInto(out *TektonPipelines) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TektonPipelines. -func (in *TektonPipelines) DeepCopy() *TektonPipelines { - if in == nil { - return nil - } - out := new(TektonPipelines) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TektonTasks) DeepCopyInto(out *TektonTasks) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TektonTasks. -func (in *TektonTasks) DeepCopy() *TektonTasks { - if in == nil { - return nil - } - out := new(TektonTasks) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateValidator) DeepCopyInto(out *TemplateValidator) { - *out = *in - if in.Replicas != nil { - in, out := &in.Replicas, &out.Replicas - *out = new(int32) - **out = **in - } - if in.Placement != nil { - in, out := &in.Placement, &out.Placement - *out = (*in).DeepCopy() - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateValidator. -func (in *TemplateValidator) DeepCopy() *TemplateValidator { - if in == nil { - return nil - } - out := new(TemplateValidator) - in.DeepCopyInto(out) - return out -} diff --git a/config/crd/bases/ssp.kubevirt.io_ssps.yaml b/config/crd/bases/ssp.kubevirt.io_ssps.yaml index 11447e337..f4cfe1d83 100644 --- a/config/crd/bases/ssp.kubevirt.io_ssps.yaml +++ b/config/crd/bases/ssp.kubevirt.io_ssps.yaml @@ -14,3261 +14,6 @@ spec: singular: ssp scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.phase - name: Phase - type: string - deprecated: true - deprecationWarning: ssp.kubevirt.io/v1beta1 ssp is deprecated - name: v1beta1 - schema: - openAPIV3Schema: - description: SSP is the Schema for the ssps API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: SSPSpec defines the desired state of SSP - properties: - commonInstancetypes: - description: CommonInstancetypes is the configuration of the common-instancetypes - operand - properties: - url: - description: |- - URL of a remote Kustomize target from which to generate and deploy resources. - - - The following caveats apply to the provided URL: - - - * Only 'https://' and 'git://' URLs are supported. - - - * The URL must include '?ref=$ref' or '?version=$ref' pinning it to a specific - reference. It is recommended that the reference be a specific commit or tag - to ensure the generated contents does not change over time. As such it is - recommended not to use branches as the ref for the time being. - - - * Only VirtualMachineClusterPreference and VirtualMachineClusterInstancetype - resources generated from the URL are deployed by the operand. - - - See the following Kustomize documentation for more details: - - - remote targets - https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md - type: string - type: object - commonTemplates: - description: CommonTemplates is the configuration of the common templates - operand - properties: - dataImportCronTemplates: - description: |- - DataImportCronTemplates defines a list of DataImportCrons managed by the SSP - Operator. This is intended for images used by CommonTemplates. - items: - description: |- - DataImportCronTemplate defines the template type for DataImportCrons. - It requires metadata.name to be specified while leaving namespace as optional. - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: DataImportCronSpec defines specification for - DataImportCron - properties: - garbageCollect: - description: |- - GarbageCollect specifies whether old PVCs should be cleaned up after a new PVC is imported. - Options are currently "Outdated" and "Never", defaults to "Outdated". - type: string - importsToKeep: - description: Number of import PVCs to keep when garbage - collecting. Default is 3. - format: int32 - type: integer - managedDataSource: - description: |- - ManagedDataSource specifies the name of the corresponding DataSource this cron will manage. - DataSource has to be in the same namespace. - type: string - retentionPolicy: - description: RetentionPolicy specifies whether the created - DataVolumes and DataSources are retained when their - DataImportCron is deleted. Default is RatainAll. - type: string - schedule: - description: Schedule specifies in cron format when - and how often to look for new imports - type: string - template: - description: Template specifies template for the DVs - to be created - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: DataVolumeSpec defines the DataVolume - type specification - properties: - checkpoints: - description: Checkpoints is a list of DataVolumeCheckpoints, - representing stages in a multistage import. - items: - description: DataVolumeCheckpoint defines - a stage in a warm migration. - properties: - current: - description: Current is the identifier - of the snapshot created for this checkpoint. - type: string - previous: - description: Previous is the identifier - of the snapshot from the previous checkpoint. - type: string - required: - - current - - previous - type: object - type: array - contentType: - description: 'DataVolumeContentType options: - "kubevirt", "archive"' - enum: - - kubevirt - - archive - type: string - finalCheckpoint: - description: FinalCheckpoint indicates whether - the current DataVolumeCheckpoint is the final - checkpoint. - type: boolean - preallocation: - description: Preallocation controls whether - storage for DataVolumes should be allocated - in advance. - type: boolean - priorityClassName: - description: PriorityClassName for Importer, - Cloner and Uploader pod - type: string - pvc: - description: PVC is the PVC specification - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over - volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass - will be applied to the claim but it's not allowed to reset this field to empty string once it is set. - If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller if it exists. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - source: - description: Source is the src of the data for - the requested DataVolume - properties: - blank: - description: DataVolumeBlankImage provides - the parameters to create a new raw blank - image for the PVC - type: object - gcs: - description: DataVolumeSourceGCS provides - the parameters to create a Data Volume - from an GCS source - properties: - secretRef: - description: SecretRef provides the - secret reference needed to access - the GCS source - type: string - url: - description: URL is the url of the GCS - source - type: string - required: - - url - type: object - http: - description: DataVolumeSourceHTTP can be - either an http or https endpoint, with - an optional basic auth user name and password, - and an optional configmap containing additional - CAs - properties: - certConfigMap: - description: CertConfigMap is a configmap - reference, containing a Certificate - Authority(CA) public key, and a base64 - encoded pem certificate - type: string - extraHeaders: - description: ExtraHeaders is a list - of strings containing extra headers - to include with HTTP transfer requests - items: - type: string - type: array - secretExtraHeaders: - description: SecretExtraHeaders is a - list of Secret references, each containing - an extra HTTP header that may include - sensitive information - items: - type: string - type: array - secretRef: - description: SecretRef A Secret reference, - the secret should contain accessKeyId - (user name) base64 encoded, and secretKey - (password) also base64 encoded - type: string - url: - description: URL is the URL of the http(s) - endpoint - type: string - required: - - url - type: object - imageio: - description: DataVolumeSourceImageIO provides - the parameters to create a Data Volume - from an imageio source - properties: - certConfigMap: - description: CertConfigMap provides - a reference to the CA cert - type: string - diskId: - description: DiskID provides id of a - disk to be imported - type: string - secretRef: - description: SecretRef provides the - secret reference needed to access - the ovirt-engine - type: string - url: - description: URL is the URL of the ovirt-engine - type: string - required: - - diskId - - url - type: object - pvc: - description: DataVolumeSourcePVC provides - the parameters to create a Data Volume - from an existing PVC - properties: - name: - description: The name of the source - PVC - type: string - namespace: - description: The namespace of the source - PVC - type: string - required: - - name - - namespace - type: object - registry: - description: DataVolumeSourceRegistry provides - the parameters to create a Data Volume - from an registry source - properties: - certConfigMap: - description: CertConfigMap provides - a reference to the Registry certs - type: string - imageStream: - description: ImageStream is the name - of image stream for import - type: string - pullMethod: - description: PullMethod can be either - "pod" (default import), or "node" - (node docker cache based import) - type: string - secretRef: - description: SecretRef provides the - secret reference needed to access - the Registry source - type: string - url: - description: 'URL is the url of the - registry source (starting with the - scheme: docker, oci-archive)' - type: string - type: object - s3: - description: DataVolumeSourceS3 provides - the parameters to create a Data Volume - from an S3 source - properties: - certConfigMap: - description: CertConfigMap is a configmap - reference, containing a Certificate - Authority(CA) public key, and a base64 - encoded pem certificate - type: string - secretRef: - description: SecretRef provides the - secret reference needed to access - the S3 source - type: string - url: - description: URL is the url of the S3 - source - type: string - required: - - url - type: object - snapshot: - description: DataVolumeSourceSnapshot provides - the parameters to create a Data Volume - from an existing VolumeSnapshot - properties: - name: - description: The name of the source - VolumeSnapshot - type: string - namespace: - description: The namespace of the source - VolumeSnapshot - type: string - required: - - name - - namespace - type: object - upload: - description: DataVolumeSourceUpload provides - the parameters to create a Data Volume - by uploading the source - type: object - vddk: - description: DataVolumeSourceVDDK provides - the parameters to create a Data Volume - from a Vmware source - properties: - backingFile: - description: BackingFile is the path - to the virtual hard disk to migrate - from vCenter/ESXi - type: string - initImageURL: - description: InitImageURL is an optional - URL to an image containing an extracted - VDDK library, overrides v2v-vmware - config map - type: string - secretRef: - description: SecretRef provides a reference - to a secret containing the username - and password needed to access the - vCenter or ESXi host - type: string - thumbprint: - description: Thumbprint is the certificate - thumbprint of the vCenter or ESXi - host - type: string - url: - description: URL is the URL of the vCenter - or ESXi host with the VM to migrate - type: string - uuid: - description: UUID is the UUID of the - virtual machine that the backing file - is attached to in vCenter/ESXi - type: string - type: object - type: object - sourceRef: - description: SourceRef is an indirect reference - to the source of data for the requested DataVolume - properties: - kind: - description: The kind of the source reference, - currently only "DataSource" is supported - type: string - name: - description: The name of the source reference - type: string - namespace: - description: The namespace of the source - reference, defaults to the DataVolume - namespace - type: string - required: - - kind - - name - type: object - storage: - description: Storage is the requested storage - specification - properties: - accessModes: - description: |- - AccessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - dataSource: - description: |- - This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. - This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. - There are two important differences between DataSource and DataSourceRef: - * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. - * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - Resources represents the minimum resources the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: A label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: VolumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - type: object - status: - description: DataVolumeStatus contains the current - status of the DataVolume - properties: - claimName: - description: ClaimName is the name of the underlying - PVC used by the DataVolume. - type: string - conditions: - items: - description: DataVolumeCondition represents - the state of a data volume condition. - properties: - lastHeartbeatTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - description: DataVolumeConditionType is - the string representation of known condition - types - type: string - required: - - status - - type - type: object - type: array - phase: - description: Phase is the current phase of the - data volume - type: string - progress: - description: DataVolumeProgress is the current - progress of the DataVolume transfer operation. - Value between 0 and 100 inclusive, N/A if - not available - type: string - restartCount: - description: RestartCount is the number of times - the pod populating the DataVolume has restarted - format: int32 - type: integer - type: object - required: - - spec - type: object - required: - - managedDataSource - - schedule - - template - type: object - required: - - spec - type: object - type: array - namespace: - description: Namespace is the k8s namespace where CommonTemplates - should be installed - maxLength: 63 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - namespace - type: object - featureGates: - description: FeatureGates is the configuration of the tekton operands - properties: - deployTektonTaskResources: - type: boolean - type: object - nodeLabeller: - description: NodeLabeller is configuration of the node-labeller operand - properties: - placement: - description: Placement describes the node scheduling configuration - properties: - affinity: - description: |- - affinity enables pod affinity/anti-affinity placement expanding the types of constraints - that can be expressed with nodeSelector. - affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector - See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, - etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - nodeSelector: - additionalProperties: - type: string - description: |- - nodeSelector is the node selector applied to the relevant kind of pods - It specifies a map of key-value pairs: for the pod to be eligible to run on a node, - the node must have each of the indicated key-value pairs as labels - (it can have additional labels as well). - See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - type: object - tolerations: - description: |- - tolerations is a list of tolerations applied to the relevant kind of pods - See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. - These are additional tolerations other than default ones. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - tektonPipelines: - description: TektonPipelines is the configuration of the tekton-pipelines - operand - properties: - namespace: - type: string - type: object - tektonTasks: - description: TektonTasks is the configuration of the tekton-tasks - operand - properties: - namespace: - type: string - type: object - templateValidator: - description: TemplateValidator is configuration of the template validator - operand - properties: - placement: - description: Placement describes the node scheduling configuration - properties: - affinity: - description: |- - affinity enables pod affinity/anti-affinity placement expanding the types of constraints - that can be expressed with nodeSelector. - affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector - See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, - etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - nodeSelector: - additionalProperties: - type: string - description: |- - nodeSelector is the node selector applied to the relevant kind of pods - It specifies a map of key-value pairs: for the pod to be eligible to run on a node, - the node must have each of the indicated key-value pairs as labels - (it can have additional labels as well). - See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - type: object - tolerations: - description: |- - tolerations is a list of tolerations applied to the relevant kind of pods - See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. - These are additional tolerations other than default ones. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - default: 2 - description: Replicas is the number of replicas of the template - validator pod - format: int32 - minimum: 0 - type: integer - type: object - tlsSecurityProfile: - description: TLSSecurityProfile is a configuration for the TLS. - properties: - custom: - description: |- - custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: - - - ciphers: - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - minTLSVersion: VersionTLS11 - nullable: true - properties: - ciphers: - description: |- - ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): - - - ciphers: - - DES-CBC3-SHA - items: - type: string - type: array - minTLSVersion: - description: |- - minTLSVersion is used to specify the minimal version of the TLS protocol - that is negotiated during the TLS handshake. For example, to use TLS - versions 1.1, 1.2 and 1.3 (yaml): - - - minTLSVersion: VersionTLS11 - - - NOTE: currently the highest minTLSVersion allowed is VersionTLS12 - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - intermediate: - description: |- - intermediate is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES256-GCM-SHA384 - - - - ECDHE-RSA-AES256-GCM-SHA384 - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - DHE-RSA-AES128-GCM-SHA256 - - - - DHE-RSA-AES256-GCM-SHA384 - - - minTLSVersion: VersionTLS12 - nullable: true - type: object - modern: - description: |- - modern is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - minTLSVersion: VersionTLS13 - nullable: true - type: object - old: - description: |- - old is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES256-GCM-SHA384 - - - - ECDHE-RSA-AES256-GCM-SHA384 - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - DHE-RSA-AES128-GCM-SHA256 - - - - DHE-RSA-AES256-GCM-SHA384 - - - - DHE-RSA-CHACHA20-POLY1305 - - - - ECDHE-ECDSA-AES128-SHA256 - - - - ECDHE-RSA-AES128-SHA256 - - - - ECDHE-ECDSA-AES128-SHA - - - - ECDHE-RSA-AES128-SHA - - - - ECDHE-ECDSA-AES256-SHA384 - - - - ECDHE-RSA-AES256-SHA384 - - - - ECDHE-ECDSA-AES256-SHA - - - - ECDHE-RSA-AES256-SHA - - - - DHE-RSA-AES128-SHA256 - - - - DHE-RSA-AES256-SHA256 - - - - AES128-GCM-SHA256 - - - - AES256-GCM-SHA384 - - - - AES128-SHA256 - - - - AES256-SHA256 - - - - AES128-SHA - - - - AES256-SHA - - - - DES-CBC3-SHA - - - minTLSVersion: VersionTLS10 - nullable: true - type: object - type: - description: |- - type is one of Old, Intermediate, Modern or Custom. Custom provides - the ability to specify individual TLS security profile parameters. - Old, Intermediate and Modern are TLS security profiles based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - - - The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers - are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be - reduced. - - - Note that the Modern profile is currently not supported because it is not - yet well adopted by common software libraries. - enum: - - Old - - Intermediate - - Modern - - Custom - type: string - type: object - required: - - commonTemplates - type: object - status: - description: SSPStatus defines the observed state of SSP - properties: - conditions: - description: A list of current conditions of the resource - items: - description: |- - Condition represents the state of the operator's - reconciliation functionality. - properties: - lastHeartbeatTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - description: ConditionType is the state of the operator's reconciliation - functionality. - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the operator. - format: int64 - type: integer - observedVersion: - description: The observed version of the resource - type: string - operatorVersion: - description: The version of the resource as defined by the operator - type: string - paused: - description: Paused is true when the operator notices paused annotation. - type: boolean - phase: - description: Phase is the current phase of the deployment - type: string - targetVersion: - description: The desired version of the resource - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - jsonPath: .status.phase name: Phase diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 58a25566b..534888a58 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -17,7 +17,6 @@ webhooks: - apiGroups: - ssp.kubevirt.io apiVersions: - - v1beta1 - v1beta2 operations: - CREATE diff --git a/data/crd/ssp.kubevirt.io_ssps.yaml b/data/crd/ssp.kubevirt.io_ssps.yaml index ab935b711..8e7abcabd 100644 --- a/data/crd/ssp.kubevirt.io_ssps.yaml +++ b/data/crd/ssp.kubevirt.io_ssps.yaml @@ -16,3261 +16,6 @@ spec: singular: ssp scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.phase - name: Phase - type: string - deprecated: true - deprecationWarning: ssp.kubevirt.io/v1beta1 ssp is deprecated - name: v1beta1 - schema: - openAPIV3Schema: - description: SSP is the Schema for the ssps API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: SSPSpec defines the desired state of SSP - properties: - commonInstancetypes: - description: CommonInstancetypes is the configuration of the common-instancetypes - operand - properties: - url: - description: |- - URL of a remote Kustomize target from which to generate and deploy resources. - - - The following caveats apply to the provided URL: - - - * Only 'https://' and 'git://' URLs are supported. - - - * The URL must include '?ref=$ref' or '?version=$ref' pinning it to a specific - reference. It is recommended that the reference be a specific commit or tag - to ensure the generated contents does not change over time. As such it is - recommended not to use branches as the ref for the time being. - - - * Only VirtualMachineClusterPreference and VirtualMachineClusterInstancetype - resources generated from the URL are deployed by the operand. - - - See the following Kustomize documentation for more details: - - - remote targets - https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md - type: string - type: object - commonTemplates: - description: CommonTemplates is the configuration of the common templates - operand - properties: - dataImportCronTemplates: - description: |- - DataImportCronTemplates defines a list of DataImportCrons managed by the SSP - Operator. This is intended for images used by CommonTemplates. - items: - description: |- - DataImportCronTemplate defines the template type for DataImportCrons. - It requires metadata.name to be specified while leaving namespace as optional. - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: DataImportCronSpec defines specification for - DataImportCron - properties: - garbageCollect: - description: |- - GarbageCollect specifies whether old PVCs should be cleaned up after a new PVC is imported. - Options are currently "Outdated" and "Never", defaults to "Outdated". - type: string - importsToKeep: - description: Number of import PVCs to keep when garbage - collecting. Default is 3. - format: int32 - type: integer - managedDataSource: - description: |- - ManagedDataSource specifies the name of the corresponding DataSource this cron will manage. - DataSource has to be in the same namespace. - type: string - retentionPolicy: - description: RetentionPolicy specifies whether the created - DataVolumes and DataSources are retained when their - DataImportCron is deleted. Default is RatainAll. - type: string - schedule: - description: Schedule specifies in cron format when - and how often to look for new imports - type: string - template: - description: Template specifies template for the DVs - to be created - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: DataVolumeSpec defines the DataVolume - type specification - properties: - checkpoints: - description: Checkpoints is a list of DataVolumeCheckpoints, - representing stages in a multistage import. - items: - description: DataVolumeCheckpoint defines - a stage in a warm migration. - properties: - current: - description: Current is the identifier - of the snapshot created for this checkpoint. - type: string - previous: - description: Previous is the identifier - of the snapshot from the previous checkpoint. - type: string - required: - - current - - previous - type: object - type: array - contentType: - description: 'DataVolumeContentType options: - "kubevirt", "archive"' - enum: - - kubevirt - - archive - type: string - finalCheckpoint: - description: FinalCheckpoint indicates whether - the current DataVolumeCheckpoint is the final - checkpoint. - type: boolean - preallocation: - description: Preallocation controls whether - storage for DataVolumes should be allocated - in advance. - type: boolean - priorityClassName: - description: PriorityClassName for Importer, - Cloner and Uploader pod - type: string - pvc: - description: PVC is the PVC specification - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over - volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass - will be applied to the claim but it's not allowed to reset this field to empty string once it is set. - If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller if it exists. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - source: - description: Source is the src of the data for - the requested DataVolume - properties: - blank: - description: DataVolumeBlankImage provides - the parameters to create a new raw blank - image for the PVC - type: object - gcs: - description: DataVolumeSourceGCS provides - the parameters to create a Data Volume - from an GCS source - properties: - secretRef: - description: SecretRef provides the - secret reference needed to access - the GCS source - type: string - url: - description: URL is the url of the GCS - source - type: string - required: - - url - type: object - http: - description: DataVolumeSourceHTTP can be - either an http or https endpoint, with - an optional basic auth user name and password, - and an optional configmap containing additional - CAs - properties: - certConfigMap: - description: CertConfigMap is a configmap - reference, containing a Certificate - Authority(CA) public key, and a base64 - encoded pem certificate - type: string - extraHeaders: - description: ExtraHeaders is a list - of strings containing extra headers - to include with HTTP transfer requests - items: - type: string - type: array - secretExtraHeaders: - description: SecretExtraHeaders is a - list of Secret references, each containing - an extra HTTP header that may include - sensitive information - items: - type: string - type: array - secretRef: - description: SecretRef A Secret reference, - the secret should contain accessKeyId - (user name) base64 encoded, and secretKey - (password) also base64 encoded - type: string - url: - description: URL is the URL of the http(s) - endpoint - type: string - required: - - url - type: object - imageio: - description: DataVolumeSourceImageIO provides - the parameters to create a Data Volume - from an imageio source - properties: - certConfigMap: - description: CertConfigMap provides - a reference to the CA cert - type: string - diskId: - description: DiskID provides id of a - disk to be imported - type: string - secretRef: - description: SecretRef provides the - secret reference needed to access - the ovirt-engine - type: string - url: - description: URL is the URL of the ovirt-engine - type: string - required: - - diskId - - url - type: object - pvc: - description: DataVolumeSourcePVC provides - the parameters to create a Data Volume - from an existing PVC - properties: - name: - description: The name of the source - PVC - type: string - namespace: - description: The namespace of the source - PVC - type: string - required: - - name - - namespace - type: object - registry: - description: DataVolumeSourceRegistry provides - the parameters to create a Data Volume - from an registry source - properties: - certConfigMap: - description: CertConfigMap provides - a reference to the Registry certs - type: string - imageStream: - description: ImageStream is the name - of image stream for import - type: string - pullMethod: - description: PullMethod can be either - "pod" (default import), or "node" - (node docker cache based import) - type: string - secretRef: - description: SecretRef provides the - secret reference needed to access - the Registry source - type: string - url: - description: 'URL is the url of the - registry source (starting with the - scheme: docker, oci-archive)' - type: string - type: object - s3: - description: DataVolumeSourceS3 provides - the parameters to create a Data Volume - from an S3 source - properties: - certConfigMap: - description: CertConfigMap is a configmap - reference, containing a Certificate - Authority(CA) public key, and a base64 - encoded pem certificate - type: string - secretRef: - description: SecretRef provides the - secret reference needed to access - the S3 source - type: string - url: - description: URL is the url of the S3 - source - type: string - required: - - url - type: object - snapshot: - description: DataVolumeSourceSnapshot provides - the parameters to create a Data Volume - from an existing VolumeSnapshot - properties: - name: - description: The name of the source - VolumeSnapshot - type: string - namespace: - description: The namespace of the source - VolumeSnapshot - type: string - required: - - name - - namespace - type: object - upload: - description: DataVolumeSourceUpload provides - the parameters to create a Data Volume - by uploading the source - type: object - vddk: - description: DataVolumeSourceVDDK provides - the parameters to create a Data Volume - from a Vmware source - properties: - backingFile: - description: BackingFile is the path - to the virtual hard disk to migrate - from vCenter/ESXi - type: string - initImageURL: - description: InitImageURL is an optional - URL to an image containing an extracted - VDDK library, overrides v2v-vmware - config map - type: string - secretRef: - description: SecretRef provides a reference - to a secret containing the username - and password needed to access the - vCenter or ESXi host - type: string - thumbprint: - description: Thumbprint is the certificate - thumbprint of the vCenter or ESXi - host - type: string - url: - description: URL is the URL of the vCenter - or ESXi host with the VM to migrate - type: string - uuid: - description: UUID is the UUID of the - virtual machine that the backing file - is attached to in vCenter/ESXi - type: string - type: object - type: object - sourceRef: - description: SourceRef is an indirect reference - to the source of data for the requested DataVolume - properties: - kind: - description: The kind of the source reference, - currently only "DataSource" is supported - type: string - name: - description: The name of the source reference - type: string - namespace: - description: The namespace of the source - reference, defaults to the DataVolume - namespace - type: string - required: - - kind - - name - type: object - storage: - description: Storage is the requested storage - specification - properties: - accessModes: - description: |- - AccessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - dataSource: - description: |- - This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. - This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. - There are two important differences between DataSource and DataSourceRef: - * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. - * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - Resources represents the minimum resources the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: A label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: VolumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - type: object - status: - description: DataVolumeStatus contains the current - status of the DataVolume - properties: - claimName: - description: ClaimName is the name of the underlying - PVC used by the DataVolume. - type: string - conditions: - items: - description: DataVolumeCondition represents - the state of a data volume condition. - properties: - lastHeartbeatTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - description: DataVolumeConditionType is - the string representation of known condition - types - type: string - required: - - status - - type - type: object - type: array - phase: - description: Phase is the current phase of the - data volume - type: string - progress: - description: DataVolumeProgress is the current - progress of the DataVolume transfer operation. - Value between 0 and 100 inclusive, N/A if - not available - type: string - restartCount: - description: RestartCount is the number of times - the pod populating the DataVolume has restarted - format: int32 - type: integer - type: object - required: - - spec - type: object - required: - - managedDataSource - - schedule - - template - type: object - required: - - spec - type: object - type: array - namespace: - description: Namespace is the k8s namespace where CommonTemplates - should be installed - maxLength: 63 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - namespace - type: object - featureGates: - description: FeatureGates is the configuration of the tekton operands - properties: - deployTektonTaskResources: - type: boolean - type: object - nodeLabeller: - description: NodeLabeller is configuration of the node-labeller operand - properties: - placement: - description: Placement describes the node scheduling configuration - properties: - affinity: - description: |- - affinity enables pod affinity/anti-affinity placement expanding the types of constraints - that can be expressed with nodeSelector. - affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector - See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, - etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - nodeSelector: - additionalProperties: - type: string - description: |- - nodeSelector is the node selector applied to the relevant kind of pods - It specifies a map of key-value pairs: for the pod to be eligible to run on a node, - the node must have each of the indicated key-value pairs as labels - (it can have additional labels as well). - See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - type: object - tolerations: - description: |- - tolerations is a list of tolerations applied to the relevant kind of pods - See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. - These are additional tolerations other than default ones. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - tektonPipelines: - description: TektonPipelines is the configuration of the tekton-pipelines - operand - properties: - namespace: - type: string - type: object - tektonTasks: - description: TektonTasks is the configuration of the tekton-tasks - operand - properties: - namespace: - type: string - type: object - templateValidator: - description: TemplateValidator is configuration of the template validator - operand - properties: - placement: - description: Placement describes the node scheduling configuration - properties: - affinity: - description: |- - affinity enables pod affinity/anti-affinity placement expanding the types of constraints - that can be expressed with nodeSelector. - affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector - See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, - etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - nodeSelector: - additionalProperties: - type: string - description: |- - nodeSelector is the node selector applied to the relevant kind of pods - It specifies a map of key-value pairs: for the pod to be eligible to run on a node, - the node must have each of the indicated key-value pairs as labels - (it can have additional labels as well). - See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - type: object - tolerations: - description: |- - tolerations is a list of tolerations applied to the relevant kind of pods - See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. - These are additional tolerations other than default ones. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - default: 2 - description: Replicas is the number of replicas of the template - validator pod - format: int32 - minimum: 0 - type: integer - type: object - tlsSecurityProfile: - description: TLSSecurityProfile is a configuration for the TLS. - properties: - custom: - description: |- - custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: - - - ciphers: - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - minTLSVersion: VersionTLS11 - nullable: true - properties: - ciphers: - description: |- - ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): - - - ciphers: - - DES-CBC3-SHA - items: - type: string - type: array - minTLSVersion: - description: |- - minTLSVersion is used to specify the minimal version of the TLS protocol - that is negotiated during the TLS handshake. For example, to use TLS - versions 1.1, 1.2 and 1.3 (yaml): - - - minTLSVersion: VersionTLS11 - - - NOTE: currently the highest minTLSVersion allowed is VersionTLS12 - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - intermediate: - description: |- - intermediate is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES256-GCM-SHA384 - - - - ECDHE-RSA-AES256-GCM-SHA384 - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - DHE-RSA-AES128-GCM-SHA256 - - - - DHE-RSA-AES256-GCM-SHA384 - - - minTLSVersion: VersionTLS12 - nullable: true - type: object - modern: - description: |- - modern is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - minTLSVersion: VersionTLS13 - nullable: true - type: object - old: - description: |- - old is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES256-GCM-SHA384 - - - - ECDHE-RSA-AES256-GCM-SHA384 - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - DHE-RSA-AES128-GCM-SHA256 - - - - DHE-RSA-AES256-GCM-SHA384 - - - - DHE-RSA-CHACHA20-POLY1305 - - - - ECDHE-ECDSA-AES128-SHA256 - - - - ECDHE-RSA-AES128-SHA256 - - - - ECDHE-ECDSA-AES128-SHA - - - - ECDHE-RSA-AES128-SHA - - - - ECDHE-ECDSA-AES256-SHA384 - - - - ECDHE-RSA-AES256-SHA384 - - - - ECDHE-ECDSA-AES256-SHA - - - - ECDHE-RSA-AES256-SHA - - - - DHE-RSA-AES128-SHA256 - - - - DHE-RSA-AES256-SHA256 - - - - AES128-GCM-SHA256 - - - - AES256-GCM-SHA384 - - - - AES128-SHA256 - - - - AES256-SHA256 - - - - AES128-SHA - - - - AES256-SHA - - - - DES-CBC3-SHA - - - minTLSVersion: VersionTLS10 - nullable: true - type: object - type: - description: |- - type is one of Old, Intermediate, Modern or Custom. Custom provides - the ability to specify individual TLS security profile parameters. - Old, Intermediate and Modern are TLS security profiles based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - - - The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers - are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be - reduced. - - - Note that the Modern profile is currently not supported because it is not - yet well adopted by common software libraries. - enum: - - Old - - Intermediate - - Modern - - Custom - type: string - type: object - required: - - commonTemplates - type: object - status: - description: SSPStatus defines the observed state of SSP - properties: - conditions: - description: A list of current conditions of the resource - items: - description: |- - Condition represents the state of the operator's - reconciliation functionality. - properties: - lastHeartbeatTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - description: ConditionType is the state of the operator's reconciliation - functionality. - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the operator. - format: int64 - type: integer - observedVersion: - description: The observed version of the resource - type: string - operatorVersion: - description: The version of the resource as defined by the operator - type: string - paused: - description: Paused is true when the operator notices paused annotation. - type: boolean - phase: - description: Phase is the current phase of the deployment - type: string - targetVersion: - description: The desired version of the resource - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - jsonPath: .status.phase name: Phase diff --git a/data/olm-catalog/ssp-operator.clusterserviceversion.yaml b/data/olm-catalog/ssp-operator.clusterserviceversion.yaml index ce008a8fc..00cb3305d 100644 --- a/data/olm-catalog/ssp-operator.clusterserviceversion.yaml +++ b/data/olm-catalog/ssp-operator.clusterserviceversion.yaml @@ -39,9 +39,6 @@ spec: enabled: false customresourcedefinitions: owned: - - kind: SSP - name: ssps.ssp.kubevirt.io - version: v1beta1 - description: SSP is the Schema for the ssps API displayName: SSP kind: SSP diff --git a/docs/configuration.md b/docs/configuration.md index cdd88570f..b6e6a35f7 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -37,7 +37,7 @@ spec: This annotation will pause operator reconciliation. ``` -apiVersion: ssp.kubevirt.io/v1beta1 +apiVersion: ssp.kubevirt.io/v1beta2 kind: SSP metadata: annotations: @@ -56,7 +56,7 @@ the operator will still cleanup all the dependent resources. A set of common templates to create KubeVirt Virtual Machines (VMs). ``` -apiVersion: ssp.kubevirt.io/v1beta1 +apiVersion: ssp.kubevirt.io/v1beta2 kind: SSP metadata: name: ssp-sample @@ -71,7 +71,7 @@ spec: Template Validator is designed to inspect virtual machines (VMs) and detect any violations of the rules defined in VM's annotations. ``` -apiVersion: ssp.kubevirt.io/v1beta1 +apiVersion: ssp.kubevirt.io/v1beta2 kind: SSP metadata: name: ssp-sample diff --git a/internal/common/scheme.go b/internal/common/scheme.go index 2472681dc..dd1fdac76 100644 --- a/internal/common/scheme.go +++ b/internal/common/scheme.go @@ -12,7 +12,6 @@ import ( kubevirtv1 "kubevirt.io/api/core/v1" instancetypev1alpha2 "kubevirt.io/api/instancetype/v1alpha2" instancetypev1beta1 "kubevirt.io/api/instancetype/v1beta1" - sspv1beta1 "kubevirt.io/ssp-operator/api/v1beta1" sspv1beta2 "kubevirt.io/ssp-operator/api/v1beta2" ) @@ -25,7 +24,6 @@ func init() { utilruntime.Must(clientgoscheme.AddToScheme(Scheme)) utilruntime.Must(extv1.AddToScheme(Scheme)) utilruntime.Must(internalmeta.AddToScheme(Scheme)) - utilruntime.Must(sspv1beta1.AddToScheme(Scheme)) utilruntime.Must(sspv1beta2.AddToScheme(Scheme)) utilruntime.Must(osconfv1.Install(Scheme)) utilruntime.Must(instancetypev1alpha2.AddToScheme(Scheme)) diff --git a/tests/tests_suite_test.go b/tests/tests_suite_test.go index 4fa830a38..d528f9b0a 100644 --- a/tests/tests_suite_test.go +++ b/tests/tests_suite_test.go @@ -41,7 +41,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client/apiutil" "sigs.k8s.io/controller-runtime/pkg/client/config" - sspv1beta1 "kubevirt.io/ssp-operator/api/v1beta1" sspv1beta2 "kubevirt.io/ssp-operator/api/v1beta2" "kubevirt.io/ssp-operator/internal/common" "kubevirt.io/ssp-operator/tests/env" @@ -420,7 +419,6 @@ func expectSuccessOrNotFound(err error) { } func setupApiClient() { - Expect(sspv1beta1.AddToScheme(testScheme)).ToNot(HaveOccurred()) Expect(sspv1beta2.AddToScheme(testScheme)).ToNot(HaveOccurred()) Expect(promv1.AddToScheme(testScheme)).ToNot(HaveOccurred()) Expect(templatev1.Install(testScheme)).ToNot(HaveOccurred()) diff --git a/tests/webhook_test.go b/tests/webhook_test.go index be7fd7b74..e160e29a8 100644 --- a/tests/webhook_test.go +++ b/tests/webhook_test.go @@ -10,7 +10,6 @@ import ( "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - sspv1beta1 "kubevirt.io/ssp-operator/api/v1beta1" "sigs.k8s.io/controller-runtime/pkg/client" "kubevirt.io/controller-lifecycle-operator-sdk/api" @@ -141,22 +140,6 @@ var _ = Describe("Validation webhook", func() { err := apiClient.Create(ctx, newSsp, client.DryRunAll) Expect(err).To(MatchError(ContainSubstring("missing name in DataImportCronTemplate"))) }) - - It("[test_id:TODO] should accept v1beta1 SSP object", func() { - ssp := &sspv1beta1.SSP{ - ObjectMeta: metav1.ObjectMeta{ - Name: newSsp.GetName(), - Namespace: newSsp.GetNamespace(), - }, - Spec: sspv1beta1.SSPSpec{ - CommonTemplates: sspv1beta1.CommonTemplates{ - Namespace: newSsp.Spec.CommonTemplates.Namespace, - }, - }, - } - - Expect(apiClient.Create(ctx, ssp, client.DryRunAll)).To(Succeed()) - }) }) }) diff --git a/vendor/kubevirt.io/ssp-operator/api/v1beta1/groupversion_info.go b/vendor/kubevirt.io/ssp-operator/api/v1beta1/groupversion_info.go deleted file mode 100644 index 6a35a63df..000000000 --- a/vendor/kubevirt.io/ssp-operator/api/v1beta1/groupversion_info.go +++ /dev/null @@ -1,36 +0,0 @@ -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package v1beta1 contains API Schema definitions for the ssp v1beta1 API group -// +kubebuilder:object:generate=true -// +groupName=ssp.kubevirt.io -package v1beta1 - -import ( - "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" -) - -var ( - // GroupVersion is group version used to register these objects - GroupVersion = schema.GroupVersion{Group: "ssp.kubevirt.io", Version: "v1beta1"} - - // SchemeBuilder is used to add go types to the GroupVersionKind scheme - SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} - - // AddToScheme adds the types in this group-version to the given scheme. - AddToScheme = SchemeBuilder.AddToScheme -) diff --git a/vendor/kubevirt.io/ssp-operator/api/v1beta1/ssp_types.go b/vendor/kubevirt.io/ssp-operator/api/v1beta1/ssp_types.go deleted file mode 100644 index 1f962e17d..000000000 --- a/vendor/kubevirt.io/ssp-operator/api/v1beta1/ssp_types.go +++ /dev/null @@ -1,171 +0,0 @@ -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - ocpv1 "github.com/openshift/api/config/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - cdiv1beta1 "kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1" - lifecycleapi "kubevirt.io/controller-lifecycle-operator-sdk/api" -) - -const ( - OperatorPausedAnnotation = "kubevirt.io/operator.paused" -) - -type TemplateValidator struct { - // Replicas is the number of replicas of the template validator pod - //+kubebuilder:validation:Minimum=0 - //+kubebuilder:default=2 - Replicas *int32 `json:"replicas,omitempty"` - - // Placement describes the node scheduling configuration - Placement *lifecycleapi.NodePlacement `json:"placement,omitempty"` -} - -type CommonTemplates struct { - // Namespace is the k8s namespace where CommonTemplates should be installed - //+kubebuilder:validation:MaxLength=63 - //+kubebuilder:validation:Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - Namespace string `json:"namespace"` - - // DataImportCronTemplates defines a list of DataImportCrons managed by the SSP - // Operator. This is intended for images used by CommonTemplates. - DataImportCronTemplates []DataImportCronTemplate `json:"dataImportCronTemplates,omitempty"` -} - -type NodeLabeller struct { - // Placement describes the node scheduling configuration - Placement *lifecycleapi.NodePlacement `json:"placement,omitempty"` -} - -type CommonInstancetypes struct { - // URL of a remote Kustomize target from which to generate and deploy resources. - // - // The following caveats apply to the provided URL: - // - // * Only 'https://' and 'git://' URLs are supported. - // - // * The URL must include '?ref=$ref' or '?version=$ref' pinning it to a specific - // reference. It is recommended that the reference be a specific commit or tag - // to ensure the generated contents does not change over time. As such it is - // recommended not to use branches as the ref for the time being. - // - // * Only VirtualMachineClusterPreference and VirtualMachineClusterInstancetype - // resources generated from the URL are deployed by the operand. - // - // See the following Kustomize documentation for more details: - // - // remote targets - // https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md - URL *string `json:"url,omitempty"` -} - -// SSPSpec defines the desired state of SSP -type SSPSpec struct { - // TemplateValidator is configuration of the template validator operand - TemplateValidator *TemplateValidator `json:"templateValidator,omitempty"` - - // CommonTemplates is the configuration of the common templates operand - CommonTemplates CommonTemplates `json:"commonTemplates"` - - // NodeLabeller is configuration of the node-labeller operand - NodeLabeller *NodeLabeller `json:"nodeLabeller,omitempty"` - - // TLSSecurityProfile is a configuration for the TLS. - TLSSecurityProfile *ocpv1.TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` - - // CommonInstancetypes is the configuration of the common-instancetypes operand - CommonInstancetypes *CommonInstancetypes `json:"commonInstancetypes,omitempty"` - - // TektonPipelines is the configuration of the tekton-pipelines operand - TektonPipelines *TektonPipelines `json:"tektonPipelines,omitempty"` - - // TektonTasks is the configuration of the tekton-tasks operand - TektonTasks *TektonTasks `json:"tektonTasks,omitempty"` - - // FeatureGates is the configuration of the tekton operands - FeatureGates *FeatureGates `json:"featureGates,omitempty"` -} - -// TektonPipelines defines the desired state of pipelines -type TektonPipelines struct { - Namespace string `json:"namespace,omitempty"` -} - -// TektonTasks defines variables for configuration of tasks -type TektonTasks struct { - Namespace string `json:"namespace,omitempty"` -} - -// FeatureGates defines feature gate for tto operator -type FeatureGates struct { - DeployTektonTaskResources bool `json:"deployTektonTaskResources,omitempty"` -} - -// DataImportCronTemplate defines the template type for DataImportCrons. -// It requires metadata.name to be specified while leaving namespace as optional. -type DataImportCronTemplate struct { - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec cdiv1beta1.DataImportCronSpec `json:"spec"` -} - -// AsDataImportCron converts the DataImportCronTemplate to a cdiv1beta1.DataImportCron -func (t *DataImportCronTemplate) AsDataImportCron() cdiv1beta1.DataImportCron { - return cdiv1beta1.DataImportCron{ - ObjectMeta: t.ObjectMeta, - Spec: t.Spec, - } -} - -// SSPStatus defines the observed state of SSP -type SSPStatus struct { - lifecycleapi.Status `json:",inline"` - - // Paused is true when the operator notices paused annotation. - Paused bool `json:"paused,omitempty"` - - // ObservedGeneration is the latest generation observed by the operator. - ObservedGeneration int64 `json:"observedGeneration,omitempty"` -} - -// +kubebuilder:object:root=true -// +kubebuilder:subresource:status -// +kubebuilder:deprecatedversion:warning="ssp.kubevirt.io/v1beta1 ssp is deprecated" -// SSP is the Schema for the ssps API -// +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=".status.phase" -type SSP struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec SSPSpec `json:"spec,omitempty"` - Status SSPStatus `json:"status,omitempty"` -} - -// +kubebuilder:object:root=true - -// SSPList contains a list of SSP -type SSPList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []SSP `json:"items"` -} - -func init() { - SchemeBuilder.Register(&SSP{}, &SSPList{}) -} diff --git a/vendor/kubevirt.io/ssp-operator/api/v1beta1/zz_generated.deepcopy.go b/vendor/kubevirt.io/ssp-operator/api/v1beta1/zz_generated.deepcopy.go deleted file mode 100644 index 92c3e9d9c..000000000 --- a/vendor/kubevirt.io/ssp-operator/api/v1beta1/zz_generated.deepcopy.go +++ /dev/null @@ -1,299 +0,0 @@ -//go:build !ignore_autogenerated - -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by controller-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "github.com/openshift/api/config/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CommonInstancetypes) DeepCopyInto(out *CommonInstancetypes) { - *out = *in - if in.URL != nil { - in, out := &in.URL, &out.URL - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonInstancetypes. -func (in *CommonInstancetypes) DeepCopy() *CommonInstancetypes { - if in == nil { - return nil - } - out := new(CommonInstancetypes) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CommonTemplates) DeepCopyInto(out *CommonTemplates) { - *out = *in - if in.DataImportCronTemplates != nil { - in, out := &in.DataImportCronTemplates, &out.DataImportCronTemplates - *out = make([]DataImportCronTemplate, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonTemplates. -func (in *CommonTemplates) DeepCopy() *CommonTemplates { - if in == nil { - return nil - } - out := new(CommonTemplates) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DataImportCronTemplate) DeepCopyInto(out *DataImportCronTemplate) { - *out = *in - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataImportCronTemplate. -func (in *DataImportCronTemplate) DeepCopy() *DataImportCronTemplate { - if in == nil { - return nil - } - out := new(DataImportCronTemplate) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FeatureGates) DeepCopyInto(out *FeatureGates) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGates. -func (in *FeatureGates) DeepCopy() *FeatureGates { - if in == nil { - return nil - } - out := new(FeatureGates) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeLabeller) DeepCopyInto(out *NodeLabeller) { - *out = *in - if in.Placement != nil { - in, out := &in.Placement, &out.Placement - *out = (*in).DeepCopy() - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeLabeller. -func (in *NodeLabeller) DeepCopy() *NodeLabeller { - if in == nil { - return nil - } - out := new(NodeLabeller) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SSP) DeepCopyInto(out *SSP) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSP. -func (in *SSP) DeepCopy() *SSP { - if in == nil { - return nil - } - out := new(SSP) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *SSP) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SSPList) DeepCopyInto(out *SSPList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]SSP, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSPList. -func (in *SSPList) DeepCopy() *SSPList { - if in == nil { - return nil - } - out := new(SSPList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *SSPList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SSPSpec) DeepCopyInto(out *SSPSpec) { - *out = *in - if in.TemplateValidator != nil { - in, out := &in.TemplateValidator, &out.TemplateValidator - *out = new(TemplateValidator) - (*in).DeepCopyInto(*out) - } - in.CommonTemplates.DeepCopyInto(&out.CommonTemplates) - if in.NodeLabeller != nil { - in, out := &in.NodeLabeller, &out.NodeLabeller - *out = new(NodeLabeller) - (*in).DeepCopyInto(*out) - } - if in.TLSSecurityProfile != nil { - in, out := &in.TLSSecurityProfile, &out.TLSSecurityProfile - *out = new(v1.TLSSecurityProfile) - (*in).DeepCopyInto(*out) - } - if in.CommonInstancetypes != nil { - in, out := &in.CommonInstancetypes, &out.CommonInstancetypes - *out = new(CommonInstancetypes) - (*in).DeepCopyInto(*out) - } - if in.TektonPipelines != nil { - in, out := &in.TektonPipelines, &out.TektonPipelines - *out = new(TektonPipelines) - **out = **in - } - if in.TektonTasks != nil { - in, out := &in.TektonTasks, &out.TektonTasks - *out = new(TektonTasks) - **out = **in - } - if in.FeatureGates != nil { - in, out := &in.FeatureGates, &out.FeatureGates - *out = new(FeatureGates) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSPSpec. -func (in *SSPSpec) DeepCopy() *SSPSpec { - if in == nil { - return nil - } - out := new(SSPSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SSPStatus) DeepCopyInto(out *SSPStatus) { - *out = *in - in.Status.DeepCopyInto(&out.Status) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSPStatus. -func (in *SSPStatus) DeepCopy() *SSPStatus { - if in == nil { - return nil - } - out := new(SSPStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TektonPipelines) DeepCopyInto(out *TektonPipelines) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TektonPipelines. -func (in *TektonPipelines) DeepCopy() *TektonPipelines { - if in == nil { - return nil - } - out := new(TektonPipelines) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TektonTasks) DeepCopyInto(out *TektonTasks) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TektonTasks. -func (in *TektonTasks) DeepCopy() *TektonTasks { - if in == nil { - return nil - } - out := new(TektonTasks) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateValidator) DeepCopyInto(out *TemplateValidator) { - *out = *in - if in.Replicas != nil { - in, out := &in.Replicas, &out.Replicas - *out = new(int32) - **out = **in - } - if in.Placement != nil { - in, out := &in.Placement, &out.Placement - *out = (*in).DeepCopy() - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateValidator. -func (in *TemplateValidator) DeepCopy() *TemplateValidator { - if in == nil { - return nil - } - out := new(TemplateValidator) - in.DeepCopyInto(out) - return out -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 82153fbee..957be9162 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -885,7 +885,6 @@ kubevirt.io/qe-tools/pkg/ginkgo-reporters kubevirt.io/qe-tools/pkg/polarion-xml # kubevirt.io/ssp-operator/api v0.0.0 => ./api ## explicit; go 1.22.4 -kubevirt.io/ssp-operator/api/v1beta1 kubevirt.io/ssp-operator/api/v1beta2 # sigs.k8s.io/controller-runtime v0.18.5 ## explicit; go 1.22.0 diff --git a/webhooks/ssp_webhook.go b/webhooks/ssp_webhook.go index ca8a6975c..fbeecb3fa 100644 --- a/webhooks/ssp_webhook.go +++ b/webhooks/ssp_webhook.go @@ -23,7 +23,6 @@ import ( apps "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" "k8s.io/utils/ptr" "kubevirt.io/controller-lifecycle-operator-sdk/api" @@ -32,28 +31,20 @@ import ( logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - sspv1beta1 "kubevirt.io/ssp-operator/api/v1beta1" sspv1beta2 "kubevirt.io/ssp-operator/api/v1beta2" ) +// +kubebuilder:webhook:verbs=create;update,path=/validate-ssp-kubevirt-io-v1beta2-ssp,mutating=false,failurePolicy=fail,groups=ssp.kubevirt.io,resources=ssps,versions=v1beta2,name=validation.ssp.kubevirt.io,admissionReviewVersions=v1,sideEffects=None + var ssplog = logf.Log.WithName("ssp-resource") func Setup(mgr ctrl.Manager) error { - // This is a hack. Using Unstructured allows the webhook to correctly decode different versions of objects. - // Controller-runtime currently does not support a single webhook for multiple versions. - - obj := &unstructured.Unstructured{} - obj.SetAPIVersion(sspv1beta2.GroupVersion.String()) - obj.SetKind("SSP") - return ctrl.NewWebhookManagedBy(mgr). - For(obj). + For(&sspv1beta2.SSP{}). WithValidator(newSspValidator(mgr.GetClient())). Complete() } -// +kubebuilder:webhook:verbs=create;update,path=/validate-ssp-kubevirt-io-v1beta2-ssp,mutating=false,failurePolicy=fail,groups=ssp.kubevirt.io,resources=ssps,versions=v1beta1;v1beta2,name=validation.ssp.kubevirt.io,admissionReviewVersions=v1,sideEffects=None - type sspValidator struct { apiClient client.Client } @@ -61,16 +52,16 @@ type sspValidator struct { var _ admission.CustomValidator = &sspValidator{} func (s *sspValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) { - sspObj, err := getSspWithConversion(obj) - if err != nil { - return nil, err + sspObj, ok := obj.(*sspv1beta2.SSP) + if !ok { + return nil, fmt.Errorf("expected v1beta2.SSP object, got %T", obj) } var ssps sspv1beta2.SSPList // Check if no other SSP resources are present in the cluster ssplog.Info("validate create", "name", sspObj.Name) - err = s.apiClient.List(ctx, &ssps, &client.ListOptions{}) + err := s.apiClient.List(ctx, &ssps, &client.ListOptions{}) if err != nil { return nil, fmt.Errorf("could not list SSPs for validation, please try again: %v", err) } @@ -82,9 +73,9 @@ func (s *sspValidator) ValidateCreate(ctx context.Context, obj runtime.Object) ( } func (s *sspValidator) ValidateUpdate(ctx context.Context, _, newObj runtime.Object) (admission.Warnings, error) { - newSsp, err := getSspWithConversion(newObj) - if err != nil { - return nil, err + newSsp, ok := newObj.(*sspv1beta2.SSP) + if !ok { + return nil, fmt.Errorf("expected v1beta2.SSP object, got %T", newObj) } ssplog.Info("validate update", "name", newSsp.Name) @@ -166,37 +157,6 @@ func (s *sspValidator) validateOperandPlacement(ctx context.Context, namespace s return s.apiClient.Create(ctx, deployment, &client.CreateOptions{DryRun: []string{metav1.DryRunAll}}) } -func getSspWithConversion(obj runtime.Object) (*sspv1beta2.SSP, error) { - unstructuredSsp, ok := obj.(*unstructured.Unstructured) - if !ok { - return nil, fmt.Errorf("expected unstructured object, got %T", obj) - } - - if unstructuredSsp.GetKind() != "SSP" { - return nil, fmt.Errorf("expected SSP kind, got %s", unstructuredSsp.GetKind()) - } - - switch unstructuredSsp.GetAPIVersion() { - case sspv1beta1.GroupVersion.String(): - // Currently the two versions differ only in one removed field. - // We can decode the v1beta1 object into v1beta2. - // TODO: Use proper conversion logic. - unstructuredSsp.SetAPIVersion(sspv1beta2.GroupVersion.String()) - - case sspv1beta2.GroupVersion.String(): - break - default: - return nil, fmt.Errorf("unexpected group version %s", unstructuredSsp.GetAPIVersion()) - } - - ssp := &sspv1beta2.SSP{} - err := runtime.DefaultUnstructuredConverter.FromUnstructured(unstructuredSsp.UnstructuredContent(), ssp) - if err != nil { - return nil, fmt.Errorf("error converting unstructured object to SSP: %w", err) - } - return ssp, nil -} - // TODO: also validate DataImportCronTemplates in general once CDI exposes its own validation func validateDataImportCronTemplates(ssp *sspv1beta2.SSP) error { for _, cron := range ssp.Spec.CommonTemplates.DataImportCronTemplates { diff --git a/webhooks/ssp_webhook_test.go b/webhooks/ssp_webhook_test.go index 5d40620da..84dfe3374 100644 --- a/webhooks/ssp_webhook_test.go +++ b/webhooks/ssp_webhook_test.go @@ -18,7 +18,6 @@ package webhooks import ( "context" - "fmt" "testing" . "github.com/onsi/ginkgo/v2" @@ -26,14 +25,11 @@ import ( v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - sspv1beta1 "kubevirt.io/ssp-operator/api/v1beta1" sspv1beta2 "kubevirt.io/ssp-operator/api/v1beta2" "kubevirt.io/ssp-operator/internal" ) @@ -51,7 +47,6 @@ var _ = Describe("SSP Validation", func() { scheme := runtime.NewScheme() // add our own scheme Expect(sspv1beta2.SchemeBuilder.AddToScheme(scheme)).To(Succeed()) - Expect(sspv1beta1.SchemeBuilder.AddToScheme(scheme)).To(Succeed()) // add more schemes Expect(v1.AddToScheme(scheme)).To(Succeed()) @@ -109,44 +104,11 @@ var _ = Describe("SSP Validation", func() { }, } - _, err := validator.ValidateCreate(ctx, toUnstructured(ssp)) + _, err := validator.ValidateCreate(ctx, ssp) Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("creation failed, an SSP CR already exists in namespace test-ns: test-ssp")) }) }) - - It("should accept old v1beta1 SSP CR", func() { - ssp := &sspv1beta1.SSP{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test-ssp", - Namespace: "test-ns", - }, - Spec: sspv1beta1.SSPSpec{ - TemplateValidator: &sspv1beta1.TemplateValidator{ - Replicas: ptr.To[int32](2), - }, - CommonTemplates: sspv1beta1.CommonTemplates{ - Namespace: templatesNamespace, - }, - NodeLabeller: &sspv1beta1.NodeLabeller{}, - CommonInstancetypes: &sspv1beta1.CommonInstancetypes{ - URL: ptr.To("https://foo.com/bar?ref=1234"), - }, - TektonPipelines: &sspv1beta1.TektonPipelines{ - Namespace: "test-pipelines-ns", - }, - TektonTasks: &sspv1beta1.TektonTasks{ - Namespace: "test-tasks-ns", - }, - FeatureGates: &sspv1beta1.FeatureGates{ - DeployTektonTaskResources: true, - }, - }, - } - - _, err := validator.ValidateCreate(ctx, toUnstructured(ssp)) - Expect(err).ToNot(HaveOccurred()) - }) }) Context("DataImportCronTemplates", func() { @@ -194,45 +156,28 @@ var _ = Describe("SSP Validation", func() { }) It("should validate dataImportCronTemplates on create", func() { - _, err := validator.ValidateCreate(ctx, toUnstructured(newSSP)) + _, err := validator.ValidateCreate(ctx, newSSP) Expect(err).To(HaveOccurred()) newSSP.Spec.CommonTemplates.DataImportCronTemplates[0].Name = "test-name" - _, err = validator.ValidateCreate(ctx, toUnstructured(newSSP)) + _, err = validator.ValidateCreate(ctx, newSSP) Expect(err).ToNot(HaveOccurred()) }) It("should validate dataImportCronTemplates on update", func() { - _, err := validator.ValidateUpdate(ctx, toUnstructured(oldSSP), toUnstructured(newSSP)) + _, err := validator.ValidateUpdate(ctx, oldSSP, newSSP) Expect(err).To(HaveOccurred()) newSSP.Spec.CommonTemplates.DataImportCronTemplates[0].Name = "test-name" - _, err = validator.ValidateUpdate(ctx, toUnstructured(oldSSP), toUnstructured(newSSP)) + _, err = validator.ValidateUpdate(ctx, oldSSP, newSSP) Expect(err).ToNot(HaveOccurred()) }) }) }) -func toUnstructured(obj runtime.Object) *unstructured.Unstructured { - switch t := obj.(type) { - case *sspv1beta1.SSP: - t.APIVersion = sspv1beta1.GroupVersion.String() - t.Kind = "SSP" - case *sspv1beta2.SSP: - t.APIVersion = sspv1beta2.GroupVersion.String() - t.Kind = "SSP" - } - - data, err := runtime.DefaultUnstructuredConverter.ToUnstructured(obj) - if err != nil { - panic(fmt.Sprintf("cannot convert object to unstructured: %s", err)) - } - return &unstructured.Unstructured{Object: data} -} - func TestWebhook(t *testing.T) { RegisterFailHandler(Fail) RunSpecs(t, "API Suite") From 501bb28c832b8e05c21d45e3fd56374836ed4a7b Mon Sep 17 00:00:00 2001 From: Andrej Krejcir Date: Mon, 11 Nov 2024 13:49:38 +0100 Subject: [PATCH 2/4] tests: webhook: add placement test, cleanup test code - Added unit tests for template validator placement check in webhook. - Improved webhook unit test code to make it simpler to read and extend. - Improved webhook functional test code. Signed-off-by: Andrej Krejcir --- tests/webhook_test.go | 7 +- webhooks/ssp_webhook_test.go | 203 ++++++++++++++++++++++------------- 2 files changed, 129 insertions(+), 81 deletions(-) diff --git a/tests/webhook_test.go b/tests/webhook_test.go index e160e29a8..a9db5be6a 100644 --- a/tests/webhook_test.go +++ b/tests/webhook_test.go @@ -1,7 +1,6 @@ package tests import ( - "fmt" "time" . "github.com/onsi/ginkgo/v2" @@ -78,11 +77,7 @@ var _ = Describe("Validation webhook", func() { } err := apiClient.Create(ctx, ssp2, client.DryRunAll) - if err == nil { - Fail("Second SSP resource created.") - return - } - Expect(err.Error()).To(ContainSubstring(fmt.Sprintf( + Expect(err).To(MatchError(ContainSubstring( "creation failed, an SSP CR already exists in namespace %v: %v", foundSsp.Namespace, foundSsp.Name, diff --git a/webhooks/ssp_webhook_test.go b/webhooks/ssp_webhook_test.go index 84dfe3374..5481b90b0 100644 --- a/webhooks/ssp_webhook_test.go +++ b/webhooks/ssp_webhook_test.go @@ -23,112 +23,81 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + apps "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" + "k8s.io/utils/ptr" + "kubevirt.io/controller-lifecycle-operator-sdk/api" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" + "sigs.k8s.io/controller-runtime/pkg/client/interceptor" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" sspv1beta2 "kubevirt.io/ssp-operator/api/v1beta2" "kubevirt.io/ssp-operator/internal" + "kubevirt.io/ssp-operator/internal/common" ) var _ = Describe("SSP Validation", func() { + var ( - client client.Client - objects = make([]runtime.Object, 0) + apiClient client.Client + createIntercept func(ctx context.Context, client client.WithWatch, obj client.Object, opts ...client.CreateOption) error validator admission.CustomValidator ctx context.Context ) - JustBeforeEach(func() { - scheme := runtime.NewScheme() - // add our own scheme - Expect(sspv1beta2.SchemeBuilder.AddToScheme(scheme)).To(Succeed()) - // add more schemes - Expect(v1.AddToScheme(scheme)).To(Succeed()) + BeforeEach(func() { + createIntercept = func(ctx context.Context, client client.WithWatch, obj client.Object, opts ...client.CreateOption) error { + return client.Create(ctx, obj, opts...) + } - client = fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(objects...).Build() + apiClient = fake.NewClientBuilder(). + WithScheme(common.Scheme). + WithInterceptorFuncs(interceptor.Funcs{ + Create: func(ctx context.Context, client client.WithWatch, obj client.Object, opts ...client.CreateOption) error { + return createIntercept(ctx, client, obj, opts...) + }, + }). + Build() - validator = newSspValidator(client) - ctx = context.Background() + validator = newSspValidator(apiClient) }) Context("creating SSP CR", func() { - const ( - templatesNamespace = "test-templates-ns" - ) - BeforeEach(func() { - objects = append(objects, &v1.Namespace{ + err := apiClient.Create(ctx, &sspv1beta2.SSP{ ObjectMeta: metav1.ObjectMeta{ - Name: templatesNamespace, - ResourceVersion: "1", + Name: "test-ssp", + Namespace: "test-ns", }, + Spec: sspv1beta2.SSPSpec{}, }) + Expect(err).ToNot(HaveOccurred()) }) - AfterEach(func() { - objects = make([]runtime.Object, 0) - }) - - Context("when one is already present", func() { - BeforeEach(func() { - // add an SSP CR to fake client - objects = append(objects, &sspv1beta2.SSP{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test-ssp", - Namespace: "test-ns", - ResourceVersion: "1", - }, - Spec: sspv1beta2.SSPSpec{ - CommonTemplates: sspv1beta2.CommonTemplates{ - Namespace: templatesNamespace, - }, - }, - }) - }) - - It("should be rejected", func() { - ssp := &sspv1beta2.SSP{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test-ssp2", - Namespace: "test-ns2", - }, - Spec: sspv1beta2.SSPSpec{ - CommonTemplates: sspv1beta2.CommonTemplates{ - Namespace: templatesNamespace, - }, - }, - } + It("should reject SSP when one is already present", func() { + ssp := &sspv1beta2.SSP{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-ssp2", + Namespace: "test-ns2", + }, + Spec: sspv1beta2.SSPSpec{}, + } - _, err := validator.ValidateCreate(ctx, ssp) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("creation failed, an SSP CR already exists in namespace test-ns: test-ssp")) - }) + _, err := validator.ValidateCreate(ctx, ssp) + Expect(err).To(MatchError(ContainSubstring("creation failed, an SSP CR already exists in namespace test-ns: test-ssp"))) }) }) Context("DataImportCronTemplates", func() { - const ( - templatesNamespace = "test-templates-ns" - ) - var ( oldSSP *sspv1beta2.SSP newSSP *sspv1beta2.SSP ) BeforeEach(func() { - objects = append(objects, &v1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ - Name: templatesNamespace, - ResourceVersion: "1", - }, - }) - oldSSP = &sspv1beta2.SSP{ ObjectMeta: metav1.ObjectMeta{ Name: "test-ssp", @@ -136,7 +105,7 @@ var _ = Describe("SSP Validation", func() { }, Spec: sspv1beta2.SSPSpec{ CommonTemplates: sspv1beta2.CommonTemplates{ - Namespace: templatesNamespace, + Namespace: "test-templates-ns", DataImportCronTemplates: []sspv1beta2.DataImportCronTemplate{ { ObjectMeta: metav1.ObjectMeta{ @@ -151,13 +120,9 @@ var _ = Describe("SSP Validation", func() { newSSP = oldSSP.DeepCopy() }) - AfterEach(func() { - objects = make([]runtime.Object, 0) - }) - It("should validate dataImportCronTemplates on create", func() { _, err := validator.ValidateCreate(ctx, newSSP) - Expect(err).To(HaveOccurred()) + Expect(err).To(MatchError(ContainSubstring("missing name in DataImportCronTemplate"))) newSSP.Spec.CommonTemplates.DataImportCronTemplates[0].Name = "test-name" @@ -167,7 +132,7 @@ var _ = Describe("SSP Validation", func() { It("should validate dataImportCronTemplates on update", func() { _, err := validator.ValidateUpdate(ctx, oldSSP, newSSP) - Expect(err).To(HaveOccurred()) + Expect(err).To(MatchError(ContainSubstring("missing name in DataImportCronTemplate"))) newSSP.Spec.CommonTemplates.DataImportCronTemplates[0].Name = "test-name" @@ -176,9 +141,97 @@ var _ = Describe("SSP Validation", func() { }) }) + Context("validate placement", func() { + It("should not call create API, if placement is nil", func() { + createIntercept = func(_ context.Context, _ client.WithWatch, _ client.Object, _ ...client.CreateOption) error { + Fail("Called create API") + return nil + } + + ssp := &sspv1beta2.SSP{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-ssp", + Namespace: "test-ns", + }, + Spec: sspv1beta2.SSPSpec{ + TemplateValidator: &sspv1beta2.TemplateValidator{ + Replicas: ptr.To(int32(2)), + Placement: nil, + }, + }, + } + + _, err := validator.ValidateCreate(ctx, ssp) + Expect(err).ToNot(HaveOccurred()) + }) + + It("should call create API dry run", func() { + placement := &api.NodePlacement{ + NodeSelector: map[string]string{ + "test-label": "test-value", + }, + Affinity: &v1.Affinity{ + PodAffinity: &v1.PodAffinity{ + RequiredDuringSchedulingIgnoredDuringExecution: []v1.PodAffinityTerm{{ + LabelSelector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "foo": "bar", + }, + }, + }}, + }, + }, + Tolerations: []v1.Toleration{{ + Key: "key", + Value: "value", + }}, + } + + var createWasCalled bool + createIntercept = func(ctx context.Context, cli client.WithWatch, obj client.Object, opts ...client.CreateOption) error { + deployment, ok := obj.(*apps.Deployment) + if !ok { + Fail("Expected created object to be Deployment.") + } + + createOptions := &client.CreateOptions{} + for _, opt := range opts { + opt.ApplyToCreate(createOptions) + } + + if len(createOptions.DryRun) != 1 || createOptions.DryRun[0] != metav1.DryRunAll { + Fail("Create call should be dry run.") + } + + Expect(deployment.Spec.Template.Spec.NodeSelector).To(Equal(placement.NodeSelector)) + Expect(deployment.Spec.Template.Spec.Affinity).To(Equal(placement.Affinity)) + Expect(deployment.Spec.Template.Spec.Tolerations).To(Equal(placement.Tolerations)) + createWasCalled = true + return nil + } + + ssp := &sspv1beta2.SSP{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-ssp", + Namespace: "test-ns", + }, + Spec: sspv1beta2.SSPSpec{ + TemplateValidator: &sspv1beta2.TemplateValidator{ + Replicas: ptr.To(int32(2)), + Placement: placement, + }, + }, + } + + _, err := validator.ValidateCreate(ctx, ssp) + Expect(err).ToNot(HaveOccurred()) + + Expect(createWasCalled).To(BeTrue()) + }) + }) }) func TestWebhook(t *testing.T) { RegisterFailHandler(Fail) - RunSpecs(t, "API Suite") + RunSpecs(t, "Webhook Suite") } From 32a54f297f8299f917a3f1eacf686675448c6b23 Mon Sep 17 00:00:00 2001 From: Andrej Krejcir Date: Fri, 1 Nov 2024 13:56:45 +0100 Subject: [PATCH 3/4] api: Update SSP API version to v1beta3 The new API version removes feature gates and unused parameters. It is directly compatible with the old version, so a conversion webhook is not needed. The stored version is still set to v1beta2, and ssp-operator watches this old version. In a next release we may switch to using the v1beta3 as stored version. Signed-off-by: Andrej Krejcir --- PROJECT | 14 + api/v1beta3/groupversion_info.go | 36 + api/v1beta3/ssp_types.go | 121 + api/v1beta3/zz_generated.deepcopy.go | 210 ++ config/crd/bases/ssp.kubevirt.io_ssps.yaml | 2211 +++++++++++++++++ config/samples/kustomization.yaml | 1 + config/samples/ssp_v1beta3_ssp.yaml | 10 + config/webhook/manifests.yaml | 22 +- data/crd/ssp.kubevirt.io_ssps.yaml | 2211 +++++++++++++++++ .../ssp-operator.clusterserviceversion.yaml | 42 +- hack/csv-generator.go | 4 +- internal/common/scheme.go | 3 + tests/tests_suite_test.go | 9 + tests/webhook_test.go | 108 +- .../api/v1beta3/groupversion_info.go | 36 + .../ssp-operator/api/v1beta3/ssp_types.go | 121 + .../api/v1beta3/zz_generated.deepcopy.go | 210 ++ vendor/modules.txt | 1 + webhooks/convert/convert.go | 70 + webhooks/ssp_webhook.go | 45 +- webhooks/ssp_webhook_test.go | 365 ++- 21 files changed, 5716 insertions(+), 134 deletions(-) create mode 100644 api/v1beta3/groupversion_info.go create mode 100644 api/v1beta3/ssp_types.go create mode 100644 api/v1beta3/zz_generated.deepcopy.go create mode 100644 config/samples/ssp_v1beta3_ssp.yaml create mode 100644 vendor/kubevirt.io/ssp-operator/api/v1beta3/groupversion_info.go create mode 100644 vendor/kubevirt.io/ssp-operator/api/v1beta3/ssp_types.go create mode 100644 vendor/kubevirt.io/ssp-operator/api/v1beta3/zz_generated.deepcopy.go create mode 100644 webhooks/convert/convert.go diff --git a/PROJECT b/PROJECT index 2c41f4bfa..2251fee9d 100644 --- a/PROJECT +++ b/PROJECT @@ -3,6 +3,20 @@ layout: go.kubebuilder.io/v3 projectName: ssp-operator repo: kubevirt.io/ssp-operator resources: +- api: + crdVersion: v1 + namespaced: true + controller: true + domain: kubevirt.io + group: ssp + kind: SSP + path: kubevirt.io/ssp-operator/api/v1beta3 + version: v1beta3 + webhooks: + # conversion: true + # defaulting: true + validation: true + webhookVersion: v1 - api: crdVersion: v1 namespaced: true diff --git a/api/v1beta3/groupversion_info.go b/api/v1beta3/groupversion_info.go new file mode 100644 index 000000000..131ba91cd --- /dev/null +++ b/api/v1beta3/groupversion_info.go @@ -0,0 +1,36 @@ +/* + + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1beta3 contains API Schema definitions for the ssp v1beta3 API group +// +kubebuilder:object:generate=true +// +groupName=ssp.kubevirt.io +package v1beta3 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "ssp.kubevirt.io", Version: "v1beta3"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/api/v1beta3/ssp_types.go b/api/v1beta3/ssp_types.go new file mode 100644 index 000000000..c2af6b9bb --- /dev/null +++ b/api/v1beta3/ssp_types.go @@ -0,0 +1,121 @@ +/* + + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta3 + +import ( + ocpv1 "github.com/openshift/api/config/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + cdiv1beta1 "kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1" + lifecycleapi "kubevirt.io/controller-lifecycle-operator-sdk/api" +) + +const ( + OperatorPausedAnnotation = "kubevirt.io/operator.paused" +) + +type TemplateValidator struct { + // Replicas is the number of replicas of the template validator pod + //+kubebuilder:validation:Minimum=0 + //+kubebuilder:default=2 + Replicas *int32 `json:"replicas,omitempty"` + + // Placement describes the node scheduling configuration + Placement *lifecycleapi.NodePlacement `json:"placement,omitempty"` +} + +type CommonTemplates struct { + // Namespace is the k8s namespace where CommonTemplates should be installed + //+kubebuilder:validation:MaxLength=63 + //+kubebuilder:validation:Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + Namespace string `json:"namespace"` + + // DataImportCronTemplates defines a list of DataImportCrons managed by the SSP Operator. + DataImportCronTemplates []DataImportCronTemplate `json:"dataImportCronTemplates,omitempty"` +} + +// SSPSpec defines the desired state of SSP +type SSPSpec struct { + // TemplateValidator is configuration of the template validator operand + TemplateValidator *TemplateValidator `json:"templateValidator,omitempty"` + + // CommonTemplates is the configuration of the common templates operand + CommonTemplates CommonTemplates `json:"commonTemplates"` + + // TLSSecurityProfile is a configuration for the TLS. + TLSSecurityProfile *ocpv1.TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` + + // TokenGenerationService configures the service for generating tokens to access VNC for a VM. + TokenGenerationService *TokenGenerationService `json:"tokenGenerationService,omitempty"` +} + +// DataImportCronTemplate defines the template type for DataImportCrons. +// It requires metadata.name to be specified while leaving namespace as optional. +type DataImportCronTemplate struct { + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec cdiv1beta1.DataImportCronSpec `json:"spec"` +} + +// AsDataImportCron converts the DataImportCronTemplate to a cdiv1beta1.DataImportCron +func (t *DataImportCronTemplate) AsDataImportCron() cdiv1beta1.DataImportCron { + return cdiv1beta1.DataImportCron{ + ObjectMeta: t.ObjectMeta, + Spec: t.Spec, + } +} + +// TokenGenerationService configures the service for generating tokens to access VNC for a VM. +type TokenGenerationService struct { + Enabled bool `json:"enabled,omitempty"` +} + +// SSPStatus defines the observed state of SSP +type SSPStatus struct { + lifecycleapi.Status `json:",inline"` + + // Paused is true when the operator notices paused annotation. + Paused bool `json:"paused,omitempty"` + + // ObservedGeneration is the latest generation observed by the operator. + ObservedGeneration int64 `json:"observedGeneration,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=".status.phase" + +// SSP is the Schema for the ssps API +type SSP struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec SSPSpec `json:"spec,omitempty"` + Status SSPStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// SSPList contains a list of SSP +type SSPList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []SSP `json:"items"` +} + +func init() { + SchemeBuilder.Register(&SSP{}, &SSPList{}) +} diff --git a/api/v1beta3/zz_generated.deepcopy.go b/api/v1beta3/zz_generated.deepcopy.go new file mode 100644 index 000000000..b572d7c1f --- /dev/null +++ b/api/v1beta3/zz_generated.deepcopy.go @@ -0,0 +1,210 @@ +//go:build !ignore_autogenerated + +/* + + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta3 + +import ( + "github.com/openshift/api/config/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CommonTemplates) DeepCopyInto(out *CommonTemplates) { + *out = *in + if in.DataImportCronTemplates != nil { + in, out := &in.DataImportCronTemplates, &out.DataImportCronTemplates + *out = make([]DataImportCronTemplate, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonTemplates. +func (in *CommonTemplates) DeepCopy() *CommonTemplates { + if in == nil { + return nil + } + out := new(CommonTemplates) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DataImportCronTemplate) DeepCopyInto(out *DataImportCronTemplate) { + *out = *in + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataImportCronTemplate. +func (in *DataImportCronTemplate) DeepCopy() *DataImportCronTemplate { + if in == nil { + return nil + } + out := new(DataImportCronTemplate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SSP) DeepCopyInto(out *SSP) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSP. +func (in *SSP) DeepCopy() *SSP { + if in == nil { + return nil + } + out := new(SSP) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SSP) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SSPList) DeepCopyInto(out *SSPList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]SSP, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSPList. +func (in *SSPList) DeepCopy() *SSPList { + if in == nil { + return nil + } + out := new(SSPList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SSPList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SSPSpec) DeepCopyInto(out *SSPSpec) { + *out = *in + if in.TemplateValidator != nil { + in, out := &in.TemplateValidator, &out.TemplateValidator + *out = new(TemplateValidator) + (*in).DeepCopyInto(*out) + } + in.CommonTemplates.DeepCopyInto(&out.CommonTemplates) + if in.TLSSecurityProfile != nil { + in, out := &in.TLSSecurityProfile, &out.TLSSecurityProfile + *out = new(v1.TLSSecurityProfile) + (*in).DeepCopyInto(*out) + } + if in.TokenGenerationService != nil { + in, out := &in.TokenGenerationService, &out.TokenGenerationService + *out = new(TokenGenerationService) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSPSpec. +func (in *SSPSpec) DeepCopy() *SSPSpec { + if in == nil { + return nil + } + out := new(SSPSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SSPStatus) DeepCopyInto(out *SSPStatus) { + *out = *in + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSPStatus. +func (in *SSPStatus) DeepCopy() *SSPStatus { + if in == nil { + return nil + } + out := new(SSPStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateValidator) DeepCopyInto(out *TemplateValidator) { + *out = *in + if in.Replicas != nil { + in, out := &in.Replicas, &out.Replicas + *out = new(int32) + **out = **in + } + if in.Placement != nil { + in, out := &in.Placement, &out.Placement + *out = (*in).DeepCopy() + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateValidator. +func (in *TemplateValidator) DeepCopy() *TemplateValidator { + if in == nil { + return nil + } + out := new(TemplateValidator) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenGenerationService) DeepCopyInto(out *TokenGenerationService) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenGenerationService. +func (in *TokenGenerationService) DeepCopy() *TokenGenerationService { + if in == nil { + return nil + } + out := new(TokenGenerationService) + in.DeepCopyInto(out) + return out +} diff --git a/config/crd/bases/ssp.kubevirt.io_ssps.yaml b/config/crd/bases/ssp.kubevirt.io_ssps.yaml index f4cfe1d83..3295aec69 100644 --- a/config/crd/bases/ssp.kubevirt.io_ssps.yaml +++ b/config/crd/bases/ssp.kubevirt.io_ssps.yaml @@ -2288,3 +2288,2214 @@ spec: storage: true subresources: status: {} + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1beta3 + schema: + openAPIV3Schema: + description: SSP is the Schema for the ssps API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SSPSpec defines the desired state of SSP + properties: + commonTemplates: + description: CommonTemplates is the configuration of the common templates + operand + properties: + dataImportCronTemplates: + description: DataImportCronTemplates defines a list of DataImportCrons + managed by the SSP Operator. + items: + description: |- + DataImportCronTemplate defines the template type for DataImportCrons. + It requires metadata.name to be specified while leaving namespace as optional. + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: DataImportCronSpec defines specification for + DataImportCron + properties: + garbageCollect: + description: |- + GarbageCollect specifies whether old PVCs should be cleaned up after a new PVC is imported. + Options are currently "Outdated" and "Never", defaults to "Outdated". + type: string + importsToKeep: + description: Number of import PVCs to keep when garbage + collecting. Default is 3. + format: int32 + type: integer + managedDataSource: + description: |- + ManagedDataSource specifies the name of the corresponding DataSource this cron will manage. + DataSource has to be in the same namespace. + type: string + retentionPolicy: + description: RetentionPolicy specifies whether the created + DataVolumes and DataSources are retained when their + DataImportCron is deleted. Default is RatainAll. + type: string + schedule: + description: Schedule specifies in cron format when + and how often to look for new imports + type: string + template: + description: Template specifies template for the DVs + to be created + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: DataVolumeSpec defines the DataVolume + type specification + properties: + checkpoints: + description: Checkpoints is a list of DataVolumeCheckpoints, + representing stages in a multistage import. + items: + description: DataVolumeCheckpoint defines + a stage in a warm migration. + properties: + current: + description: Current is the identifier + of the snapshot created for this checkpoint. + type: string + previous: + description: Previous is the identifier + of the snapshot from the previous checkpoint. + type: string + required: + - current + - previous + type: object + type: array + contentType: + description: 'DataVolumeContentType options: + "kubevirt", "archive"' + enum: + - kubevirt + - archive + type: string + finalCheckpoint: + description: FinalCheckpoint indicates whether + the current DataVolumeCheckpoint is the final + checkpoint. + type: boolean + preallocation: + description: Preallocation controls whether + storage for DataVolumes should be allocated + in advance. + type: boolean + priorityClassName: + description: PriorityClassName for Importer, + Cloner and Uploader pod + type: string + pvc: + description: PVC is the PVC specification + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + source: + description: Source is the src of the data for + the requested DataVolume + properties: + blank: + description: DataVolumeBlankImage provides + the parameters to create a new raw blank + image for the PVC + type: object + gcs: + description: DataVolumeSourceGCS provides + the parameters to create a Data Volume + from an GCS source + properties: + secretRef: + description: SecretRef provides the + secret reference needed to access + the GCS source + type: string + url: + description: URL is the url of the GCS + source + type: string + required: + - url + type: object + http: + description: DataVolumeSourceHTTP can be + either an http or https endpoint, with + an optional basic auth user name and password, + and an optional configmap containing additional + CAs + properties: + certConfigMap: + description: CertConfigMap is a configmap + reference, containing a Certificate + Authority(CA) public key, and a base64 + encoded pem certificate + type: string + extraHeaders: + description: ExtraHeaders is a list + of strings containing extra headers + to include with HTTP transfer requests + items: + type: string + type: array + secretExtraHeaders: + description: SecretExtraHeaders is a + list of Secret references, each containing + an extra HTTP header that may include + sensitive information + items: + type: string + type: array + secretRef: + description: SecretRef A Secret reference, + the secret should contain accessKeyId + (user name) base64 encoded, and secretKey + (password) also base64 encoded + type: string + url: + description: URL is the URL of the http(s) + endpoint + type: string + required: + - url + type: object + imageio: + description: DataVolumeSourceImageIO provides + the parameters to create a Data Volume + from an imageio source + properties: + certConfigMap: + description: CertConfigMap provides + a reference to the CA cert + type: string + diskId: + description: DiskID provides id of a + disk to be imported + type: string + secretRef: + description: SecretRef provides the + secret reference needed to access + the ovirt-engine + type: string + url: + description: URL is the URL of the ovirt-engine + type: string + required: + - diskId + - url + type: object + pvc: + description: DataVolumeSourcePVC provides + the parameters to create a Data Volume + from an existing PVC + properties: + name: + description: The name of the source + PVC + type: string + namespace: + description: The namespace of the source + PVC + type: string + required: + - name + - namespace + type: object + registry: + description: DataVolumeSourceRegistry provides + the parameters to create a Data Volume + from an registry source + properties: + certConfigMap: + description: CertConfigMap provides + a reference to the Registry certs + type: string + imageStream: + description: ImageStream is the name + of image stream for import + type: string + pullMethod: + description: PullMethod can be either + "pod" (default import), or "node" + (node docker cache based import) + type: string + secretRef: + description: SecretRef provides the + secret reference needed to access + the Registry source + type: string + url: + description: 'URL is the url of the + registry source (starting with the + scheme: docker, oci-archive)' + type: string + type: object + s3: + description: DataVolumeSourceS3 provides + the parameters to create a Data Volume + from an S3 source + properties: + certConfigMap: + description: CertConfigMap is a configmap + reference, containing a Certificate + Authority(CA) public key, and a base64 + encoded pem certificate + type: string + secretRef: + description: SecretRef provides the + secret reference needed to access + the S3 source + type: string + url: + description: URL is the url of the S3 + source + type: string + required: + - url + type: object + snapshot: + description: DataVolumeSourceSnapshot provides + the parameters to create a Data Volume + from an existing VolumeSnapshot + properties: + name: + description: The name of the source + VolumeSnapshot + type: string + namespace: + description: The namespace of the source + VolumeSnapshot + type: string + required: + - name + - namespace + type: object + upload: + description: DataVolumeSourceUpload provides + the parameters to create a Data Volume + by uploading the source + type: object + vddk: + description: DataVolumeSourceVDDK provides + the parameters to create a Data Volume + from a Vmware source + properties: + backingFile: + description: BackingFile is the path + to the virtual hard disk to migrate + from vCenter/ESXi + type: string + initImageURL: + description: InitImageURL is an optional + URL to an image containing an extracted + VDDK library, overrides v2v-vmware + config map + type: string + secretRef: + description: SecretRef provides a reference + to a secret containing the username + and password needed to access the + vCenter or ESXi host + type: string + thumbprint: + description: Thumbprint is the certificate + thumbprint of the vCenter or ESXi + host + type: string + url: + description: URL is the URL of the vCenter + or ESXi host with the VM to migrate + type: string + uuid: + description: UUID is the UUID of the + virtual machine that the backing file + is attached to in vCenter/ESXi + type: string + type: object + type: object + sourceRef: + description: SourceRef is an indirect reference + to the source of data for the requested DataVolume + properties: + kind: + description: The kind of the source reference, + currently only "DataSource" is supported + type: string + name: + description: The name of the source reference + type: string + namespace: + description: The namespace of the source + reference, defaults to the DataVolume + namespace + type: string + required: + - kind + - name + type: object + storage: + description: Storage is the requested storage + specification + properties: + accessModes: + description: |- + AccessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. + If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. + This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. + There are two important differences between DataSource and DataSourceRef: + * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. + * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + Resources represents the minimum resources the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: A label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + type: object + status: + description: DataVolumeStatus contains the current + status of the DataVolume + properties: + claimName: + description: ClaimName is the name of the underlying + PVC used by the DataVolume. + type: string + conditions: + items: + description: DataVolumeCondition represents + the state of a data volume condition. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + description: DataVolumeConditionType is + the string representation of known condition + types + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase is the current phase of the + data volume + type: string + progress: + description: DataVolumeProgress is the current + progress of the DataVolume transfer operation. + Value between 0 and 100 inclusive, N/A if + not available + type: string + restartCount: + description: RestartCount is the number of times + the pod populating the DataVolume has restarted + format: int32 + type: integer + type: object + required: + - spec + type: object + required: + - managedDataSource + - schedule + - template + type: object + required: + - spec + type: object + type: array + namespace: + description: Namespace is the k8s namespace where CommonTemplates + should be installed + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - namespace + type: object + templateValidator: + description: TemplateValidator is configuration of the template validator + operand + properties: + placement: + description: Placement describes the node scheduling configuration + properties: + affinity: + description: |- + affinity enables pod affinity/anti-affinity placement expanding the types of constraints + that can be expressed with nodeSelector. + affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector + See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector is the node selector applied to the relevant kind of pods + It specifies a map of key-value pairs: for the pod to be eligible to run on a node, + the node must have each of the indicated key-value pairs as labels + (it can have additional labels as well). + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + type: object + tolerations: + description: |- + tolerations is a list of tolerations applied to the relevant kind of pods + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. + These are additional tolerations other than default ones. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + default: 2 + description: Replicas is the number of replicas of the template + validator pod + format: int32 + minimum: 0 + type: integer + type: object + tlsSecurityProfile: + description: TLSSecurityProfile is a configuration for the TLS. + properties: + custom: + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. An example custom profile + looks like this: + + + ciphers: + + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + + - ECDHE-RSA-CHACHA20-POLY1305 + + + - ECDHE-RSA-AES128-GCM-SHA256 + + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + + minTLSVersion: VersionTLS11 + nullable: true + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + + minTLSVersion: VersionTLS11 + + + NOTE: currently the highest minTLSVersion allowed is VersionTLS12 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: |- + intermediate is a TLS security profile based on: + + + https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + + + and looks like this (yaml): + + + ciphers: + + + - TLS_AES_128_GCM_SHA256 + + + - TLS_AES_256_GCM_SHA384 + + + - TLS_CHACHA20_POLY1305_SHA256 + + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + + - ECDHE-RSA-AES128-GCM-SHA256 + + + - ECDHE-ECDSA-AES256-GCM-SHA384 + + + - ECDHE-RSA-AES256-GCM-SHA384 + + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + + - ECDHE-RSA-CHACHA20-POLY1305 + + + - DHE-RSA-AES128-GCM-SHA256 + + + - DHE-RSA-AES256-GCM-SHA384 + + + minTLSVersion: VersionTLS12 + nullable: true + type: object + modern: + description: |- + modern is a TLS security profile based on: + + + https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + + + and looks like this (yaml): + + + ciphers: + + + - TLS_AES_128_GCM_SHA256 + + + - TLS_AES_256_GCM_SHA384 + + + - TLS_CHACHA20_POLY1305_SHA256 + + + minTLSVersion: VersionTLS13 + nullable: true + type: object + old: + description: |- + old is a TLS security profile based on: + + + https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + + + and looks like this (yaml): + + + ciphers: + + + - TLS_AES_128_GCM_SHA256 + + + - TLS_AES_256_GCM_SHA384 + + + - TLS_CHACHA20_POLY1305_SHA256 + + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + + - ECDHE-RSA-AES128-GCM-SHA256 + + + - ECDHE-ECDSA-AES256-GCM-SHA384 + + + - ECDHE-RSA-AES256-GCM-SHA384 + + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + + - ECDHE-RSA-CHACHA20-POLY1305 + + + - DHE-RSA-AES128-GCM-SHA256 + + + - DHE-RSA-AES256-GCM-SHA384 + + + - DHE-RSA-CHACHA20-POLY1305 + + + - ECDHE-ECDSA-AES128-SHA256 + + + - ECDHE-RSA-AES128-SHA256 + + + - ECDHE-ECDSA-AES128-SHA + + + - ECDHE-RSA-AES128-SHA + + + - ECDHE-ECDSA-AES256-SHA384 + + + - ECDHE-RSA-AES256-SHA384 + + + - ECDHE-ECDSA-AES256-SHA + + + - ECDHE-RSA-AES256-SHA + + + - DHE-RSA-AES128-SHA256 + + + - DHE-RSA-AES256-SHA256 + + + - AES128-GCM-SHA256 + + + - AES256-GCM-SHA384 + + + - AES128-SHA256 + + + - AES256-SHA256 + + + - AES128-SHA + + + - AES256-SHA + + + - DES-CBC3-SHA + + + minTLSVersion: VersionTLS10 + nullable: true + type: object + type: + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides + the ability to specify individual TLS security profile parameters. + Old, Intermediate and Modern are TLS security profiles based on: + + + https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + + + The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers + are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be + reduced. + + + Note that the Modern profile is currently not supported because it is not + yet well adopted by common software libraries. + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + tokenGenerationService: + description: TokenGenerationService configures the service for generating + tokens to access VNC for a VM. + properties: + enabled: + type: boolean + type: object + required: + - commonTemplates + type: object + status: + description: SSPStatus defines the observed state of SSP + properties: + conditions: + description: A list of current conditions of the resource + items: + description: |- + Condition represents the state of the operator's + reconciliation functionality. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + description: ConditionType is the state of the operator's reconciliation + functionality. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the operator. + format: int64 + type: integer + observedVersion: + description: The observed version of the resource + type: string + operatorVersion: + description: The version of the resource as defined by the operator + type: string + paused: + description: Paused is true when the operator notices paused annotation. + type: boolean + phase: + description: Phase is the current phase of the deployment + type: string + targetVersion: + description: The desired version of the resource + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index db771cb95..aa76002fa 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -1,4 +1,5 @@ ## Append samples you want in your CSV to this file as resources ## resources: - ssp_v1beta2_ssp.yaml +- ssp_v1beta3_ssp.yaml # +kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/samples/ssp_v1beta3_ssp.yaml b/config/samples/ssp_v1beta3_ssp.yaml new file mode 100644 index 000000000..d937d94cb --- /dev/null +++ b/config/samples/ssp_v1beta3_ssp.yaml @@ -0,0 +1,10 @@ +apiVersion: ssp.kubevirt.io/v1beta3 +kind: SSP +metadata: + name: ssp-sample + namespace: kubevirt +spec: + commonTemplates: + namespace: kubevirt + templateValidator: + replicas: 2 diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 534888a58..0d0e58494 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -12,7 +12,7 @@ webhooks: namespace: system path: /validate-ssp-kubevirt-io-v1beta2-ssp failurePolicy: Fail - name: validation.ssp.kubevirt.io + name: validation.v1beta2.ssp.kubevirt.io rules: - apiGroups: - ssp.kubevirt.io @@ -24,3 +24,23 @@ webhooks: resources: - ssps sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-ssp-kubevirt-io-v1beta3-ssp + failurePolicy: Fail + name: validation.v1beta3.ssp.kubevirt.io + rules: + - apiGroups: + - ssp.kubevirt.io + apiVersions: + - v1beta3 + operations: + - CREATE + - UPDATE + resources: + - ssps + sideEffects: None diff --git a/data/crd/ssp.kubevirt.io_ssps.yaml b/data/crd/ssp.kubevirt.io_ssps.yaml index 8e7abcabd..f8dbf8449 100644 --- a/data/crd/ssp.kubevirt.io_ssps.yaml +++ b/data/crd/ssp.kubevirt.io_ssps.yaml @@ -2290,6 +2290,2217 @@ spec: storage: true subresources: status: {} + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1beta3 + schema: + openAPIV3Schema: + description: SSP is the Schema for the ssps API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SSPSpec defines the desired state of SSP + properties: + commonTemplates: + description: CommonTemplates is the configuration of the common templates + operand + properties: + dataImportCronTemplates: + description: DataImportCronTemplates defines a list of DataImportCrons + managed by the SSP Operator. + items: + description: |- + DataImportCronTemplate defines the template type for DataImportCrons. + It requires metadata.name to be specified while leaving namespace as optional. + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: DataImportCronSpec defines specification for + DataImportCron + properties: + garbageCollect: + description: |- + GarbageCollect specifies whether old PVCs should be cleaned up after a new PVC is imported. + Options are currently "Outdated" and "Never", defaults to "Outdated". + type: string + importsToKeep: + description: Number of import PVCs to keep when garbage + collecting. Default is 3. + format: int32 + type: integer + managedDataSource: + description: |- + ManagedDataSource specifies the name of the corresponding DataSource this cron will manage. + DataSource has to be in the same namespace. + type: string + retentionPolicy: + description: RetentionPolicy specifies whether the created + DataVolumes and DataSources are retained when their + DataImportCron is deleted. Default is RatainAll. + type: string + schedule: + description: Schedule specifies in cron format when + and how often to look for new imports + type: string + template: + description: Template specifies template for the DVs + to be created + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: DataVolumeSpec defines the DataVolume + type specification + properties: + checkpoints: + description: Checkpoints is a list of DataVolumeCheckpoints, + representing stages in a multistage import. + items: + description: DataVolumeCheckpoint defines + a stage in a warm migration. + properties: + current: + description: Current is the identifier + of the snapshot created for this checkpoint. + type: string + previous: + description: Previous is the identifier + of the snapshot from the previous checkpoint. + type: string + required: + - current + - previous + type: object + type: array + contentType: + description: 'DataVolumeContentType options: + "kubevirt", "archive"' + enum: + - kubevirt + - archive + type: string + finalCheckpoint: + description: FinalCheckpoint indicates whether + the current DataVolumeCheckpoint is the final + checkpoint. + type: boolean + preallocation: + description: Preallocation controls whether + storage for DataVolumes should be allocated + in advance. + type: boolean + priorityClassName: + description: PriorityClassName for Importer, + Cloner and Uploader pod + type: string + pvc: + description: PVC is the PVC specification + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + source: + description: Source is the src of the data for + the requested DataVolume + properties: + blank: + description: DataVolumeBlankImage provides + the parameters to create a new raw blank + image for the PVC + type: object + gcs: + description: DataVolumeSourceGCS provides + the parameters to create a Data Volume + from an GCS source + properties: + secretRef: + description: SecretRef provides the + secret reference needed to access + the GCS source + type: string + url: + description: URL is the url of the GCS + source + type: string + required: + - url + type: object + http: + description: DataVolumeSourceHTTP can be + either an http or https endpoint, with + an optional basic auth user name and password, + and an optional configmap containing additional + CAs + properties: + certConfigMap: + description: CertConfigMap is a configmap + reference, containing a Certificate + Authority(CA) public key, and a base64 + encoded pem certificate + type: string + extraHeaders: + description: ExtraHeaders is a list + of strings containing extra headers + to include with HTTP transfer requests + items: + type: string + type: array + secretExtraHeaders: + description: SecretExtraHeaders is a + list of Secret references, each containing + an extra HTTP header that may include + sensitive information + items: + type: string + type: array + secretRef: + description: SecretRef A Secret reference, + the secret should contain accessKeyId + (user name) base64 encoded, and secretKey + (password) also base64 encoded + type: string + url: + description: URL is the URL of the http(s) + endpoint + type: string + required: + - url + type: object + imageio: + description: DataVolumeSourceImageIO provides + the parameters to create a Data Volume + from an imageio source + properties: + certConfigMap: + description: CertConfigMap provides + a reference to the CA cert + type: string + diskId: + description: DiskID provides id of a + disk to be imported + type: string + secretRef: + description: SecretRef provides the + secret reference needed to access + the ovirt-engine + type: string + url: + description: URL is the URL of the ovirt-engine + type: string + required: + - diskId + - url + type: object + pvc: + description: DataVolumeSourcePVC provides + the parameters to create a Data Volume + from an existing PVC + properties: + name: + description: The name of the source + PVC + type: string + namespace: + description: The namespace of the source + PVC + type: string + required: + - name + - namespace + type: object + registry: + description: DataVolumeSourceRegistry provides + the parameters to create a Data Volume + from an registry source + properties: + certConfigMap: + description: CertConfigMap provides + a reference to the Registry certs + type: string + imageStream: + description: ImageStream is the name + of image stream for import + type: string + pullMethod: + description: PullMethod can be either + "pod" (default import), or "node" + (node docker cache based import) + type: string + secretRef: + description: SecretRef provides the + secret reference needed to access + the Registry source + type: string + url: + description: 'URL is the url of the + registry source (starting with the + scheme: docker, oci-archive)' + type: string + type: object + s3: + description: DataVolumeSourceS3 provides + the parameters to create a Data Volume + from an S3 source + properties: + certConfigMap: + description: CertConfigMap is a configmap + reference, containing a Certificate + Authority(CA) public key, and a base64 + encoded pem certificate + type: string + secretRef: + description: SecretRef provides the + secret reference needed to access + the S3 source + type: string + url: + description: URL is the url of the S3 + source + type: string + required: + - url + type: object + snapshot: + description: DataVolumeSourceSnapshot provides + the parameters to create a Data Volume + from an existing VolumeSnapshot + properties: + name: + description: The name of the source + VolumeSnapshot + type: string + namespace: + description: The namespace of the source + VolumeSnapshot + type: string + required: + - name + - namespace + type: object + upload: + description: DataVolumeSourceUpload provides + the parameters to create a Data Volume + by uploading the source + type: object + vddk: + description: DataVolumeSourceVDDK provides + the parameters to create a Data Volume + from a Vmware source + properties: + backingFile: + description: BackingFile is the path + to the virtual hard disk to migrate + from vCenter/ESXi + type: string + initImageURL: + description: InitImageURL is an optional + URL to an image containing an extracted + VDDK library, overrides v2v-vmware + config map + type: string + secretRef: + description: SecretRef provides a reference + to a secret containing the username + and password needed to access the + vCenter or ESXi host + type: string + thumbprint: + description: Thumbprint is the certificate + thumbprint of the vCenter or ESXi + host + type: string + url: + description: URL is the URL of the vCenter + or ESXi host with the VM to migrate + type: string + uuid: + description: UUID is the UUID of the + virtual machine that the backing file + is attached to in vCenter/ESXi + type: string + type: object + type: object + sourceRef: + description: SourceRef is an indirect reference + to the source of data for the requested DataVolume + properties: + kind: + description: The kind of the source reference, + currently only "DataSource" is supported + type: string + name: + description: The name of the source reference + type: string + namespace: + description: The namespace of the source + reference, defaults to the DataVolume + namespace + type: string + required: + - kind + - name + type: object + storage: + description: Storage is the requested storage + specification + properties: + accessModes: + description: |- + AccessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. + If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. + This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. + There are two important differences between DataSource and DataSourceRef: + * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. + * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + Resources represents the minimum resources the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: A label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + type: object + status: + description: DataVolumeStatus contains the current + status of the DataVolume + properties: + claimName: + description: ClaimName is the name of the underlying + PVC used by the DataVolume. + type: string + conditions: + items: + description: DataVolumeCondition represents + the state of a data volume condition. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + description: DataVolumeConditionType is + the string representation of known condition + types + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase is the current phase of the + data volume + type: string + progress: + description: DataVolumeProgress is the current + progress of the DataVolume transfer operation. + Value between 0 and 100 inclusive, N/A if + not available + type: string + restartCount: + description: RestartCount is the number of times + the pod populating the DataVolume has restarted + format: int32 + type: integer + type: object + required: + - spec + type: object + required: + - managedDataSource + - schedule + - template + type: object + required: + - spec + type: object + type: array + namespace: + description: Namespace is the k8s namespace where CommonTemplates + should be installed + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - namespace + type: object + templateValidator: + description: TemplateValidator is configuration of the template validator + operand + properties: + placement: + description: Placement describes the node scheduling configuration + properties: + affinity: + description: |- + affinity enables pod affinity/anti-affinity placement expanding the types of constraints + that can be expressed with nodeSelector. + affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector + See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector is the node selector applied to the relevant kind of pods + It specifies a map of key-value pairs: for the pod to be eligible to run on a node, + the node must have each of the indicated key-value pairs as labels + (it can have additional labels as well). + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + type: object + tolerations: + description: |- + tolerations is a list of tolerations applied to the relevant kind of pods + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. + These are additional tolerations other than default ones. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + default: 2 + description: Replicas is the number of replicas of the template + validator pod + format: int32 + minimum: 0 + type: integer + type: object + tlsSecurityProfile: + description: TLSSecurityProfile is a configuration for the TLS. + properties: + custom: + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. An example custom profile + looks like this: + + + ciphers: + + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + + - ECDHE-RSA-CHACHA20-POLY1305 + + + - ECDHE-RSA-AES128-GCM-SHA256 + + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + + minTLSVersion: VersionTLS11 + nullable: true + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + + minTLSVersion: VersionTLS11 + + + NOTE: currently the highest minTLSVersion allowed is VersionTLS12 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: |- + intermediate is a TLS security profile based on: + + + https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + + + and looks like this (yaml): + + + ciphers: + + + - TLS_AES_128_GCM_SHA256 + + + - TLS_AES_256_GCM_SHA384 + + + - TLS_CHACHA20_POLY1305_SHA256 + + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + + - ECDHE-RSA-AES128-GCM-SHA256 + + + - ECDHE-ECDSA-AES256-GCM-SHA384 + + + - ECDHE-RSA-AES256-GCM-SHA384 + + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + + - ECDHE-RSA-CHACHA20-POLY1305 + + + - DHE-RSA-AES128-GCM-SHA256 + + + - DHE-RSA-AES256-GCM-SHA384 + + + minTLSVersion: VersionTLS12 + nullable: true + type: object + modern: + description: |- + modern is a TLS security profile based on: + + + https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + + + and looks like this (yaml): + + + ciphers: + + + - TLS_AES_128_GCM_SHA256 + + + - TLS_AES_256_GCM_SHA384 + + + - TLS_CHACHA20_POLY1305_SHA256 + + + minTLSVersion: VersionTLS13 + nullable: true + type: object + old: + description: |- + old is a TLS security profile based on: + + + https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + + + and looks like this (yaml): + + + ciphers: + + + - TLS_AES_128_GCM_SHA256 + + + - TLS_AES_256_GCM_SHA384 + + + - TLS_CHACHA20_POLY1305_SHA256 + + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + + - ECDHE-RSA-AES128-GCM-SHA256 + + + - ECDHE-ECDSA-AES256-GCM-SHA384 + + + - ECDHE-RSA-AES256-GCM-SHA384 + + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + + - ECDHE-RSA-CHACHA20-POLY1305 + + + - DHE-RSA-AES128-GCM-SHA256 + + + - DHE-RSA-AES256-GCM-SHA384 + + + - DHE-RSA-CHACHA20-POLY1305 + + + - ECDHE-ECDSA-AES128-SHA256 + + + - ECDHE-RSA-AES128-SHA256 + + + - ECDHE-ECDSA-AES128-SHA + + + - ECDHE-RSA-AES128-SHA + + + - ECDHE-ECDSA-AES256-SHA384 + + + - ECDHE-RSA-AES256-SHA384 + + + - ECDHE-ECDSA-AES256-SHA + + + - ECDHE-RSA-AES256-SHA + + + - DHE-RSA-AES128-SHA256 + + + - DHE-RSA-AES256-SHA256 + + + - AES128-GCM-SHA256 + + + - AES256-GCM-SHA384 + + + - AES128-SHA256 + + + - AES256-SHA256 + + + - AES128-SHA + + + - AES256-SHA + + + - DES-CBC3-SHA + + + minTLSVersion: VersionTLS10 + nullable: true + type: object + type: + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides + the ability to specify individual TLS security profile parameters. + Old, Intermediate and Modern are TLS security profiles based on: + + + https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + + + The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers + are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be + reduced. + + + Note that the Modern profile is currently not supported because it is not + yet well adopted by common software libraries. + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + tokenGenerationService: + description: TokenGenerationService configures the service for generating + tokens to access VNC for a VM. + properties: + enabled: + type: boolean + type: object + required: + - commonTemplates + type: object + status: + description: SSPStatus defines the observed state of SSP + properties: + conditions: + description: A list of current conditions of the resource + items: + description: |- + Condition represents the state of the operator's + reconciliation functionality. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + description: ConditionType is the state of the operator's reconciliation + functionality. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the operator. + format: int64 + type: integer + observedVersion: + description: The observed version of the resource + type: string + operatorVersion: + description: The version of the resource as defined by the operator + type: string + paused: + description: Paused is true when the operator notices paused annotation. + type: boolean + phase: + description: Phase is the current phase of the deployment + type: string + targetVersion: + description: The desired version of the resource + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/data/olm-catalog/ssp-operator.clusterserviceversion.yaml b/data/olm-catalog/ssp-operator.clusterserviceversion.yaml index 00cb3305d..e2d3bcb8a 100644 --- a/data/olm-catalog/ssp-operator.clusterserviceversion.yaml +++ b/data/olm-catalog/ssp-operator.clusterserviceversion.yaml @@ -23,6 +23,22 @@ metadata: "replicas": 2 } } + }, + { + "apiVersion": "ssp.kubevirt.io/v1beta3", + "kind": "SSP", + "metadata": { + "name": "ssp-sample", + "namespace": "kubevirt" + }, + "spec": { + "commonTemplates": { + "namespace": "kubevirt" + }, + "templateValidator": { + "replicas": 2 + } + } } ] capabilities: Basic Install @@ -44,6 +60,9 @@ spec: kind: SSP name: ssps.ssp.kubevirt.io version: v1beta2 + - kind: SSP + name: ssps.ssp.kubevirt.io + version: v1beta3 description: Operator that deploys and controls additional KubeVirt resources displayName: ssp-operator icon: @@ -622,12 +641,11 @@ spec: containerPort: 9443 deploymentName: ssp-operator failurePolicy: Fail - generateName: validation.ssp.kubevirt.io + generateName: validation.v1beta2.ssp.kubevirt.io rules: - apiGroups: - ssp.kubevirt.io apiVersions: - - v1beta1 - v1beta2 operations: - CREATE @@ -638,3 +656,23 @@ spec: targetPort: 9443 type: ValidatingAdmissionWebhook webhookPath: /validate-ssp-kubevirt-io-v1beta2-ssp + - admissionReviewVersions: + - v1 + containerPort: 9443 + deploymentName: ssp-operator + failurePolicy: Fail + generateName: validation.v1beta3.ssp.kubevirt.io + rules: + - apiGroups: + - ssp.kubevirt.io + apiVersions: + - v1beta3 + operations: + - CREATE + - UPDATE + resources: + - ssps + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-ssp-kubevirt-io-v1beta3-ssp diff --git a/hack/csv-generator.go b/hack/csv-generator.go index 7bf549ed4..8166e9223 100644 --- a/hack/csv-generator.go +++ b/hack/csv-generator.go @@ -222,7 +222,9 @@ func replaceVariables(flags generatorFlags, csv *csvv1.ClusterServiceVersion) er } if flags.webhookPort > 0 { - csv.Spec.WebhookDefinitions[0].ContainerPort = flags.webhookPort + for i := range csv.Spec.WebhookDefinitions { + csv.Spec.WebhookDefinitions[i].ContainerPort = flags.webhookPort + } } return nil diff --git a/internal/common/scheme.go b/internal/common/scheme.go index dd1fdac76..59f47ed5c 100644 --- a/internal/common/scheme.go +++ b/internal/common/scheme.go @@ -12,7 +12,9 @@ import ( kubevirtv1 "kubevirt.io/api/core/v1" instancetypev1alpha2 "kubevirt.io/api/instancetype/v1alpha2" instancetypev1beta1 "kubevirt.io/api/instancetype/v1beta1" + sspv1beta2 "kubevirt.io/ssp-operator/api/v1beta2" + sspv1beta3 "kubevirt.io/ssp-operator/api/v1beta3" ) var ( @@ -25,6 +27,7 @@ func init() { utilruntime.Must(extv1.AddToScheme(Scheme)) utilruntime.Must(internalmeta.AddToScheme(Scheme)) utilruntime.Must(sspv1beta2.AddToScheme(Scheme)) + utilruntime.Must(sspv1beta3.AddToScheme(Scheme)) utilruntime.Must(osconfv1.Install(Scheme)) utilruntime.Must(instancetypev1alpha2.AddToScheme(Scheme)) utilruntime.Must(instancetypev1beta1.AddToScheme(Scheme)) diff --git a/tests/tests_suite_test.go b/tests/tests_suite_test.go index d528f9b0a..210838dfb 100644 --- a/tests/tests_suite_test.go +++ b/tests/tests_suite_test.go @@ -42,6 +42,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client/config" sspv1beta2 "kubevirt.io/ssp-operator/api/v1beta2" + sspv1beta3 "kubevirt.io/ssp-operator/api/v1beta3" "kubevirt.io/ssp-operator/internal/common" "kubevirt.io/ssp-operator/tests/env" ) @@ -420,6 +421,7 @@ func expectSuccessOrNotFound(err error) { func setupApiClient() { Expect(sspv1beta2.AddToScheme(testScheme)).ToNot(HaveOccurred()) + Expect(sspv1beta3.AddToScheme(testScheme)).ToNot(HaveOccurred()) Expect(promv1.AddToScheme(testScheme)).ToNot(HaveOccurred()) Expect(templatev1.Install(testScheme)).ToNot(HaveOccurred()) Expect(secv1.Install(testScheme)).ToNot(HaveOccurred()) @@ -469,6 +471,13 @@ func getSsp() *sspv1beta2.SSP { return foundSsp } +func getSspV1Beta3() *sspv1beta3.SSP { + key := client.ObjectKey{Name: strategy.GetName(), Namespace: strategy.GetNamespace()} + foundSsp := &sspv1beta3.SSP{} + Expect(apiClient.Get(ctx, key, foundSsp)).ToNot(HaveOccurred()) + return foundSsp +} + func getTemplateValidatorDeployment() *apps.Deployment { key := client.ObjectKey{Name: "virt-template-validator", Namespace: strategy.GetNamespace()} deployment := &apps.Deployment{} diff --git a/tests/webhook_test.go b/tests/webhook_test.go index a9db5be6a..b14cf9533 100644 --- a/tests/webhook_test.go +++ b/tests/webhook_test.go @@ -5,14 +5,16 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "kubevirt.io/controller-lifecycle-operator-sdk/api" "sigs.k8s.io/controller-runtime/pkg/client" - "kubevirt.io/controller-lifecycle-operator-sdk/api" sspv1beta2 "kubevirt.io/ssp-operator/api/v1beta2" + sspv1beta3 "kubevirt.io/ssp-operator/api/v1beta3" ) // Placement API tests variables @@ -68,7 +70,7 @@ var _ = Describe("Validation webhook", func() { }) Context("creation", func() { - It("[test_id:5242] should fail to create a second SSP CR", func() { + It("[test_id:5242] should fail to create a second v1beta2.SSP CR", func() { foundSsp := getSsp() ssp2 := foundSsp.DeepCopy() ssp2.ObjectMeta = v1.ObjectMeta{ @@ -84,15 +86,34 @@ var _ = Describe("Validation webhook", func() { ))) }) + It("[test_id:TODO] should fail to create a second v1beta3.SSP CR", func() { + foundSsp := getSspV1Beta3() + ssp2 := foundSsp.DeepCopy() + ssp2.ObjectMeta = v1.ObjectMeta{ + Name: "test-ssp2", + Namespace: foundSsp.GetNamespace(), + } + + err := apiClient.Create(ctx, ssp2, client.DryRunAll) + Expect(err).To(MatchError(ContainSubstring( + "creation failed, an SSP CR already exists in namespace %v: %v", + foundSsp.Namespace, + foundSsp.Name, + ))) + }) + Context("removed existing SSP CR", func() { var ( - newSsp *sspv1beta2.SSP + newSspV1Beta2 *sspv1beta2.SSP + newSspV1Beta3 *sspv1beta3.SSP ) BeforeEach(func() { strategy.SkipSspUpdateTestsIfNeeded() foundSsp := getSsp() + newSspV1Beta3 = getSspV1Beta3() + Expect(apiClient.Delete(ctx, foundSsp)).ToNot(HaveOccurred()) waitForDeletion(client.ObjectKey{Name: foundSsp.GetName(), Namespace: foundSsp.GetNamespace()}, &sspv1beta2.SSP{}) @@ -101,7 +122,7 @@ var _ = Describe("Validation webhook", func() { Namespace: foundSsp.GetNamespace(), } - newSsp = foundSsp + newSspV1Beta2 = foundSsp }) AfterEach(func() { @@ -110,39 +131,61 @@ var _ = Describe("Validation webhook", func() { Context("Placement API validation", func() { It("[test_id:5988]should succeed with valid template-validator placement fields", func() { - newSsp.Spec.TemplateValidator = &sspv1beta2.TemplateValidator{ + newSspV1Beta2.Spec.TemplateValidator = &sspv1beta2.TemplateValidator{ Placement: &placementAPIValidationValidPlacement, } - Expect(apiClient.Create(ctx, newSsp, client.DryRunAll)).ToNot(HaveOccurred(), + Expect(apiClient.Create(ctx, newSspV1Beta2, client.DryRunAll)).ToNot(HaveOccurred(), + "failed to create SSP CR with valid template-validator placement fields") + }) + + It("[test_id:TODO] [v1beta3] should succeed with valid template-validator placement fields", func() { + newSspV1Beta3.Spec.TemplateValidator = &sspv1beta3.TemplateValidator{ + Placement: &placementAPIValidationValidPlacement, + } + + Expect(apiClient.Create(ctx, newSspV1Beta3, client.DryRunAll)).ToNot(HaveOccurred(), "failed to create SSP CR with valid template-validator placement fields") }) It("[test_id:5987]should fail with invalid template-validator placement fields", func() { - newSsp.Spec.TemplateValidator = &sspv1beta2.TemplateValidator{ + newSspV1Beta2.Spec.TemplateValidator = &sspv1beta2.TemplateValidator{ + Placement: &placementAPIValidationInvalidPlacement, + } + + Expect(apiClient.Create(ctx, newSspV1Beta2, client.DryRunAll)).To(HaveOccurred(), + "created SSP CR with invalid template-validator placement fields") + }) + + It("[test_id:5987] [v1beat3] should fail with invalid template-validator placement fields", func() { + newSspV1Beta3.Spec.TemplateValidator = &sspv1beta3.TemplateValidator{ Placement: &placementAPIValidationInvalidPlacement, } - Expect(apiClient.Create(ctx, newSsp, client.DryRunAll)).To(HaveOccurred(), + Expect(apiClient.Create(ctx, newSspV1Beta3, client.DryRunAll)).To(HaveOccurred(), "created SSP CR with invalid template-validator placement fields") }) }) It("[test_id:TODO] should fail when DataImportCronTemplate does not have a name", func() { - newSsp.Spec.CommonTemplates.DataImportCronTemplates = []sspv1beta2.DataImportCronTemplate{{ + newSspV1Beta2.Spec.CommonTemplates.DataImportCronTemplates = []sspv1beta2.DataImportCronTemplate{{ ObjectMeta: metav1.ObjectMeta{Name: ""}, }} - err := apiClient.Create(ctx, newSsp, client.DryRunAll) + err := apiClient.Create(ctx, newSspV1Beta2, client.DryRunAll) + Expect(err).To(MatchError(ContainSubstring("missing name in DataImportCronTemplate"))) + }) + + It("[test_id:TODO] [v1beta3] should fail when DataImportCronTemplate does not have a name", func() { + newSspV1Beta3.Spec.CommonTemplates.DataImportCronTemplates = []sspv1beta3.DataImportCronTemplate{{ + ObjectMeta: metav1.ObjectMeta{Name: ""}, + }} + err := apiClient.Create(ctx, newSspV1Beta3, client.DryRunAll) Expect(err).To(MatchError(ContainSubstring("missing name in DataImportCronTemplate"))) }) }) }) Context("update", func() { - var ( - foundSsp *sspv1beta2.SSP - ) - BeforeEach(func() { strategy.SkipSspUpdateTestsIfNeeded() }) @@ -154,7 +197,7 @@ var _ = Describe("Validation webhook", func() { Context("Placement API validation", func() { It("[test_id:5990]should succeed with valid template-validator placement fields", func() { Eventually(func() error { - foundSsp = getSsp() + foundSsp := getSsp() foundSsp.Spec.TemplateValidator = &sspv1beta2.TemplateValidator{ Placement: &placementAPIValidationValidPlacement, } @@ -162,9 +205,19 @@ var _ = Describe("Validation webhook", func() { }, 20*time.Second, time.Second).ShouldNot(HaveOccurred(), "failed to update SSP CR with valid template-validator placement fields") }) + It("[test_id:5990] [v1beta3] should succeed with valid template-validator placement fields", func() { + Eventually(func() error { + foundSsp := getSspV1Beta3() + foundSsp.Spec.TemplateValidator = &sspv1beta3.TemplateValidator{ + Placement: &placementAPIValidationValidPlacement, + } + return apiClient.Update(ctx, foundSsp, client.DryRunAll) + }, 20*time.Second, time.Second).ShouldNot(HaveOccurred(), "failed to update SSP CR with valid template-validator placement fields") + }) + It("[test_id:5989]should fail with invalid template-validator placement fields", func() { Eventually(func() v1.StatusReason { - foundSsp = getSsp() + foundSsp := getSsp() foundSsp.Spec.TemplateValidator = &sspv1beta2.TemplateValidator{ Placement: &placementAPIValidationInvalidPlacement, } @@ -172,16 +225,37 @@ var _ = Describe("Validation webhook", func() { return errors.ReasonForError(err) }, 20*time.Second, time.Second).Should(Equal(metav1.StatusReasonInvalid), "SSP CR updated with invalid template-validator placement fields") }) + + It("[test_id:5989] [v1beta3] should fail with invalid template-validator placement fields", func() { + Eventually(func() v1.StatusReason { + foundSsp := getSspV1Beta3() + foundSsp.Spec.TemplateValidator = &sspv1beta3.TemplateValidator{ + Placement: &placementAPIValidationInvalidPlacement, + } + err := apiClient.Update(ctx, foundSsp, client.DryRunAll) + return errors.ReasonForError(err) + }, 20*time.Second, time.Second).Should(Equal(metav1.StatusReasonInvalid), "SSP CR updated with invalid template-validator placement fields") + }) }) It("[test_id:TODO] should fail when DataImportCronTemplate does not have a name", func() { Eventually(func() error { - foundSsp = getSsp() + foundSsp := getSsp() foundSsp.Spec.CommonTemplates.DataImportCronTemplates = []sspv1beta2.DataImportCronTemplate{{ ObjectMeta: metav1.ObjectMeta{Name: ""}, }} return apiClient.Update(ctx, foundSsp, client.DryRunAll) }, 20*time.Second, time.Second).Should(MatchError(ContainSubstring("missing name in DataImportCronTemplate"))) }) + + It("[test_id:TODO] [v1beta3] should fail when DataImportCronTemplate does not have a name", func() { + Eventually(func() error { + foundSsp := getSspV1Beta3() + foundSsp.Spec.CommonTemplates.DataImportCronTemplates = []sspv1beta3.DataImportCronTemplate{{ + ObjectMeta: metav1.ObjectMeta{Name: ""}, + }} + return apiClient.Update(ctx, foundSsp, client.DryRunAll) + }, 20*time.Second, time.Second).Should(MatchError(ContainSubstring("missing name in DataImportCronTemplate"))) + }) }) }) diff --git a/vendor/kubevirt.io/ssp-operator/api/v1beta3/groupversion_info.go b/vendor/kubevirt.io/ssp-operator/api/v1beta3/groupversion_info.go new file mode 100644 index 000000000..131ba91cd --- /dev/null +++ b/vendor/kubevirt.io/ssp-operator/api/v1beta3/groupversion_info.go @@ -0,0 +1,36 @@ +/* + + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1beta3 contains API Schema definitions for the ssp v1beta3 API group +// +kubebuilder:object:generate=true +// +groupName=ssp.kubevirt.io +package v1beta3 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "ssp.kubevirt.io", Version: "v1beta3"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/vendor/kubevirt.io/ssp-operator/api/v1beta3/ssp_types.go b/vendor/kubevirt.io/ssp-operator/api/v1beta3/ssp_types.go new file mode 100644 index 000000000..c2af6b9bb --- /dev/null +++ b/vendor/kubevirt.io/ssp-operator/api/v1beta3/ssp_types.go @@ -0,0 +1,121 @@ +/* + + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta3 + +import ( + ocpv1 "github.com/openshift/api/config/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + cdiv1beta1 "kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1" + lifecycleapi "kubevirt.io/controller-lifecycle-operator-sdk/api" +) + +const ( + OperatorPausedAnnotation = "kubevirt.io/operator.paused" +) + +type TemplateValidator struct { + // Replicas is the number of replicas of the template validator pod + //+kubebuilder:validation:Minimum=0 + //+kubebuilder:default=2 + Replicas *int32 `json:"replicas,omitempty"` + + // Placement describes the node scheduling configuration + Placement *lifecycleapi.NodePlacement `json:"placement,omitempty"` +} + +type CommonTemplates struct { + // Namespace is the k8s namespace where CommonTemplates should be installed + //+kubebuilder:validation:MaxLength=63 + //+kubebuilder:validation:Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + Namespace string `json:"namespace"` + + // DataImportCronTemplates defines a list of DataImportCrons managed by the SSP Operator. + DataImportCronTemplates []DataImportCronTemplate `json:"dataImportCronTemplates,omitempty"` +} + +// SSPSpec defines the desired state of SSP +type SSPSpec struct { + // TemplateValidator is configuration of the template validator operand + TemplateValidator *TemplateValidator `json:"templateValidator,omitempty"` + + // CommonTemplates is the configuration of the common templates operand + CommonTemplates CommonTemplates `json:"commonTemplates"` + + // TLSSecurityProfile is a configuration for the TLS. + TLSSecurityProfile *ocpv1.TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` + + // TokenGenerationService configures the service for generating tokens to access VNC for a VM. + TokenGenerationService *TokenGenerationService `json:"tokenGenerationService,omitempty"` +} + +// DataImportCronTemplate defines the template type for DataImportCrons. +// It requires metadata.name to be specified while leaving namespace as optional. +type DataImportCronTemplate struct { + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec cdiv1beta1.DataImportCronSpec `json:"spec"` +} + +// AsDataImportCron converts the DataImportCronTemplate to a cdiv1beta1.DataImportCron +func (t *DataImportCronTemplate) AsDataImportCron() cdiv1beta1.DataImportCron { + return cdiv1beta1.DataImportCron{ + ObjectMeta: t.ObjectMeta, + Spec: t.Spec, + } +} + +// TokenGenerationService configures the service for generating tokens to access VNC for a VM. +type TokenGenerationService struct { + Enabled bool `json:"enabled,omitempty"` +} + +// SSPStatus defines the observed state of SSP +type SSPStatus struct { + lifecycleapi.Status `json:",inline"` + + // Paused is true when the operator notices paused annotation. + Paused bool `json:"paused,omitempty"` + + // ObservedGeneration is the latest generation observed by the operator. + ObservedGeneration int64 `json:"observedGeneration,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=".status.phase" + +// SSP is the Schema for the ssps API +type SSP struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec SSPSpec `json:"spec,omitempty"` + Status SSPStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// SSPList contains a list of SSP +type SSPList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []SSP `json:"items"` +} + +func init() { + SchemeBuilder.Register(&SSP{}, &SSPList{}) +} diff --git a/vendor/kubevirt.io/ssp-operator/api/v1beta3/zz_generated.deepcopy.go b/vendor/kubevirt.io/ssp-operator/api/v1beta3/zz_generated.deepcopy.go new file mode 100644 index 000000000..b572d7c1f --- /dev/null +++ b/vendor/kubevirt.io/ssp-operator/api/v1beta3/zz_generated.deepcopy.go @@ -0,0 +1,210 @@ +//go:build !ignore_autogenerated + +/* + + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta3 + +import ( + "github.com/openshift/api/config/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CommonTemplates) DeepCopyInto(out *CommonTemplates) { + *out = *in + if in.DataImportCronTemplates != nil { + in, out := &in.DataImportCronTemplates, &out.DataImportCronTemplates + *out = make([]DataImportCronTemplate, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonTemplates. +func (in *CommonTemplates) DeepCopy() *CommonTemplates { + if in == nil { + return nil + } + out := new(CommonTemplates) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DataImportCronTemplate) DeepCopyInto(out *DataImportCronTemplate) { + *out = *in + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataImportCronTemplate. +func (in *DataImportCronTemplate) DeepCopy() *DataImportCronTemplate { + if in == nil { + return nil + } + out := new(DataImportCronTemplate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SSP) DeepCopyInto(out *SSP) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSP. +func (in *SSP) DeepCopy() *SSP { + if in == nil { + return nil + } + out := new(SSP) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SSP) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SSPList) DeepCopyInto(out *SSPList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]SSP, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSPList. +func (in *SSPList) DeepCopy() *SSPList { + if in == nil { + return nil + } + out := new(SSPList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SSPList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SSPSpec) DeepCopyInto(out *SSPSpec) { + *out = *in + if in.TemplateValidator != nil { + in, out := &in.TemplateValidator, &out.TemplateValidator + *out = new(TemplateValidator) + (*in).DeepCopyInto(*out) + } + in.CommonTemplates.DeepCopyInto(&out.CommonTemplates) + if in.TLSSecurityProfile != nil { + in, out := &in.TLSSecurityProfile, &out.TLSSecurityProfile + *out = new(v1.TLSSecurityProfile) + (*in).DeepCopyInto(*out) + } + if in.TokenGenerationService != nil { + in, out := &in.TokenGenerationService, &out.TokenGenerationService + *out = new(TokenGenerationService) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSPSpec. +func (in *SSPSpec) DeepCopy() *SSPSpec { + if in == nil { + return nil + } + out := new(SSPSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SSPStatus) DeepCopyInto(out *SSPStatus) { + *out = *in + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSPStatus. +func (in *SSPStatus) DeepCopy() *SSPStatus { + if in == nil { + return nil + } + out := new(SSPStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateValidator) DeepCopyInto(out *TemplateValidator) { + *out = *in + if in.Replicas != nil { + in, out := &in.Replicas, &out.Replicas + *out = new(int32) + **out = **in + } + if in.Placement != nil { + in, out := &in.Placement, &out.Placement + *out = (*in).DeepCopy() + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateValidator. +func (in *TemplateValidator) DeepCopy() *TemplateValidator { + if in == nil { + return nil + } + out := new(TemplateValidator) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenGenerationService) DeepCopyInto(out *TokenGenerationService) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenGenerationService. +func (in *TokenGenerationService) DeepCopy() *TokenGenerationService { + if in == nil { + return nil + } + out := new(TokenGenerationService) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 957be9162..5c610f8cf 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -886,6 +886,7 @@ kubevirt.io/qe-tools/pkg/polarion-xml # kubevirt.io/ssp-operator/api v0.0.0 => ./api ## explicit; go 1.22.4 kubevirt.io/ssp-operator/api/v1beta2 +kubevirt.io/ssp-operator/api/v1beta3 # sigs.k8s.io/controller-runtime v0.18.5 ## explicit; go 1.22.0 sigs.k8s.io/controller-runtime diff --git a/webhooks/convert/convert.go b/webhooks/convert/convert.go new file mode 100644 index 000000000..393e7ea77 --- /dev/null +++ b/webhooks/convert/convert.go @@ -0,0 +1,70 @@ +package convert + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + sspv1beta2 "kubevirt.io/ssp-operator/api/v1beta2" + sspv1beta3 "kubevirt.io/ssp-operator/api/v1beta3" +) + +func ConvertSSP(src *sspv1beta3.SSP) *sspv1beta2.SSP { + return &sspv1beta2.SSP{ + TypeMeta: metav1.TypeMeta{ + Kind: src.Kind, + APIVersion: sspv1beta2.GroupVersion.String(), + }, + ObjectMeta: src.ObjectMeta, + Spec: sspv1beta2.SSPSpec{ + TemplateValidator: convertTemplateValidator(src.Spec.TemplateValidator), + CommonTemplates: sspv1beta2.CommonTemplates{ + Namespace: src.Spec.CommonTemplates.Namespace, + DataImportCronTemplates: convertDataImportCronTemplates(src.Spec.CommonTemplates.DataImportCronTemplates), + }, + TLSSecurityProfile: src.Spec.TLSSecurityProfile, + TokenGenerationService: convertTokenGenerationService(src.Spec.TokenGenerationService), + }, + Status: sspv1beta2.SSPStatus{ + Status: src.Status.Status, + Paused: src.Status.Paused, + ObservedGeneration: src.Status.ObservedGeneration, + }, + } +} + +func convertTemplateValidator(src *sspv1beta3.TemplateValidator) *sspv1beta2.TemplateValidator { + if src == nil { + return nil + } + + return &sspv1beta2.TemplateValidator{ + Replicas: src.Replicas, + Placement: src.Placement, + } +} + +func convertDataImportCronTemplates(src []sspv1beta3.DataImportCronTemplate) []sspv1beta2.DataImportCronTemplate { + if len(src) == 0 { + return nil + } + + result := make([]sspv1beta2.DataImportCronTemplate, 0, len(src)) + for i := range src { + oldTemplate := &src[i] + result = append(result, sspv1beta2.DataImportCronTemplate{ + ObjectMeta: oldTemplate.ObjectMeta, + Spec: oldTemplate.Spec, + }) + } + + return result +} + +func convertTokenGenerationService(src *sspv1beta3.TokenGenerationService) *sspv1beta2.TokenGenerationService { + if src == nil { + return nil + } + + return &sspv1beta2.TokenGenerationService{ + Enabled: src.Enabled, + } +} diff --git a/webhooks/ssp_webhook.go b/webhooks/ssp_webhook.go index fbeecb3fa..46ff71463 100644 --- a/webhooks/ssp_webhook.go +++ b/webhooks/ssp_webhook.go @@ -26,23 +26,39 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/utils/ptr" "kubevirt.io/controller-lifecycle-operator-sdk/api" + "kubevirt.io/ssp-operator/webhooks/convert" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" sspv1beta2 "kubevirt.io/ssp-operator/api/v1beta2" + sspv1beta3 "kubevirt.io/ssp-operator/api/v1beta3" ) -// +kubebuilder:webhook:verbs=create;update,path=/validate-ssp-kubevirt-io-v1beta2-ssp,mutating=false,failurePolicy=fail,groups=ssp.kubevirt.io,resources=ssps,versions=v1beta2,name=validation.ssp.kubevirt.io,admissionReviewVersions=v1,sideEffects=None +// +kubebuilder:webhook:verbs=create;update,path=/validate-ssp-kubevirt-io-v1beta2-ssp,mutating=false,failurePolicy=fail,groups=ssp.kubevirt.io,resources=ssps,versions=v1beta2,name=validation.v1beta2.ssp.kubevirt.io,admissionReviewVersions=v1,sideEffects=None +// +kubebuilder:webhook:verbs=create;update,path=/validate-ssp-kubevirt-io-v1beta3-ssp,mutating=false,failurePolicy=fail,groups=ssp.kubevirt.io,resources=ssps,versions=v1beta3,name=validation.v1beta3.ssp.kubevirt.io,admissionReviewVersions=v1,sideEffects=None var ssplog = logf.Log.WithName("ssp-resource") func Setup(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). + err := ctrl.NewWebhookManagedBy(mgr). For(&sspv1beta2.SSP{}). WithValidator(newSspValidator(mgr.GetClient())). Complete() + if err != nil { + return fmt.Errorf("failed to create webhook for v1beta2.SSP") + } + + err = ctrl.NewWebhookManagedBy(mgr). + For(&sspv1beta3.SSP{}). + WithValidator(newSspValidator(mgr.GetClient())). + Complete() + if err != nil { + return fmt.Errorf("failed to create webhook for v1beta3.SSP") + } + + return nil } type sspValidator struct { @@ -52,16 +68,16 @@ type sspValidator struct { var _ admission.CustomValidator = &sspValidator{} func (s *sspValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) { - sspObj, ok := obj.(*sspv1beta2.SSP) - if !ok { - return nil, fmt.Errorf("expected v1beta2.SSP object, got %T", obj) + sspObj, err := getSsp(obj) + if err != nil { + return nil, err } var ssps sspv1beta2.SSPList // Check if no other SSP resources are present in the cluster ssplog.Info("validate create", "name", sspObj.Name) - err := s.apiClient.List(ctx, &ssps, &client.ListOptions{}) + err = s.apiClient.List(ctx, &ssps, &client.ListOptions{}) if err != nil { return nil, fmt.Errorf("could not list SSPs for validation, please try again: %v", err) } @@ -73,9 +89,9 @@ func (s *sspValidator) ValidateCreate(ctx context.Context, obj runtime.Object) ( } func (s *sspValidator) ValidateUpdate(ctx context.Context, _, newObj runtime.Object) (admission.Warnings, error) { - newSsp, ok := newObj.(*sspv1beta2.SSP) - if !ok { - return nil, fmt.Errorf("expected v1beta2.SSP object, got %T", newObj) + newSsp, err := getSsp(newObj) + if err != nil { + return nil, err } ssplog.Info("validate update", "name", newSsp.Name) @@ -170,3 +186,14 @@ func validateDataImportCronTemplates(ssp *sspv1beta2.SSP) error { func newSspValidator(clt client.Client) *sspValidator { return &sspValidator{apiClient: clt} } + +func getSsp(obj runtime.Object) (*sspv1beta2.SSP, error) { + switch sspObj := obj.(type) { + case *sspv1beta2.SSP: + return sspObj, nil + case *sspv1beta3.SSP: + return convert.ConvertSSP(sspObj), nil + default: + return nil, fmt.Errorf("unexpected type: %T", obj) + } +} diff --git a/webhooks/ssp_webhook_test.go b/webhooks/ssp_webhook_test.go index 5481b90b0..990a6f762 100644 --- a/webhooks/ssp_webhook_test.go +++ b/webhooks/ssp_webhook_test.go @@ -34,6 +34,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook/admission" sspv1beta2 "kubevirt.io/ssp-operator/api/v1beta2" + sspv1beta3 "kubevirt.io/ssp-operator/api/v1beta3" "kubevirt.io/ssp-operator/internal" "kubevirt.io/ssp-operator/internal/common" ) @@ -77,7 +78,7 @@ var _ = Describe("SSP Validation", func() { Expect(err).ToNot(HaveOccurred()) }) - It("should reject SSP when one is already present", func() { + It("should reject v1beta2.SSP when one is already present", func() { ssp := &sspv1beta2.SSP{ ObjectMeta: metav1.ObjectMeta{ Name: "test-ssp2", @@ -89,144 +90,300 @@ var _ = Describe("SSP Validation", func() { _, err := validator.ValidateCreate(ctx, ssp) Expect(err).To(MatchError(ContainSubstring("creation failed, an SSP CR already exists in namespace test-ns: test-ssp"))) }) - }) - - Context("DataImportCronTemplates", func() { - var ( - oldSSP *sspv1beta2.SSP - newSSP *sspv1beta2.SSP - ) - BeforeEach(func() { - oldSSP = &sspv1beta2.SSP{ + It("should reject v1beta3.SSP when v1beta2.SSP is already present", func() { + ssp := &sspv1beta3.SSP{ ObjectMeta: metav1.ObjectMeta{ - Name: "test-ssp", - Namespace: "test-ns", + Name: "test-ssp2", + Namespace: "test-ns2", }, - Spec: sspv1beta2.SSPSpec{ - CommonTemplates: sspv1beta2.CommonTemplates{ - Namespace: "test-templates-ns", - DataImportCronTemplates: []sspv1beta2.DataImportCronTemplate{ - { - ObjectMeta: metav1.ObjectMeta{ - Namespace: internal.GoldenImagesNamespace, + Spec: sspv1beta3.SSPSpec{}, + } + + _, err := validator.ValidateCreate(ctx, ssp) + Expect(err).To(MatchError(ContainSubstring("creation failed, an SSP CR already exists in namespace test-ns: test-ssp"))) + }) + }) + + Context("v1beta2", func() { + Context("DataImportCronTemplates", func() { + var ( + oldSSP *sspv1beta2.SSP + newSSP *sspv1beta2.SSP + ) + + BeforeEach(func() { + oldSSP = &sspv1beta2.SSP{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-ssp", + Namespace: "test-ns", + }, + Spec: sspv1beta2.SSPSpec{ + CommonTemplates: sspv1beta2.CommonTemplates{ + Namespace: "test-templates-ns", + DataImportCronTemplates: []sspv1beta2.DataImportCronTemplate{ + { + ObjectMeta: metav1.ObjectMeta{ + Namespace: internal.GoldenImagesNamespace, + }, }, }, }, }, - }, - } + } - newSSP = oldSSP.DeepCopy() - }) + newSSP = oldSSP.DeepCopy() + }) - It("should validate dataImportCronTemplates on create", func() { - _, err := validator.ValidateCreate(ctx, newSSP) - Expect(err).To(MatchError(ContainSubstring("missing name in DataImportCronTemplate"))) + It("should validate dataImportCronTemplates on create", func() { + _, err := validator.ValidateCreate(ctx, newSSP) + Expect(err).To(MatchError(ContainSubstring("missing name in DataImportCronTemplate"))) - newSSP.Spec.CommonTemplates.DataImportCronTemplates[0].Name = "test-name" + newSSP.Spec.CommonTemplates.DataImportCronTemplates[0].Name = "test-name" - _, err = validator.ValidateCreate(ctx, newSSP) - Expect(err).ToNot(HaveOccurred()) - }) + _, err = validator.ValidateCreate(ctx, newSSP) + Expect(err).ToNot(HaveOccurred()) + }) - It("should validate dataImportCronTemplates on update", func() { - _, err := validator.ValidateUpdate(ctx, oldSSP, newSSP) - Expect(err).To(MatchError(ContainSubstring("missing name in DataImportCronTemplate"))) + It("should validate dataImportCronTemplates on update", func() { + _, err := validator.ValidateUpdate(ctx, oldSSP, newSSP) + Expect(err).To(MatchError(ContainSubstring("missing name in DataImportCronTemplate"))) - newSSP.Spec.CommonTemplates.DataImportCronTemplates[0].Name = "test-name" + newSSP.Spec.CommonTemplates.DataImportCronTemplates[0].Name = "test-name" - _, err = validator.ValidateUpdate(ctx, oldSSP, newSSP) - Expect(err).ToNot(HaveOccurred()) + _, err = validator.ValidateUpdate(ctx, oldSSP, newSSP) + Expect(err).ToNot(HaveOccurred()) + }) }) - }) - Context("validate placement", func() { - It("should not call create API, if placement is nil", func() { - createIntercept = func(_ context.Context, _ client.WithWatch, _ client.Object, _ ...client.CreateOption) error { - Fail("Called create API") - return nil - } + Context("validate placement", func() { + It("should not call create API, if placement is nil", func() { + createIntercept = func(_ context.Context, _ client.WithWatch, _ client.Object, _ ...client.CreateOption) error { + Fail("Called create API") + return nil + } - ssp := &sspv1beta2.SSP{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test-ssp", - Namespace: "test-ns", - }, - Spec: sspv1beta2.SSPSpec{ - TemplateValidator: &sspv1beta2.TemplateValidator{ - Replicas: ptr.To(int32(2)), - Placement: nil, + ssp := &sspv1beta2.SSP{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-ssp", + Namespace: "test-ns", }, - }, - } + Spec: sspv1beta2.SSPSpec{ + TemplateValidator: &sspv1beta2.TemplateValidator{ + Replicas: ptr.To(int32(2)), + Placement: nil, + }, + }, + } - _, err := validator.ValidateCreate(ctx, ssp) - Expect(err).ToNot(HaveOccurred()) + _, err := validator.ValidateCreate(ctx, ssp) + Expect(err).ToNot(HaveOccurred()) + }) + + It("should call create API dry run", func() { + placement := &api.NodePlacement{ + NodeSelector: map[string]string{ + "test-label": "test-value", + }, + Affinity: &v1.Affinity{ + PodAffinity: &v1.PodAffinity{ + RequiredDuringSchedulingIgnoredDuringExecution: []v1.PodAffinityTerm{{ + LabelSelector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "foo": "bar", + }, + }, + }}, + }, + }, + Tolerations: []v1.Toleration{{ + Key: "key", + Value: "value", + }}, + } + + var createWasCalled bool + createIntercept = func(ctx context.Context, cli client.WithWatch, obj client.Object, opts ...client.CreateOption) error { + deployment, ok := obj.(*apps.Deployment) + if !ok { + Fail("Expected created object to be Deployment.") + } + + createOptions := &client.CreateOptions{} + for _, opt := range opts { + opt.ApplyToCreate(createOptions) + } + + if len(createOptions.DryRun) != 1 || createOptions.DryRun[0] != metav1.DryRunAll { + Fail("Create call should be dry run.") + } + + Expect(deployment.Spec.Template.Spec.NodeSelector).To(Equal(placement.NodeSelector)) + Expect(deployment.Spec.Template.Spec.Affinity).To(Equal(placement.Affinity)) + Expect(deployment.Spec.Template.Spec.Tolerations).To(Equal(placement.Tolerations)) + createWasCalled = true + return nil + } + + ssp := &sspv1beta2.SSP{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-ssp", + Namespace: "test-ns", + }, + Spec: sspv1beta2.SSPSpec{ + TemplateValidator: &sspv1beta2.TemplateValidator{ + Replicas: ptr.To(int32(2)), + Placement: placement, + }, + }, + } + + _, err := validator.ValidateCreate(ctx, ssp) + Expect(err).ToNot(HaveOccurred()) + + Expect(createWasCalled).To(BeTrue()) + }) }) + }) - It("should call create API dry run", func() { - placement := &api.NodePlacement{ - NodeSelector: map[string]string{ - "test-label": "test-value", - }, - Affinity: &v1.Affinity{ - PodAffinity: &v1.PodAffinity{ - RequiredDuringSchedulingIgnoredDuringExecution: []v1.PodAffinityTerm{{ - LabelSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{ - "foo": "bar", + Context("v1beta3", func() { + Context("DataImportCronTemplates", func() { + var ( + oldSSP *sspv1beta3.SSP + newSSP *sspv1beta3.SSP + ) + + BeforeEach(func() { + oldSSP = &sspv1beta3.SSP{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-ssp", + Namespace: "test-ns", + }, + Spec: sspv1beta3.SSPSpec{ + CommonTemplates: sspv1beta3.CommonTemplates{ + Namespace: "test-templates-ns", + DataImportCronTemplates: []sspv1beta3.DataImportCronTemplate{ + { + ObjectMeta: metav1.ObjectMeta{ + Namespace: internal.GoldenImagesNamespace, + }, }, }, - }}, + }, }, - }, - Tolerations: []v1.Toleration{{ - Key: "key", - Value: "value", - }}, - } + } + + newSSP = oldSSP.DeepCopy() + }) + + It("should validate dataImportCronTemplates on create", func() { + _, err := validator.ValidateCreate(ctx, newSSP) + Expect(err).To(MatchError(ContainSubstring("missing name in DataImportCronTemplate"))) + + newSSP.Spec.CommonTemplates.DataImportCronTemplates[0].Name = "test-name" + + _, err = validator.ValidateCreate(ctx, newSSP) + Expect(err).ToNot(HaveOccurred()) + }) + + It("should validate dataImportCronTemplates on update", func() { + _, err := validator.ValidateUpdate(ctx, oldSSP, newSSP) + Expect(err).To(MatchError(ContainSubstring("missing name in DataImportCronTemplate"))) + + newSSP.Spec.CommonTemplates.DataImportCronTemplates[0].Name = "test-name" + + _, err = validator.ValidateUpdate(ctx, oldSSP, newSSP) + Expect(err).ToNot(HaveOccurred()) + }) + }) - var createWasCalled bool - createIntercept = func(ctx context.Context, cli client.WithWatch, obj client.Object, opts ...client.CreateOption) error { - deployment, ok := obj.(*apps.Deployment) - if !ok { - Fail("Expected created object to be Deployment.") + Context("validate placement", func() { + It("should not call create API, if placement is nil", func() { + createIntercept = func(_ context.Context, _ client.WithWatch, _ client.Object, _ ...client.CreateOption) error { + Fail("Called create API") + return nil } - createOptions := &client.CreateOptions{} - for _, opt := range opts { - opt.ApplyToCreate(createOptions) + ssp := &sspv1beta3.SSP{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-ssp", + Namespace: "test-ns", + }, + Spec: sspv1beta3.SSPSpec{ + TemplateValidator: &sspv1beta3.TemplateValidator{ + Replicas: ptr.To(int32(2)), + Placement: nil, + }, + }, } - if len(createOptions.DryRun) != 1 || createOptions.DryRun[0] != metav1.DryRunAll { - Fail("Create call should be dry run.") + _, err := validator.ValidateCreate(ctx, ssp) + Expect(err).ToNot(HaveOccurred()) + }) + + It("should call create API dry run", func() { + placement := &api.NodePlacement{ + NodeSelector: map[string]string{ + "test-label": "test-value", + }, + Affinity: &v1.Affinity{ + PodAffinity: &v1.PodAffinity{ + RequiredDuringSchedulingIgnoredDuringExecution: []v1.PodAffinityTerm{{ + LabelSelector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "foo": "bar", + }, + }, + }}, + }, + }, + Tolerations: []v1.Toleration{{ + Key: "key", + Value: "value", + }}, } - Expect(deployment.Spec.Template.Spec.NodeSelector).To(Equal(placement.NodeSelector)) - Expect(deployment.Spec.Template.Spec.Affinity).To(Equal(placement.Affinity)) - Expect(deployment.Spec.Template.Spec.Tolerations).To(Equal(placement.Tolerations)) - createWasCalled = true - return nil - } + var createWasCalled bool + createIntercept = func(ctx context.Context, cli client.WithWatch, obj client.Object, opts ...client.CreateOption) error { + deployment, ok := obj.(*apps.Deployment) + if !ok { + Fail("Expected created object to be Deployment.") + } + + createOptions := &client.CreateOptions{} + for _, opt := range opts { + opt.ApplyToCreate(createOptions) + } + + if len(createOptions.DryRun) != 1 || createOptions.DryRun[0] != metav1.DryRunAll { + Fail("Create call should be dry run.") + } + + Expect(deployment.Spec.Template.Spec.NodeSelector).To(Equal(placement.NodeSelector)) + Expect(deployment.Spec.Template.Spec.Affinity).To(Equal(placement.Affinity)) + Expect(deployment.Spec.Template.Spec.Tolerations).To(Equal(placement.Tolerations)) + createWasCalled = true + return nil + } - ssp := &sspv1beta2.SSP{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test-ssp", - Namespace: "test-ns", - }, - Spec: sspv1beta2.SSPSpec{ - TemplateValidator: &sspv1beta2.TemplateValidator{ - Replicas: ptr.To(int32(2)), - Placement: placement, + ssp := &sspv1beta3.SSP{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-ssp", + Namespace: "test-ns", }, - }, - } + Spec: sspv1beta3.SSPSpec{ + TemplateValidator: &sspv1beta3.TemplateValidator{ + Replicas: ptr.To(int32(2)), + Placement: placement, + }, + }, + } - _, err := validator.ValidateCreate(ctx, ssp) - Expect(err).ToNot(HaveOccurred()) + _, err := validator.ValidateCreate(ctx, ssp) + Expect(err).ToNot(HaveOccurred()) - Expect(createWasCalled).To(BeTrue()) + Expect(createWasCalled).To(BeTrue()) + }) }) }) }) From e7a994942fdacc9e2eda844e3abf580021b0fa78 Mon Sep 17 00:00:00 2001 From: Andrej Krejcir Date: Wed, 13 Nov 2024 11:22:48 +0100 Subject: [PATCH 4/4] docs: Update configuration.md with new API version Updated docs/configuration.md to use new API version, and removed section about feature gates. Signed-off-by: Andrej Krejcir --- docs/configuration.md | 48 ++++++++++++++++--------------------------- 1 file changed, 18 insertions(+), 30 deletions(-) diff --git a/docs/configuration.md b/docs/configuration.md index b6e6a35f7..e48d15184 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -1,7 +1,7 @@ # Configuration Operator configuration can be modified by editing the SSP Custom Resource (CR). -See [SSP Specification](https://github.com/kubevirt/ssp-operator/blob/main/api/v1beta2/ssp_types.go#L74) +See [SSP Specification](https://github.com/kubevirt/ssp-operator/blob/main/api/v1beta3/ssp_types.go#L51) that defines the desired state of SSP. ## Table Of Contents @@ -10,13 +10,13 @@ that defines the desired state of SSP. - [Annotations](#annotations) - [Common Templates](#common-templates) - [Template Validator](#template-validator) -- [Feature Gates](#feature-gates) +- [VNC Token Generation Service](#vnc-token-generation-service) ## SSP Custom Resource (CR) To activate the operator, create the SSP Custom Resource (CR): -``` -apiVersion: ssp.kubevirt.io/v1beta2 +```yaml +apiVersion: ssp.kubevirt.io/v1beta3 kind: SSP metadata: name: ssp-sample @@ -26,8 +26,6 @@ spec: namespace: kubevirt templateValidator: replicas: 2 - featureGates: - deployVmConsoleProxy: true ``` ## Annotations @@ -36,8 +34,8 @@ spec: This annotation will pause operator reconciliation. -``` -apiVersion: ssp.kubevirt.io/v1beta2 +```yaml +apiVersion: ssp.kubevirt.io/v1beta3 kind: SSP metadata: annotations: @@ -55,8 +53,8 @@ the operator will still cleanup all the dependent resources. A set of common templates to create KubeVirt Virtual Machines (VMs). -``` -apiVersion: ssp.kubevirt.io/v1beta2 +```yaml +apiVersion: ssp.kubevirt.io/v1beta3 kind: SSP metadata: name: ssp-sample @@ -70,8 +68,8 @@ spec: Template Validator is designed to inspect virtual machines (VMs) and detect any violations of the rules defined in VM's annotations. -``` -apiVersion: ssp.kubevirt.io/v1beta2 +```yaml +apiVersion: ssp.kubevirt.io/v1beta3 kind: SSP metadata: name: ssp-sample @@ -81,29 +79,19 @@ spec: replicas: 2 # Customize the number of replicas for the validator deployment ``` -## Feature Gates - -The `featureGates` field is an optional set of optional boolean feature enabler. -The features in the list are experimental features that are not enabled by default. +## VNC Token Generation Service -To enable a feature, add its name to the `featureGates` list and set it to true. -Missing or false feature gates disables the feature. +The [VM Console Proxy](https://github.com/kubevirt/vm-console-proxy) +can be deployed by SSP operator when it is enabled in the `.spec`. +It is a service that exposes an API for generating VNC access tokens for VMs. -### `deployVmConsoleProxy` - -Set the `deployVmConsoleProxy` feature gate to true to allow the operator -to deploy VM console proxy resources. - -Resources will be deployed that provide access to the VNC console of a KubeVirt VM, -enabling users to access VMs without requiring access to the cluster's API. - -``` -apiVersion: ssp.kubevirt.io/v1beta2 +```yaml +apiVersion: ssp.kubevirt.io/v1beta3 kind: SSP metadata: name: ssp-sample namespace: kubevirt spec: - featureGates: - deployVmConsoleProxy: true + tokenGenerationService: + enabled: true ```