5349 lines
320 KiB
YAML
5349 lines
320 KiB
YAML
---
|
||
apiVersion: apiextensions.k8s.io/v1
|
||
kind: CustomResourceDefinition
|
||
metadata:
|
||
annotations:
|
||
controller-gen.kubebuilder.io/version: v0.9.2
|
||
creationTimestamp: null
|
||
name: controlcenters.platform.confluent.io
|
||
spec:
|
||
group: platform.confluent.io
|
||
names:
|
||
categories:
|
||
- all
|
||
- confluent-platform
|
||
- confluent
|
||
kind: ControlCenter
|
||
listKind: ControlCenterList
|
||
plural: controlcenters
|
||
shortNames:
|
||
- controlcenter
|
||
- c3
|
||
singular: controlcenter
|
||
scope: Namespaced
|
||
versions:
|
||
- additionalPrinterColumns:
|
||
- jsonPath: .status.replicas
|
||
name: Replicas
|
||
type: string
|
||
- jsonPath: .status.readyReplicas
|
||
name: Ready
|
||
type: string
|
||
- jsonPath: .status.phase
|
||
name: Status
|
||
type: string
|
||
- jsonPath: .metadata.creationTimestamp
|
||
name: Age
|
||
type: date
|
||
- jsonPath: .status.kafka.bootstrapEndpoint
|
||
name: Kafka
|
||
priority: 1
|
||
type: string
|
||
name: v1beta1
|
||
schema:
|
||
openAPIV3Schema:
|
||
description: ControlCenter is the schema for the Control Center API.
|
||
properties:
|
||
apiVersion:
|
||
description: 'APIVersion defines the versioned schema of this representation
|
||
of an object. Servers should convert recognized schemas to the latest
|
||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||
type: string
|
||
kind:
|
||
description: 'Kind is a string value representing the REST resource this
|
||
object represents. Servers may infer this from the endpoint the client
|
||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||
type: string
|
||
metadata:
|
||
type: object
|
||
spec:
|
||
description: spec defines the desired state of the Control Center cluster.
|
||
properties:
|
||
authentication:
|
||
description: authentication specifies the authentication configurations.
|
||
properties:
|
||
basic:
|
||
description: basic specifies the configuration for basic authentication.
|
||
properties:
|
||
debug:
|
||
description: debug enables the basic authentication debug
|
||
logs for JaaS configuration.
|
||
type: boolean
|
||
directoryPathInContainer:
|
||
description: 'directoryPathInContainer allows to pass the
|
||
basic credential through a directory path in the container.
|
||
More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
|
||
minLength: 1
|
||
type: string
|
||
restrictedRoles:
|
||
description: restrictedRoles specify the restricted roles
|
||
on the server side only. Changes will be only reflected
|
||
in Control Center. This configuration is ignored on the
|
||
client side configuration.
|
||
items:
|
||
type: string
|
||
minItems: 1
|
||
type: array
|
||
roles:
|
||
description: roles specify the roles on the server side only.
|
||
This configuration is ignored on the client side configuration.
|
||
items:
|
||
type: string
|
||
type: array
|
||
secretRef:
|
||
description: 'secretRef defines secret reference to pass the
|
||
required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
type: object
|
||
ldap:
|
||
description: ldap specifies the configuration for Control Center
|
||
LDAP authentication.
|
||
properties:
|
||
debug:
|
||
description: debug enables basic authentication debug logs
|
||
for JaaS configuration.
|
||
type: boolean
|
||
property:
|
||
additionalProperties:
|
||
type: string
|
||
description: property is a map of string key and value pairs
|
||
that specifies the LDAP configuration. Use a secret object
|
||
to pass username/password.
|
||
type: object
|
||
x-kubernetes-map-type: granular
|
||
restrictedRoles:
|
||
description: restrictedRoles specify the restricted access
|
||
roles.
|
||
items:
|
||
type: string
|
||
minItems: 1
|
||
type: array
|
||
roles:
|
||
description: roles specify the roles on the server side only.
|
||
items:
|
||
type: string
|
||
minItems: 1
|
||
type: array
|
||
secretRef:
|
||
description: 'secretRef references the secret to pass required
|
||
credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#ldap-authentication-for-c3'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
type: object
|
||
type:
|
||
description: type specifies the authentication type of the Control
|
||
Center. Valid options are `basic`, `ldap`, and `mtls`.
|
||
enum:
|
||
- basic
|
||
- ldap
|
||
- mtls
|
||
type: string
|
||
required:
|
||
- type
|
||
type: object
|
||
authorization:
|
||
description: authorization specifies the authorization configurations.
|
||
properties:
|
||
kafkaRestClassRef:
|
||
description: kafkaRestClassRef references the KafkaRestClass which
|
||
specifies the Kafka REST API connection configuration.
|
||
properties:
|
||
name:
|
||
description: name specifies the name of the KafkaRestClass
|
||
application resource.
|
||
minLength: 1
|
||
type: string
|
||
namespace:
|
||
description: namespace specifies the namespace of the KafkaRestClass.
|
||
type: string
|
||
required:
|
||
- name
|
||
type: object
|
||
type:
|
||
description: type specifies the client-side authorization type.
|
||
The valid option is `rbac`.
|
||
enum:
|
||
- rbac
|
||
type: string
|
||
required:
|
||
- type
|
||
type: object
|
||
configOverrides:
|
||
description: configOverrides specifies the configs to override the
|
||
server, JVM, Log4j properties for the Control Center.
|
||
properties:
|
||
jvm:
|
||
description: jvm is a list of JVM configuration supported by the
|
||
Confluent Platform component. This will either add or update
|
||
the existing configuration.
|
||
items:
|
||
type: string
|
||
type: array
|
||
log4j:
|
||
description: log4j is a list of Log4J configuration supported
|
||
by the Confluent Platform component. This will either add or
|
||
update the existing configuration.
|
||
items:
|
||
type: string
|
||
type: array
|
||
server:
|
||
description: server is a list of server configuration supported
|
||
by the Confluent Platform component. This will either add or
|
||
update existing configuration.
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
dataVolumeCapacity:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
description: dataVolumeCapacity specifies the data size for the persistent
|
||
volume.
|
||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||
x-kubernetes-int-or-string: true
|
||
dependencies:
|
||
description: dependencies specify the dependencies configurations.
|
||
properties:
|
||
connect:
|
||
description: connect defines the Connect worker dependency configurations.
|
||
items:
|
||
description: ControlCenterConnectDependency defines the Connect
|
||
dependency settings.
|
||
properties:
|
||
authentication:
|
||
description: authentication specifies the authentication
|
||
configuration for the Connect cluster.
|
||
properties:
|
||
basic:
|
||
description: basic specifies the configuration for basic
|
||
authentication.
|
||
properties:
|
||
debug:
|
||
description: debug enables the basic authentication
|
||
debug logs for JaaS configuration.
|
||
type: boolean
|
||
directoryPathInContainer:
|
||
description: 'directoryPathInContainer allows to
|
||
pass the basic credential through a directory
|
||
path in the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
|
||
minLength: 1
|
||
type: string
|
||
restrictedRoles:
|
||
description: restrictedRoles specify the restricted
|
||
roles on the server side only. Changes will be
|
||
only reflected in Control Center. This configuration
|
||
is ignored on the client side configuration.
|
||
items:
|
||
type: string
|
||
minItems: 1
|
||
type: array
|
||
roles:
|
||
description: roles specify the roles on the server
|
||
side only. This configuration is ignored on the
|
||
client side configuration.
|
||
items:
|
||
type: string
|
||
type: array
|
||
secretRef:
|
||
description: 'secretRef defines secret reference
|
||
to pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
type: object
|
||
type:
|
||
description: type specifies the authentication scheme
|
||
for the REST API client. Valid options are `basic`
|
||
and `mtls`.
|
||
enum:
|
||
- basic
|
||
- mtls
|
||
type: string
|
||
required:
|
||
- type
|
||
type: object
|
||
name:
|
||
description: name specifies the Connect cluster name.
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
tls:
|
||
description: tls specifies the client-side TLS setting for
|
||
the Connect cluster.
|
||
properties:
|
||
directoryPathInContainer:
|
||
description: directoryPathInContainer specifies the
|
||
directory path in the container where `keystore.jks`,
|
||
`truststore.jks`, and `jksPassword.txt` keys are mounted.
|
||
`truststore.jks` is not configured and can be ignored
|
||
when the `ignoreTrustStoreConfig` field is set to
|
||
`true`.
|
||
minLength: 1
|
||
type: string
|
||
enabled:
|
||
description: enabled specifies to enable the TLS configuration
|
||
for the Confluent component.
|
||
type: boolean
|
||
ignoreTrustStoreConfig:
|
||
description: ignoreTrustStoreConfig indicates whether
|
||
to ignore the truststore configuration for the Confluent
|
||
component.
|
||
type: boolean
|
||
jksPassword:
|
||
description: jksPassword references the secret containing
|
||
the JKS password.
|
||
properties:
|
||
secretRef:
|
||
description: 'secretRef references the name of the
|
||
secret containing the JKS password. More info:
|
||
https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- secretRef
|
||
type: object
|
||
secretRef:
|
||
description: 'secretRef references the secret containing
|
||
the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- enabled
|
||
type: object
|
||
url:
|
||
description: url specifies the URL endpoint of the Connect
|
||
cluster.
|
||
minLength: 1
|
||
pattern: ^https?://.*
|
||
type: string
|
||
required:
|
||
- name
|
||
- url
|
||
type: object
|
||
type: array
|
||
kafka:
|
||
description: kafka defines the Kafka dependency configurations.
|
||
properties:
|
||
authentication:
|
||
description: authentication defines the authentication for
|
||
the Kafka cluster.
|
||
properties:
|
||
jaasConfig:
|
||
description: jaasConfig specifies the Kafka client-side
|
||
JaaS configuration.
|
||
properties:
|
||
secretRef:
|
||
description: 'secretRef references the secret containing
|
||
the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- secretRef
|
||
type: object
|
||
jaasConfigPassThrough:
|
||
description: jaasConfigPassThrough specifies another way
|
||
to provide the Kafka client-side JaaS configuration.
|
||
properties:
|
||
directoryPathInContainer:
|
||
description: 'directoryPathInContainer specifies the
|
||
directory path in the container where required credentials
|
||
are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
|
||
minLength: 1
|
||
type: string
|
||
secretRef:
|
||
description: 'secretRef references the secret containing
|
||
the required credentials for authentication. More
|
||
info: https://docs.confluent.io/operator/current/co-authenticate.html'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
type: object
|
||
oauthbearer:
|
||
description: oauthbearer is the authentication mechanism
|
||
to provider principals. Only supported in RBAC deployment.
|
||
properties:
|
||
directoryPathInContainer:
|
||
description: directoryPathInContainer specifies the
|
||
directory path in the container where the credential
|
||
is mounted.
|
||
minLength: 1
|
||
type: string
|
||
secretRef:
|
||
description: 'secretRef specifies the name of the
|
||
secret that contains the credential. More info:
|
||
https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
type: object
|
||
type:
|
||
description: type specifies the Kafka client authentication
|
||
type. Valid options are `plain`, `oauthbearer`, `digest`,
|
||
and `mtls`.
|
||
enum:
|
||
- plain
|
||
- oauthbearer
|
||
- digest
|
||
- mtls
|
||
type: string
|
||
required:
|
||
- type
|
||
type: object
|
||
bootstrapEndpoint:
|
||
description: bootstrapEndpoint specifies the Kafka bootstrap
|
||
endpoint.
|
||
minLength: 1
|
||
pattern: .+:[0-9]+
|
||
type: string
|
||
discovery:
|
||
description: discovery specifies the capability to discover
|
||
the Kafka cluster.
|
||
properties:
|
||
name:
|
||
description: name is the name of the Confluent Platform
|
||
component cluster.
|
||
type: string
|
||
namespace:
|
||
description: namespace is where the Confluent Platform
|
||
component is running. The default value is the namespace
|
||
where CFK is running.
|
||
type: string
|
||
secretRef:
|
||
description: secretRef is the name of the secret used
|
||
to discover the Confluent Platform component.
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- name
|
||
type: object
|
||
tls:
|
||
description: tls defines the client-side TLS setting for the
|
||
Kafka cluster.
|
||
properties:
|
||
directoryPathInContainer:
|
||
description: directoryPathInContainer specifies the directory
|
||
path in the container where `keystore.jks`, `truststore.jks`,
|
||
and `jksPassword.txt` keys are mounted. `truststore.jks`
|
||
is not configured and can be ignored when the `ignoreTrustStoreConfig`
|
||
field is set to `true`.
|
||
minLength: 1
|
||
type: string
|
||
enabled:
|
||
description: enabled specifies to enable the TLS configuration
|
||
for the Confluent component.
|
||
type: boolean
|
||
ignoreTrustStoreConfig:
|
||
description: ignoreTrustStoreConfig indicates whether
|
||
to ignore the truststore configuration for the Confluent
|
||
component.
|
||
type: boolean
|
||
jksPassword:
|
||
description: jksPassword references the secret containing
|
||
the JKS password.
|
||
properties:
|
||
secretRef:
|
||
description: 'secretRef references the name of the
|
||
secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- secretRef
|
||
type: object
|
||
secretRef:
|
||
description: 'secretRef references the secret containing
|
||
the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- enabled
|
||
type: object
|
||
type: object
|
||
ksqldb:
|
||
description: ksqldb defines the ksqlDB dependency configurations.
|
||
items:
|
||
description: ControlCenterKSQLDependency defines the ksqlDB
|
||
dependency settings.
|
||
properties:
|
||
advertisedUrl:
|
||
description: advertisedUrl specifies the advertised URL
|
||
to use in the browser.
|
||
minLength: 1
|
||
pattern: ^https?://.*
|
||
type: string
|
||
authentication:
|
||
description: authentication specifies the authentication
|
||
for the ksqlDB cluster.
|
||
properties:
|
||
basic:
|
||
description: basic specifies the configuration for basic
|
||
authentication.
|
||
properties:
|
||
debug:
|
||
description: debug enables the basic authentication
|
||
debug logs for JaaS configuration.
|
||
type: boolean
|
||
directoryPathInContainer:
|
||
description: 'directoryPathInContainer allows to
|
||
pass the basic credential through a directory
|
||
path in the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
|
||
minLength: 1
|
||
type: string
|
||
restrictedRoles:
|
||
description: restrictedRoles specify the restricted
|
||
roles on the server side only. Changes will be
|
||
only reflected in Control Center. This configuration
|
||
is ignored on the client side configuration.
|
||
items:
|
||
type: string
|
||
minItems: 1
|
||
type: array
|
||
roles:
|
||
description: roles specify the roles on the server
|
||
side only. This configuration is ignored on the
|
||
client side configuration.
|
||
items:
|
||
type: string
|
||
type: array
|
||
secretRef:
|
||
description: 'secretRef defines secret reference
|
||
to pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
type: object
|
||
type:
|
||
description: type specifies the authentication scheme
|
||
for the REST API client. Valid options are `basic`
|
||
and `mtls`.
|
||
enum:
|
||
- basic
|
||
- mtls
|
||
type: string
|
||
required:
|
||
- type
|
||
type: object
|
||
name:
|
||
description: name specifies the ksqlDB cluster name.
|
||
minLength: 1
|
||
type: string
|
||
tls:
|
||
description: tls specifies the client-side TLS setting for
|
||
the ksqlDB cluster.
|
||
properties:
|
||
directoryPathInContainer:
|
||
description: directoryPathInContainer specifies the
|
||
directory path in the container where `keystore.jks`,
|
||
`truststore.jks`, and `jksPassword.txt` keys are mounted.
|
||
`truststore.jks` is not configured and can be ignored
|
||
when the `ignoreTrustStoreConfig` field is set to
|
||
`true`.
|
||
minLength: 1
|
||
type: string
|
||
enabled:
|
||
description: enabled specifies to enable the TLS configuration
|
||
for the Confluent component.
|
||
type: boolean
|
||
ignoreTrustStoreConfig:
|
||
description: ignoreTrustStoreConfig indicates whether
|
||
to ignore the truststore configuration for the Confluent
|
||
component.
|
||
type: boolean
|
||
jksPassword:
|
||
description: jksPassword references the secret containing
|
||
the JKS password.
|
||
properties:
|
||
secretRef:
|
||
description: 'secretRef references the name of the
|
||
secret containing the JKS password. More info:
|
||
https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- secretRef
|
||
type: object
|
||
secretRef:
|
||
description: 'secretRef references the secret containing
|
||
the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- enabled
|
||
type: object
|
||
url:
|
||
description: url specifies the URL endpoint of the ksqlDB
|
||
cluster.
|
||
minLength: 1
|
||
pattern: ^https?://.*
|
||
type: string
|
||
required:
|
||
- name
|
||
- url
|
||
type: object
|
||
type: array
|
||
mds:
|
||
description: mds defines the RBAC dependency configurations.
|
||
properties:
|
||
authentication:
|
||
description: authentication specifies the client side authentication
|
||
configuration for the MDS.
|
||
properties:
|
||
bearer:
|
||
description: bearer specifies the bearer authentication
|
||
settings.
|
||
properties:
|
||
directoryPathInContainer:
|
||
description: directoryPathInContainer specifies the
|
||
directory path in the container where the credential
|
||
is mounted.
|
||
minLength: 1
|
||
type: string
|
||
secretRef:
|
||
description: 'secretRef specifies the name of the
|
||
secret that contains the credential. More info:
|
||
https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
type: object
|
||
type:
|
||
description: type specifies the authentication method
|
||
for the MDS. The valid option is `bearer`.
|
||
enum:
|
||
- bearer
|
||
type: string
|
||
required:
|
||
- bearer
|
||
- type
|
||
type: object
|
||
endpoint:
|
||
description: endpoint specifies the MDS endpoint.
|
||
minLength: 1
|
||
pattern: ^https?://.*
|
||
type: string
|
||
tls:
|
||
description: ClientTLSConfig specifies the TLS configuration
|
||
for the Confluent component (dependencies, listeners).
|
||
properties:
|
||
directoryPathInContainer:
|
||
description: directoryPathInContainer specifies the directory
|
||
path in the container where `keystore.jks`, `truststore.jks`,
|
||
and `jksPassword.txt` keys are mounted. `truststore.jks`
|
||
is not configured and can be ignored when the `ignoreTrustStoreConfig`
|
||
field is set to `true`.
|
||
minLength: 1
|
||
type: string
|
||
enabled:
|
||
description: enabled specifies to enable the TLS configuration
|
||
for the Confluent component.
|
||
type: boolean
|
||
ignoreTrustStoreConfig:
|
||
description: ignoreTrustStoreConfig indicates whether
|
||
to ignore the truststore configuration for the Confluent
|
||
component.
|
||
type: boolean
|
||
jksPassword:
|
||
description: jksPassword references the secret containing
|
||
the JKS password.
|
||
properties:
|
||
secretRef:
|
||
description: 'secretRef references the name of the
|
||
secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- secretRef
|
||
type: object
|
||
secretRef:
|
||
description: 'secretRef references the secret containing
|
||
the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- enabled
|
||
type: object
|
||
tokenKeyPair:
|
||
description: tokenKeyPair specifies the token keypair to configure
|
||
the MDS.
|
||
properties:
|
||
directoryPathInContainer:
|
||
description: directoryPathInContainer defines the directory
|
||
path in the container where the MDS token key pair are
|
||
mounted.
|
||
minLength: 1
|
||
type: string
|
||
secretRef:
|
||
description: secretRef references the name of the secret
|
||
that contains the MDS token key pair.
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
type: object
|
||
required:
|
||
- authentication
|
||
- endpoint
|
||
- tokenKeyPair
|
||
type: object
|
||
schemaRegistry:
|
||
description: schemaRegistry defines the Schema Registry dependency
|
||
configurations.
|
||
properties:
|
||
authentication:
|
||
description: authentication specifies the authentication for
|
||
the Schema Registry cluster.
|
||
properties:
|
||
basic:
|
||
description: basic specifies the configuration for basic
|
||
authentication.
|
||
properties:
|
||
debug:
|
||
description: debug enables the basic authentication
|
||
debug logs for JaaS configuration.
|
||
type: boolean
|
||
directoryPathInContainer:
|
||
description: 'directoryPathInContainer allows to pass
|
||
the basic credential through a directory path in
|
||
the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
|
||
minLength: 1
|
||
type: string
|
||
restrictedRoles:
|
||
description: restrictedRoles specify the restricted
|
||
roles on the server side only. Changes will be only
|
||
reflected in Control Center. This configuration
|
||
is ignored on the client side configuration.
|
||
items:
|
||
type: string
|
||
minItems: 1
|
||
type: array
|
||
roles:
|
||
description: roles specify the roles on the server
|
||
side only. This configuration is ignored on the
|
||
client side configuration.
|
||
items:
|
||
type: string
|
||
type: array
|
||
secretRef:
|
||
description: 'secretRef defines secret reference to
|
||
pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
type: object
|
||
type:
|
||
description: type specifies the authentication scheme
|
||
for the REST API client. Valid options are `basic` and
|
||
`mtls`.
|
||
enum:
|
||
- basic
|
||
- mtls
|
||
type: string
|
||
required:
|
||
- type
|
||
type: object
|
||
clusters:
|
||
items:
|
||
description: ControlCenterMultiSchemaRegistryDependency
|
||
defines the Schema Registry dependency List.
|
||
properties:
|
||
authentication:
|
||
description: authentication specifies the authentication
|
||
for the Schema Registry cluster.
|
||
properties:
|
||
basic:
|
||
description: basic specifies the configuration for
|
||
basic authentication.
|
||
properties:
|
||
debug:
|
||
description: debug enables the basic authentication
|
||
debug logs for JaaS configuration.
|
||
type: boolean
|
||
directoryPathInContainer:
|
||
description: 'directoryPathInContainer allows
|
||
to pass the basic credential through a directory
|
||
path in the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
|
||
minLength: 1
|
||
type: string
|
||
restrictedRoles:
|
||
description: restrictedRoles specify the restricted
|
||
roles on the server side only. Changes will
|
||
be only reflected in Control Center. This
|
||
configuration is ignored on the client side
|
||
configuration.
|
||
items:
|
||
type: string
|
||
minItems: 1
|
||
type: array
|
||
roles:
|
||
description: roles specify the roles on the
|
||
server side only. This configuration is ignored
|
||
on the client side configuration.
|
||
items:
|
||
type: string
|
||
type: array
|
||
secretRef:
|
||
description: 'secretRef defines secret reference
|
||
to pass the required credentials. More info:
|
||
https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
type: object
|
||
type:
|
||
description: type specifies the authentication scheme
|
||
for the REST API client. Valid options are `basic`
|
||
and `mtls`.
|
||
enum:
|
||
- basic
|
||
- mtls
|
||
type: string
|
||
required:
|
||
- type
|
||
type: object
|
||
name:
|
||
description: name defines the Schema Registry cluster
|
||
name.
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
tls:
|
||
description: tls defines the client-side TLS setting
|
||
for the Schema Registry cluster.
|
||
properties:
|
||
directoryPathInContainer:
|
||
description: directoryPathInContainer specifies
|
||
the directory path in the container where `keystore.jks`,
|
||
`truststore.jks`, and `jksPassword.txt` keys are
|
||
mounted. `truststore.jks` is not configured and
|
||
can be ignored when the `ignoreTrustStoreConfig`
|
||
field is set to `true`.
|
||
minLength: 1
|
||
type: string
|
||
enabled:
|
||
description: enabled specifies to enable the TLS
|
||
configuration for the Confluent component.
|
||
type: boolean
|
||
ignoreTrustStoreConfig:
|
||
description: ignoreTrustStoreConfig indicates whether
|
||
to ignore the truststore configuration for the
|
||
Confluent component.
|
||
type: boolean
|
||
jksPassword:
|
||
description: jksPassword references the secret containing
|
||
the JKS password.
|
||
properties:
|
||
secretRef:
|
||
description: 'secretRef references the name
|
||
of the secret containing the JKS password.
|
||
More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- secretRef
|
||
type: object
|
||
secretRef:
|
||
description: 'secretRef references the secret containing
|
||
the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- enabled
|
||
type: object
|
||
url:
|
||
description: url specifies the URL endpoint of the Schema
|
||
Registry cluster.
|
||
minLength: 1
|
||
pattern: ^https?://.*
|
||
type: string
|
||
required:
|
||
- name
|
||
- url
|
||
type: object
|
||
type: array
|
||
tls:
|
||
description: tls defines the client-side TLS setting for the
|
||
Schema Registry cluster.
|
||
properties:
|
||
directoryPathInContainer:
|
||
description: directoryPathInContainer specifies the directory
|
||
path in the container where `keystore.jks`, `truststore.jks`,
|
||
and `jksPassword.txt` keys are mounted. `truststore.jks`
|
||
is not configured and can be ignored when the `ignoreTrustStoreConfig`
|
||
field is set to `true`.
|
||
minLength: 1
|
||
type: string
|
||
enabled:
|
||
description: enabled specifies to enable the TLS configuration
|
||
for the Confluent component.
|
||
type: boolean
|
||
ignoreTrustStoreConfig:
|
||
description: ignoreTrustStoreConfig indicates whether
|
||
to ignore the truststore configuration for the Confluent
|
||
component.
|
||
type: boolean
|
||
jksPassword:
|
||
description: jksPassword references the secret containing
|
||
the JKS password.
|
||
properties:
|
||
secretRef:
|
||
description: 'secretRef references the name of the
|
||
secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- secretRef
|
||
type: object
|
||
secretRef:
|
||
description: 'secretRef references the secret containing
|
||
the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- enabled
|
||
type: object
|
||
url:
|
||
description: url specifies the URL endpoint of the Schema
|
||
Registry cluster.
|
||
minLength: 1
|
||
pattern: ^https?://.*
|
||
type: string
|
||
required:
|
||
- url
|
||
type: object
|
||
type: object
|
||
externalAccess:
|
||
description: externalAccess specifies the external access configuration
|
||
for the Control Center cluster.
|
||
properties:
|
||
loadBalancer:
|
||
description: loadBalancer specifies the configuration to create
|
||
a Kubernetes load balancer service.
|
||
properties:
|
||
advertisedURL:
|
||
description: 'advertisedURL specifies the configuration for
|
||
advertised listener per pod. It is only supported for MDS
|
||
currently. If it is enabled, instead of using internal endpoint,
|
||
the MDS advertised listener for each broker will be set
|
||
to: `<httpSchema>://<advertisedUrl.prefix><podId>.<domain>`
|
||
where podId starts from `0` to `replicaCount -1`. This is
|
||
only recommended if you cannot add internal SANs to the
|
||
TLS certificates for MDS and the external DNS must be resolved
|
||
inside the Kubernetes cluster.'
|
||
properties:
|
||
enabled:
|
||
description: enabled indicates whether to set the MDS
|
||
advertised listener url with external endpoint for each
|
||
broker.
|
||
type: boolean
|
||
prefix:
|
||
description: prefix specifies the broker prefix for MDS
|
||
advertised endpoint if using loadBalancer external access.
|
||
If not configured, it uses `b` as default prefix, such
|
||
as `b#.domain` where `#` will start from `0` to `replicaCount
|
||
-1`.
|
||
minLength: 1
|
||
type: string
|
||
required:
|
||
- enabled
|
||
type: object
|
||
annotations:
|
||
additionalProperties:
|
||
type: string
|
||
description: annotations is a map of string key and value
|
||
pairs. It specifies Kubernetes annotations for this service.
|
||
type: object
|
||
x-kubernetes-map-type: granular
|
||
domain:
|
||
description: domain is the domain name of the component cluster.
|
||
minLength: 1
|
||
type: string
|
||
externalTrafficPolicy:
|
||
description: externalTrafficPolicy specifies the external
|
||
traffic policy for the service. Valid options are `Local`
|
||
and `Cluster`.
|
||
enum:
|
||
- Local
|
||
- Cluster
|
||
type: string
|
||
labels:
|
||
additionalProperties:
|
||
type: string
|
||
description: labels is a map of string key and value pairs.
|
||
It specifies Kubernetes labels for this service.
|
||
type: object
|
||
x-kubernetes-map-type: granular
|
||
loadBalancerSourceRanges:
|
||
description: loadBalancerSourceRanges specify the source ranges.
|
||
items:
|
||
type: string
|
||
type: array
|
||
port:
|
||
description: port specifies the external port for the client
|
||
consumption. If not configured, the same internal/external
|
||
port is configured for the component. Information about
|
||
the port can be retrieved through the status API.
|
||
format: int32
|
||
type: integer
|
||
prefix:
|
||
description: prefix specify the prefix for the given domain.
|
||
The default value is the name of the cluster.
|
||
minLength: 1
|
||
type: string
|
||
servicePorts:
|
||
description: servicePorts specify the user-provided service
|
||
port(s).
|
||
items:
|
||
description: ServicePort contains information on service's
|
||
port.
|
||
properties:
|
||
appProtocol:
|
||
description: The application protocol for this port.
|
||
This field follows standard Kubernetes label syntax.
|
||
Un-prefixed names are reserved for IANA standard service
|
||
names (as per RFC-6335 and http://www.iana.org/assignments/service-names).
|
||
Non-standard protocols should use prefixed names such
|
||
as mycompany.com/my-custom-protocol.
|
||
type: string
|
||
name:
|
||
description: The name of this port within the service.
|
||
This must be a DNS_LABEL. All ports within a ServiceSpec
|
||
must have unique names. When considering the endpoints
|
||
for a Service, this must match the 'name' field in
|
||
the EndpointPort. Optional if only one ServicePort
|
||
is defined on this service.
|
||
type: string
|
||
nodePort:
|
||
description: 'The port on each node on which this service
|
||
is exposed when type is NodePort or LoadBalancer. Usually
|
||
assigned by the system. If a value is specified, in-range,
|
||
and not in use it will be used, otherwise the operation
|
||
will fail. If not specified, a port will be allocated
|
||
if this Service requires one. If this field is specified
|
||
when creating a Service which does not need it, creation
|
||
will fail. This field will be wiped when updating
|
||
a Service to no longer need it (e.g. changing type
|
||
from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
|
||
format: int32
|
||
type: integer
|
||
port:
|
||
description: The port that will be exposed by this service.
|
||
format: int32
|
||
type: integer
|
||
protocol:
|
||
default: TCP
|
||
description: The IP protocol for this port. Supports
|
||
"TCP", "UDP", and "SCTP". Default is TCP.
|
||
type: string
|
||
targetPort:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
description: 'Number or name of the port to access on
|
||
the pods targeted by the service. Number must be in
|
||
the range 1 to 65535. Name must be an IANA_SVC_NAME.
|
||
If this is a string, it will be looked up as a named
|
||
port in the target Pod''s container ports. If this
|
||
is not specified, the value of the ''port'' field
|
||
is used (an identity map). This field is ignored for
|
||
services with clusterIP=None, and should be omitted
|
||
or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
|
||
x-kubernetes-int-or-string: true
|
||
required:
|
||
- port
|
||
type: object
|
||
type: array
|
||
sessionAffinity:
|
||
description: 'sessionAffinity defines the Kubernetes session
|
||
affinity. The valid options are `ClientIP` and `None`. `ClientIP`
|
||
enables the client IP-based session affinity. The default
|
||
value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
|
||
enum:
|
||
- ClientIP
|
||
- None
|
||
type: string
|
||
sessionAffinityConfig:
|
||
description: SessionAffinityConfig contains the configurations
|
||
of the session affinity.
|
||
properties:
|
||
clientIP:
|
||
description: clientIP contains the configurations of Client
|
||
IP based session affinity.
|
||
properties:
|
||
timeoutSeconds:
|
||
description: timeoutSeconds specifies the seconds
|
||
of ClientIP type session sticky time. The value
|
||
must be >0 && <=86400(for 1 day) if ServiceAffinity
|
||
== "ClientIP". Default value is 10800(for 3 hours).
|
||
format: int32
|
||
type: integer
|
||
type: object
|
||
type: object
|
||
required:
|
||
- domain
|
||
type: object
|
||
nodePort:
|
||
description: nodePort specifies the configuration to create a
|
||
Kubernetes node port service.
|
||
properties:
|
||
advertisedURL:
|
||
description: advertisedURL specifies the configuration for
|
||
advertised listener per pod. It is only supported for MDS
|
||
currently. If it is enabled, instead of using internal endpoint,
|
||
the MDS advertised listener for each broker will be set
|
||
to `<httpSchema>://<host>:<nodePortOffset + podId + 1>,
|
||
where`podId` starts from `0` to `replicaCount - 1`. This
|
||
is only recommended if you cannot add internal SANs to the
|
||
TLS certificates for MDS and the external DNS must be resolved
|
||
inside the Kubernetes cluster.
|
||
properties:
|
||
enabled:
|
||
description: enabled indicates whether to set the MDS
|
||
advertised listener url with external endpoint for each
|
||
broker.
|
||
type: boolean
|
||
prefix:
|
||
description: prefix specifies the broker prefix for MDS
|
||
advertised endpoint if using loadBalancer external access.
|
||
If not configured, it uses `b` as default prefix, such
|
||
as `b#.domain` where `#` will start from `0` to `replicaCount
|
||
-1`.
|
||
minLength: 1
|
||
type: string
|
||
required:
|
||
- enabled
|
||
type: object
|
||
annotations:
|
||
additionalProperties:
|
||
type: string
|
||
description: annotations is a map of string key and value
|
||
pairs. It specifies Kubernetes annotations for this service.
|
||
type: object
|
||
x-kubernetes-map-type: granular
|
||
externalTrafficPolicy:
|
||
description: externalTrafficPolicy specifies the external
|
||
traffic policy for the service. Valid options are `Local`
|
||
and `Cluster`.
|
||
enum:
|
||
- Local
|
||
- Cluster
|
||
type: string
|
||
host:
|
||
description: host defines the host name of the cluster.
|
||
minLength: 1
|
||
type: string
|
||
labels:
|
||
additionalProperties:
|
||
type: string
|
||
description: labels is a map of string key and value pairs.
|
||
It specifies Kubernetes labels for this service.
|
||
type: object
|
||
x-kubernetes-map-type: granular
|
||
nodePortOffset:
|
||
description: nodePortOffset specifies the starting offset
|
||
of the node ports. The port numbers go in ascending order
|
||
with respect to the replicas count. NodePort service creation
|
||
fails if the node port is not in the range supported by
|
||
the Kubernetes API server. The default Kubernetes Node Port
|
||
range is `30000` - `32762`.
|
||
format: int32
|
||
minimum: 0
|
||
type: integer
|
||
servicePorts:
|
||
description: servicePorts specify user-provided service port(s).
|
||
For Kafka with the nodePort type, this setting is only applied
|
||
to Kafka bootstrap service.
|
||
items:
|
||
description: ServicePort contains information on service's
|
||
port.
|
||
properties:
|
||
appProtocol:
|
||
description: The application protocol for this port.
|
||
This field follows standard Kubernetes label syntax.
|
||
Un-prefixed names are reserved for IANA standard service
|
||
names (as per RFC-6335 and http://www.iana.org/assignments/service-names).
|
||
Non-standard protocols should use prefixed names such
|
||
as mycompany.com/my-custom-protocol.
|
||
type: string
|
||
name:
|
||
description: The name of this port within the service.
|
||
This must be a DNS_LABEL. All ports within a ServiceSpec
|
||
must have unique names. When considering the endpoints
|
||
for a Service, this must match the 'name' field in
|
||
the EndpointPort. Optional if only one ServicePort
|
||
is defined on this service.
|
||
type: string
|
||
nodePort:
|
||
description: 'The port on each node on which this service
|
||
is exposed when type is NodePort or LoadBalancer. Usually
|
||
assigned by the system. If a value is specified, in-range,
|
||
and not in use it will be used, otherwise the operation
|
||
will fail. If not specified, a port will be allocated
|
||
if this Service requires one. If this field is specified
|
||
when creating a Service which does not need it, creation
|
||
will fail. This field will be wiped when updating
|
||
a Service to no longer need it (e.g. changing type
|
||
from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
|
||
format: int32
|
||
type: integer
|
||
port:
|
||
description: The port that will be exposed by this service.
|
||
format: int32
|
||
type: integer
|
||
protocol:
|
||
default: TCP
|
||
description: The IP protocol for this port. Supports
|
||
"TCP", "UDP", and "SCTP". Default is TCP.
|
||
type: string
|
||
targetPort:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
description: 'Number or name of the port to access on
|
||
the pods targeted by the service. Number must be in
|
||
the range 1 to 65535. Name must be an IANA_SVC_NAME.
|
||
If this is a string, it will be looked up as a named
|
||
port in the target Pod''s container ports. If this
|
||
is not specified, the value of the ''port'' field
|
||
is used (an identity map). This field is ignored for
|
||
services with clusterIP=None, and should be omitted
|
||
or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
|
||
x-kubernetes-int-or-string: true
|
||
required:
|
||
- port
|
||
type: object
|
||
type: array
|
||
sessionAffinity:
|
||
description: 'sessionAffinity defines the Kubernetes session
|
||
affinity. The valid options are `ClientIP` and `None`. `ClientIP`
|
||
enables the client IP-based session affinity. The default
|
||
value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
|
||
enum:
|
||
- ClientIP
|
||
- None
|
||
type: string
|
||
sessionAffinityConfig:
|
||
description: SessionAffinityConfig contains the configurations
|
||
of the session affinity.
|
||
properties:
|
||
clientIP:
|
||
description: clientIP contains the configurations of Client
|
||
IP based session affinity.
|
||
properties:
|
||
timeoutSeconds:
|
||
description: timeoutSeconds specifies the seconds
|
||
of ClientIP type session sticky time. The value
|
||
must be >0 && <=86400(for 1 day) if ServiceAffinity
|
||
== "ClientIP". Default value is 10800(for 3 hours).
|
||
format: int32
|
||
type: integer
|
||
type: object
|
||
type: object
|
||
required:
|
||
- host
|
||
- nodePortOffset
|
||
type: object
|
||
route:
|
||
description: route specifies the configuration to create a route
|
||
service in OpenShift.
|
||
properties:
|
||
annotations:
|
||
additionalProperties:
|
||
type: string
|
||
description: annotations is a map of string key and value
|
||
pairs. It specifies Kubernetes annotations for this service.
|
||
type: object
|
||
x-kubernetes-map-type: granular
|
||
domain:
|
||
description: domain specifies the domain name of the Confluent
|
||
component cluster.
|
||
minLength: 1
|
||
type: string
|
||
labels:
|
||
additionalProperties:
|
||
type: string
|
||
description: labels is a map of string key and value pairs.
|
||
It specifies Kubernetes labels for this service.
|
||
type: object
|
||
x-kubernetes-map-type: granular
|
||
prefix:
|
||
description: prefix specifies the component prefix when configured
|
||
for the domain. The default value is the name of the cluster.
|
||
minLength: 1
|
||
type: string
|
||
wildcardPolicy:
|
||
description: wildcardPolicy allows you to define a route that
|
||
covers all hosts within a domain. Valid options are `Subdomain`
|
||
and `None`. The default value is `None`.
|
||
enum:
|
||
- Subdomain
|
||
- None
|
||
type: string
|
||
required:
|
||
- domain
|
||
type: object
|
||
type:
|
||
description: type specifies the Kubernetes external service for
|
||
the component. Valid options are `loadBalancer`, `nodePort`,
|
||
and `route`.
|
||
enum:
|
||
- loadBalancer
|
||
- nodePort
|
||
- route
|
||
minLength: 1
|
||
type: string
|
||
required:
|
||
- type
|
||
type: object
|
||
headlessService:
|
||
description: headlessService specifies the configuration of the Kubernetes
|
||
headless service.
|
||
properties:
|
||
annotations:
|
||
additionalProperties:
|
||
type: string
|
||
description: annotations is a map of string key and value pairs.
|
||
It specifies the annotations to be added to the CFK-created
|
||
headless service. These annotations are merged with the injectAnnotations
|
||
and take precedence.
|
||
type: object
|
||
x-kubernetes-map-type: granular
|
||
labels:
|
||
additionalProperties:
|
||
type: string
|
||
description: labels is a map of string key and value pairs. It
|
||
specifies the labels to be added to the CFK-created headless
|
||
service. These labels are merged with the injectLabels and take
|
||
precedence.
|
||
type: object
|
||
x-kubernetes-map-type: granular
|
||
publishNotReadyAddresses:
|
||
description: publishNotReadyAddresses specifies the publishNotReadyAddresses
|
||
field. For Kafka, this value must be true. The default value
|
||
is true.
|
||
type: boolean
|
||
type: object
|
||
id:
|
||
description: id specifies the prefix used for this instance of Control
|
||
Center when multiple instances of Control Center co-exist.
|
||
format: int32
|
||
type: integer
|
||
image:
|
||
description: image specifies the application and the init docker image
|
||
configurations. A change to this setting will roll the cluster.
|
||
properties:
|
||
application:
|
||
description: application is the Docker image name of the application.
|
||
Specify `<Docker-registry FQDN>/<docker-repository-name>/<component-image-name>:<tag>`.
|
||
pattern: .+:.+
|
||
type: string
|
||
init:
|
||
description: init is the init-container name. Specify `<Docker-registry
|
||
FQDN>/<docker-repository-name>/<init-container-image-name>:<tag>`.
|
||
pattern: .+:.+
|
||
type: string
|
||
pullPolicy:
|
||
description: pullPolicy is the policy for pulling images. Valid
|
||
options are `Always`, `Never`, and `IfNotPresent`. The default
|
||
value is `IfNotPresent`.
|
||
enum:
|
||
- Always
|
||
- Never
|
||
- IfNotPresent
|
||
type: string
|
||
pullSecretRef:
|
||
description: 'pullSecretRef references the secrets in the same
|
||
namespace to be used for pulling images. Image pull secrets
|
||
are distinct from secrets because secrets can be mounted in
|
||
the pod, but image pull secrets are only accessed by `kubelet`.
|
||
More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod'
|
||
items:
|
||
type: string
|
||
type: array
|
||
required:
|
||
- application
|
||
- init
|
||
type: object
|
||
injectAnnotations:
|
||
additionalProperties:
|
||
type: string
|
||
description: injectAnnotations are the annotations injected to the
|
||
internal resources that CFK created. The internal annotations are
|
||
preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`.
|
||
type: object
|
||
x-kubernetes-map-type: granular
|
||
injectLabels:
|
||
additionalProperties:
|
||
type: string
|
||
description: injectLabels are the labels injected to the internal
|
||
resources that CFK created. The internal labels are preserved and
|
||
cannot be overridden. For pod labels, use `podTemplate.labels`.
|
||
type: object
|
||
x-kubernetes-map-type: granular
|
||
internalTopicReplicatorFactor:
|
||
description: internalTopicReplicationFactor specifies the replication
|
||
factor for internal topics.
|
||
format: int32
|
||
type: integer
|
||
k8sClusterDomain:
|
||
description: k8sClusterDomain specifies the configuration of the Kubernetes
|
||
cluster domain. The default is the `cluster.local` domain.
|
||
type: string
|
||
license:
|
||
description: license specifies the license configuration for the Confluent
|
||
Platform component.
|
||
properties:
|
||
directoryPathInContainer:
|
||
description: 'directoryPathInContainer specifies the directory
|
||
path in the container where the license key is mounted. More
|
||
info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
|
||
minLength: 1
|
||
type: string
|
||
globalLicense:
|
||
description: globalLicense specifies whether the Confluent Platform
|
||
component shares the common global license.
|
||
type: boolean
|
||
secretRef:
|
||
description: 'secretRef references the secret that provides the
|
||
license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
type: object
|
||
mail:
|
||
description: mail specifies the settings that control the SMTP server
|
||
and account used when an alert triggers an email action.
|
||
properties:
|
||
authentication:
|
||
description: authentication specifies the authentication for SMTP.
|
||
SMP only supports basic authentication. For other types of authentication,
|
||
use the config overrides capability.
|
||
properties:
|
||
basic:
|
||
description: basic specifies the configuration for basic authentication.
|
||
properties:
|
||
debug:
|
||
description: debug enables the basic authentication debug
|
||
logs for JaaS configuration.
|
||
type: boolean
|
||
directoryPathInContainer:
|
||
description: 'directoryPathInContainer allows to pass
|
||
the basic credential through a directory path in the
|
||
container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
|
||
minLength: 1
|
||
type: string
|
||
restrictedRoles:
|
||
description: restrictedRoles specify the restricted roles
|
||
on the server side only. Changes will be only reflected
|
||
in Control Center. This configuration is ignored on
|
||
the client side configuration.
|
||
items:
|
||
type: string
|
||
minItems: 1
|
||
type: array
|
||
roles:
|
||
description: roles specify the roles on the server side
|
||
only. This configuration is ignored on the client side
|
||
configuration.
|
||
items:
|
||
type: string
|
||
type: array
|
||
secretRef:
|
||
description: 'secretRef defines secret reference to pass
|
||
the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
type: object
|
||
type:
|
||
description: type specifies the authentication scheme for
|
||
the REST API client. Valid options are `basic` and `mtls`.
|
||
enum:
|
||
- basic
|
||
- mtls
|
||
type: string
|
||
required:
|
||
- type
|
||
type: object
|
||
checkServerIdentity:
|
||
description: checkServerIdentity forces validation of server’s
|
||
certificate when using STARTTLS or SSL.
|
||
type: boolean
|
||
hostname:
|
||
description: hostname is the hostname of the outgoing SMTP server.
|
||
minLength: 1
|
||
type: string
|
||
mailBounceAddress:
|
||
description: mailBounceAddress is the override for the `mailFrom`
|
||
config to send message.
|
||
minLength: 1
|
||
type: string
|
||
mailFrom:
|
||
description: mailFrom is the originating address for emails sent
|
||
from the Control Center.
|
||
minLength: 1
|
||
type: string
|
||
port:
|
||
description: port is the SMTP port open on the hostname.
|
||
format: int32
|
||
type: integer
|
||
startTLSRequired:
|
||
description: startTLSRequired forces using STARTTLS.
|
||
type: boolean
|
||
required:
|
||
- hostname
|
||
type: object
|
||
metrics:
|
||
description: metrics specify the security settings for the metric
|
||
services.
|
||
properties:
|
||
authentication:
|
||
description: authentication specifies the authentication configuration
|
||
for the metrics.
|
||
properties:
|
||
type:
|
||
description: type specifies the metrics authentication method.
|
||
The valid option is `mtls`.
|
||
enum:
|
||
- mtls
|
||
type: string
|
||
required:
|
||
- type
|
||
type: object
|
||
prometheus:
|
||
description: prometheus specifies the configuration overrides
|
||
for the JMX-Prometheus exporter.
|
||
properties:
|
||
blacklist:
|
||
items:
|
||
type: string
|
||
type: array
|
||
rules:
|
||
items:
|
||
description: Rule defines the Prometheus Exporter rule override.
|
||
properties:
|
||
attrNameSnakeCase:
|
||
type: boolean
|
||
cache:
|
||
type: boolean
|
||
help:
|
||
minLength: 1
|
||
type: string
|
||
labels:
|
||
additionalProperties:
|
||
type: string
|
||
type: object
|
||
x-kubernetes-map-type: granular
|
||
name:
|
||
minLength: 1
|
||
type: string
|
||
pattern:
|
||
minLength: 1
|
||
type: string
|
||
type:
|
||
minLength: 1
|
||
type: string
|
||
value:
|
||
minLength: 1
|
||
type: string
|
||
valueFactor:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
default: 1
|
||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||
x-kubernetes-int-or-string: true
|
||
type: object
|
||
type: array
|
||
whitelist:
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
tls:
|
||
description: tls specifies the TLS configuration for the metrics.
|
||
properties:
|
||
directoryPathInContainer:
|
||
description: directoryPathInContainer specifies the directory
|
||
path in the container where `keystore.jks`, `truststore.jks`,
|
||
and `jksPassword.txt` keys are mounted. `truststore.jks`
|
||
is not configured and can be ignored when the `ignoreTrustStoreConfig`
|
||
field is set to `true`.
|
||
minLength: 1
|
||
type: string
|
||
enabled:
|
||
description: enabled specifies to enable the TLS configuration
|
||
for the Confluent component.
|
||
type: boolean
|
||
ignoreTrustStoreConfig:
|
||
description: ignoreTrustStoreConfig indicates whether to ignore
|
||
the truststore configuration for the Confluent component.
|
||
type: boolean
|
||
jksPassword:
|
||
description: jksPassword references the secret containing
|
||
the JKS password.
|
||
properties:
|
||
secretRef:
|
||
description: 'secretRef references the name of the secret
|
||
containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- secretRef
|
||
type: object
|
||
secretRef:
|
||
description: 'secretRef references the secret containing the
|
||
certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- enabled
|
||
type: object
|
||
type: object
|
||
monitoringKafkaClusters:
|
||
description: monitoringKafkaClusters specify the configurations for
|
||
the Kafka clusters that this Control Center monitors.
|
||
items:
|
||
description: MonitoringKafkaClusters defines the configuration of
|
||
the additional Kafka clusters the Control Center monitors.
|
||
properties:
|
||
authentication:
|
||
description: authentication defines the authentication for the
|
||
Kafka cluster.
|
||
properties:
|
||
jaasConfig:
|
||
description: jaasConfig specifies the Kafka client-side
|
||
JaaS configuration.
|
||
properties:
|
||
secretRef:
|
||
description: 'secretRef references the secret containing
|
||
the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- secretRef
|
||
type: object
|
||
jaasConfigPassThrough:
|
||
description: jaasConfigPassThrough specifies another way
|
||
to provide the Kafka client-side JaaS configuration.
|
||
properties:
|
||
directoryPathInContainer:
|
||
description: 'directoryPathInContainer specifies the
|
||
directory path in the container where required credentials
|
||
are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html'
|
||
minLength: 1
|
||
type: string
|
||
secretRef:
|
||
description: 'secretRef references the secret containing
|
||
the required credentials for authentication. More
|
||
info: https://docs.confluent.io/operator/current/co-authenticate.html'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
type: object
|
||
oauthbearer:
|
||
description: oauthbearer is the authentication mechanism
|
||
to provider principals. Only supported in RBAC deployment.
|
||
properties:
|
||
directoryPathInContainer:
|
||
description: directoryPathInContainer specifies the
|
||
directory path in the container where the credential
|
||
is mounted.
|
||
minLength: 1
|
||
type: string
|
||
secretRef:
|
||
description: 'secretRef specifies the name of the secret
|
||
that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
type: object
|
||
type:
|
||
description: type specifies the Kafka client authentication
|
||
type. Valid options are `plain`, `oauthbearer`, `digest`,
|
||
and `mtls`.
|
||
enum:
|
||
- plain
|
||
- oauthbearer
|
||
- digest
|
||
- mtls
|
||
type: string
|
||
required:
|
||
- type
|
||
type: object
|
||
bootstrapEndpoint:
|
||
description: bootstrapEndpoint specifies the Kafka bootstrap
|
||
endpoint.
|
||
minLength: 1
|
||
pattern: .+:[0-9]+
|
||
type: string
|
||
discovery:
|
||
description: discovery specifies the capability to discover
|
||
the Kafka cluster.
|
||
properties:
|
||
name:
|
||
description: name is the name of the Confluent Platform
|
||
component cluster.
|
||
type: string
|
||
namespace:
|
||
description: namespace is where the Confluent Platform component
|
||
is running. The default value is the namespace where CFK
|
||
is running.
|
||
type: string
|
||
secretRef:
|
||
description: secretRef is the name of the secret used to
|
||
discover the Confluent Platform component.
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- name
|
||
type: object
|
||
name:
|
||
description: name defines the Kafka cluster name.
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
tls:
|
||
description: tls defines the client-side TLS setting for the
|
||
Kafka cluster.
|
||
properties:
|
||
directoryPathInContainer:
|
||
description: directoryPathInContainer specifies the directory
|
||
path in the container where `keystore.jks`, `truststore.jks`,
|
||
and `jksPassword.txt` keys are mounted. `truststore.jks`
|
||
is not configured and can be ignored when the `ignoreTrustStoreConfig`
|
||
field is set to `true`.
|
||
minLength: 1
|
||
type: string
|
||
enabled:
|
||
description: enabled specifies to enable the TLS configuration
|
||
for the Confluent component.
|
||
type: boolean
|
||
ignoreTrustStoreConfig:
|
||
description: ignoreTrustStoreConfig indicates whether to
|
||
ignore the truststore configuration for the Confluent
|
||
component.
|
||
type: boolean
|
||
jksPassword:
|
||
description: jksPassword references the secret containing
|
||
the JKS password.
|
||
properties:
|
||
secretRef:
|
||
description: 'secretRef references the name of the secret
|
||
containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- secretRef
|
||
type: object
|
||
secretRef:
|
||
description: 'secretRef references the secret containing
|
||
the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- enabled
|
||
type: object
|
||
required:
|
||
- name
|
||
type: object
|
||
type: array
|
||
mountedSecrets:
|
||
description: 'mountedSecrets list the secrets injected to the underlying
|
||
statefulset configuration. The secret reference is mounted in the
|
||
default path `/mnt/secrets/<secret-name>`. The underlying resources
|
||
will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod.
|
||
A change to this setting will roll the cluster.'
|
||
items:
|
||
description: MountedSecrets provides a way to inject a custom secret
|
||
to the underlying statefulset.
|
||
properties:
|
||
keyItems:
|
||
description: keyItems are key and path names.
|
||
items:
|
||
description: Maps a string key to a path within a volume.
|
||
properties:
|
||
key:
|
||
description: The key to project.
|
||
type: string
|
||
mode:
|
||
description: 'Optional: mode bits used to set permissions
|
||
on this file. Must be an octal value between 0000 and
|
||
0777 or a decimal value between 0 and 511. YAML accepts
|
||
both octal and decimal values, JSON requires decimal
|
||
values for mode bits. If not specified, the volume defaultMode
|
||
will be used. This might be in conflict with other options
|
||
that affect the file mode, like fsGroup, and the result
|
||
can be other mode bits set.'
|
||
format: int32
|
||
type: integer
|
||
path:
|
||
description: The relative path of the file to map the
|
||
key to. May not be an absolute path. May not contain
|
||
the path element '..'. May not start with the string
|
||
'..'.
|
||
type: string
|
||
required:
|
||
- key
|
||
- path
|
||
type: object
|
||
type: array
|
||
secretRef:
|
||
description: secretRef references the name of the secret.
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- secretRef
|
||
type: object
|
||
type: array
|
||
mountedVolumes:
|
||
description: mountedVolumes list the custom volumes that need to be
|
||
mounted into the underlying statefulset. A change to this setting
|
||
will roll the cluster.
|
||
properties:
|
||
volumeMounts:
|
||
description: volumeMounts specify the list of volume mounts for
|
||
the pods in the statefulset.
|
||
items:
|
||
description: VolumeMount describes a mounting of a Volume within
|
||
a container.
|
||
properties:
|
||
mountPath:
|
||
description: Path within the container at which the volume
|
||
should be mounted. Must not contain ':'.
|
||
type: string
|
||
mountPropagation:
|
||
description: mountPropagation determines how mounts are
|
||
propagated from the host to container and the other way
|
||
around. When not set, MountPropagationNone is used. This
|
||
field is beta in 1.10.
|
||
type: string
|
||
name:
|
||
description: This must match the Name of a Volume.
|
||
type: string
|
||
readOnly:
|
||
description: Mounted read-only if true, read-write otherwise
|
||
(false or unspecified). Defaults to false.
|
||
type: boolean
|
||
subPath:
|
||
description: Path within the volume from which the container's
|
||
volume should be mounted. Defaults to "" (volume's root).
|
||
type: string
|
||
subPathExpr:
|
||
description: Expanded path within the volume from which
|
||
the container's volume should be mounted. Behaves similarly
|
||
to SubPath but environment variable references $(VAR_NAME)
|
||
are expanded using the container's environment. Defaults
|
||
to "" (volume's root). SubPathExpr and SubPath are mutually
|
||
exclusive.
|
||
type: string
|
||
required:
|
||
- mountPath
|
||
- name
|
||
type: object
|
||
type: array
|
||
volumes:
|
||
description: volumes specify the list of volumes that can be mounted
|
||
into the pods of statefulset.
|
||
items:
|
||
description: Volume represents a named volume in a pod that
|
||
may be accessed by any container in the pod.
|
||
properties:
|
||
awsElasticBlockStore:
|
||
description: 'AWSElasticBlockStore represents an AWS Disk
|
||
resource that is attached to a kubelet''s host machine
|
||
and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
|
||
properties:
|
||
fsType:
|
||
description: 'Filesystem type of the volume that you
|
||
want to mount. Tip: Ensure that the filesystem type
|
||
is supported by the host operating system. Examples:
|
||
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
||
if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
|
||
TODO: how do we prevent errors in the filesystem from
|
||
compromising the machine'
|
||
type: string
|
||
partition:
|
||
description: 'The partition in the volume that you want
|
||
to mount. If omitted, the default is to mount by volume
|
||
name. Examples: For volume /dev/sda1, you specify
|
||
the partition as "1". Similarly, the volume partition
|
||
for /dev/sda is "0" (or you can leave the property
|
||
empty).'
|
||
format: int32
|
||
type: integer
|
||
readOnly:
|
||
description: 'Specify "true" to force and set the ReadOnly
|
||
property in VolumeMounts to "true". If omitted, the
|
||
default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
|
||
type: boolean
|
||
volumeID:
|
||
description: 'Unique ID of the persistent disk resource
|
||
in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
|
||
type: string
|
||
required:
|
||
- volumeID
|
||
type: object
|
||
azureDisk:
|
||
description: AzureDisk represents an Azure Data Disk mount
|
||
on the host and bind mount to the pod.
|
||
properties:
|
||
cachingMode:
|
||
description: 'Host Caching mode: None, Read Only, Read
|
||
Write.'
|
||
type: string
|
||
diskName:
|
||
description: The Name of the data disk in the blob storage
|
||
type: string
|
||
diskURI:
|
||
description: The URI the data disk in the blob storage
|
||
type: string
|
||
fsType:
|
||
description: Filesystem type to mount. Must be a filesystem
|
||
type supported by the host operating system. Ex. "ext4",
|
||
"xfs", "ntfs". Implicitly inferred to be "ext4" if
|
||
unspecified.
|
||
type: string
|
||
kind:
|
||
description: 'Expected values Shared: multiple blob
|
||
disks per storage account Dedicated: single blob
|
||
disk per storage account Managed: azure managed data
|
||
disk (only in managed availability set). defaults
|
||
to shared'
|
||
type: string
|
||
readOnly:
|
||
description: Defaults to false (read/write). ReadOnly
|
||
here will force the ReadOnly setting in VolumeMounts.
|
||
type: boolean
|
||
required:
|
||
- diskName
|
||
- diskURI
|
||
type: object
|
||
azureFile:
|
||
description: AzureFile represents an Azure File Service
|
||
mount on the host and bind mount to the pod.
|
||
properties:
|
||
readOnly:
|
||
description: Defaults to false (read/write). ReadOnly
|
||
here will force the ReadOnly setting in VolumeMounts.
|
||
type: boolean
|
||
secretName:
|
||
description: the name of secret that contains Azure
|
||
Storage Account Name and Key
|
||
type: string
|
||
shareName:
|
||
description: Share Name
|
||
type: string
|
||
required:
|
||
- secretName
|
||
- shareName
|
||
type: object
|
||
cephfs:
|
||
description: CephFS represents a Ceph FS mount on the host
|
||
that shares a pod's lifetime
|
||
properties:
|
||
monitors:
|
||
description: 'Required: Monitors is a collection of
|
||
Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
||
items:
|
||
type: string
|
||
type: array
|
||
path:
|
||
description: 'Optional: Used as the mounted root, rather
|
||
than the full Ceph tree, default is /'
|
||
type: string
|
||
readOnly:
|
||
description: 'Optional: Defaults to false (read/write).
|
||
ReadOnly here will force the ReadOnly setting in VolumeMounts.
|
||
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
||
type: boolean
|
||
secretFile:
|
||
description: 'Optional: SecretFile is the path to key
|
||
ring for User, default is /etc/ceph/user.secret More
|
||
info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
||
type: string
|
||
secretRef:
|
||
description: 'Optional: SecretRef is reference to the
|
||
authentication secret for User, default is empty.
|
||
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
||
properties:
|
||
name:
|
||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
TODO: Add other useful fields. apiVersion, kind,
|
||
uid?'
|
||
type: string
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
user:
|
||
description: 'Optional: User is the rados user name,
|
||
default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
||
type: string
|
||
required:
|
||
- monitors
|
||
type: object
|
||
cinder:
|
||
description: 'Cinder represents a cinder volume attached
|
||
and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
|
||
properties:
|
||
fsType:
|
||
description: 'Filesystem type to mount. Must be a filesystem
|
||
type supported by the host operating system. Examples:
|
||
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
||
if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
|
||
type: string
|
||
readOnly:
|
||
description: 'Optional: Defaults to false (read/write).
|
||
ReadOnly here will force the ReadOnly setting in VolumeMounts.
|
||
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
|
||
type: boolean
|
||
secretRef:
|
||
description: 'Optional: points to a secret object containing
|
||
parameters used to connect to OpenStack.'
|
||
properties:
|
||
name:
|
||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
TODO: Add other useful fields. apiVersion, kind,
|
||
uid?'
|
||
type: string
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
volumeID:
|
||
description: 'volume id used to identify the volume
|
||
in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
|
||
type: string
|
||
required:
|
||
- volumeID
|
||
type: object
|
||
configMap:
|
||
description: ConfigMap represents a configMap that should
|
||
populate this volume
|
||
properties:
|
||
defaultMode:
|
||
description: 'Optional: mode bits used to set permissions
|
||
on created files by default. Must be an octal value
|
||
between 0000 and 0777 or a decimal value between 0
|
||
and 511. YAML accepts both octal and decimal values,
|
||
JSON requires decimal values for mode bits. Defaults
|
||
to 0644. Directories within the path are not affected
|
||
by this setting. This might be in conflict with other
|
||
options that affect the file mode, like fsGroup, and
|
||
the result can be other mode bits set.'
|
||
format: int32
|
||
type: integer
|
||
items:
|
||
description: If unspecified, each key-value pair in
|
||
the Data field of the referenced ConfigMap will be
|
||
projected into the volume as a file whose name is
|
||
the key and content is the value. If specified, the
|
||
listed keys will be projected into the specified paths,
|
||
and unlisted keys will not be present. If a key is
|
||
specified which is not present in the ConfigMap, the
|
||
volume setup will error unless it is marked optional.
|
||
Paths must be relative and may not contain the '..'
|
||
path or start with '..'.
|
||
items:
|
||
description: Maps a string key to a path within a
|
||
volume.
|
||
properties:
|
||
key:
|
||
description: The key to project.
|
||
type: string
|
||
mode:
|
||
description: 'Optional: mode bits used to set
|
||
permissions on this file. Must be an octal value
|
||
between 0000 and 0777 or a decimal value between
|
||
0 and 511. YAML accepts both octal and decimal
|
||
values, JSON requires decimal values for mode
|
||
bits. If not specified, the volume defaultMode
|
||
will be used. This might be in conflict with
|
||
other options that affect the file mode, like
|
||
fsGroup, and the result can be other mode bits
|
||
set.'
|
||
format: int32
|
||
type: integer
|
||
path:
|
||
description: The relative path of the file to
|
||
map the key to. May not be an absolute path.
|
||
May not contain the path element '..'. May not
|
||
start with the string '..'.
|
||
type: string
|
||
required:
|
||
- key
|
||
- path
|
||
type: object
|
||
type: array
|
||
name:
|
||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||
type: string
|
||
optional:
|
||
description: Specify whether the ConfigMap or its keys
|
||
must be defined
|
||
type: boolean
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
csi:
|
||
description: CSI (Container Storage Interface) represents
|
||
ephemeral storage that is handled by certain external
|
||
CSI drivers (Beta feature).
|
||
properties:
|
||
driver:
|
||
description: Driver is the name of the CSI driver that
|
||
handles this volume. Consult with your admin for the
|
||
correct name as registered in the cluster.
|
||
type: string
|
||
fsType:
|
||
description: Filesystem type to mount. Ex. "ext4", "xfs",
|
||
"ntfs". If not provided, the empty value is passed
|
||
to the associated CSI driver which will determine
|
||
the default filesystem to apply.
|
||
type: string
|
||
nodePublishSecretRef:
|
||
description: NodePublishSecretRef is a reference to
|
||
the secret object containing sensitive information
|
||
to pass to the CSI driver to complete the CSI NodePublishVolume
|
||
and NodeUnpublishVolume calls. This field is optional,
|
||
and may be empty if no secret is required. If the
|
||
secret object contains more than one secret, all secret
|
||
references are passed.
|
||
properties:
|
||
name:
|
||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
TODO: Add other useful fields. apiVersion, kind,
|
||
uid?'
|
||
type: string
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
readOnly:
|
||
description: Specifies a read-only configuration for
|
||
the volume. Defaults to false (read/write).
|
||
type: boolean
|
||
volumeAttributes:
|
||
additionalProperties:
|
||
type: string
|
||
description: VolumeAttributes stores driver-specific
|
||
properties that are passed to the CSI driver. Consult
|
||
your driver's documentation for supported values.
|
||
type: object
|
||
required:
|
||
- driver
|
||
type: object
|
||
downwardAPI:
|
||
description: DownwardAPI represents downward API about the
|
||
pod that should populate this volume
|
||
properties:
|
||
defaultMode:
|
||
description: 'Optional: mode bits to use on created
|
||
files by default. Must be a Optional: mode bits used
|
||
to set permissions on created files by default. Must
|
||
be an octal value between 0000 and 0777 or a decimal
|
||
value between 0 and 511. YAML accepts both octal and
|
||
decimal values, JSON requires decimal values for mode
|
||
bits. Defaults to 0644. Directories within the path
|
||
are not affected by this setting. This might be in
|
||
conflict with other options that affect the file mode,
|
||
like fsGroup, and the result can be other mode bits
|
||
set.'
|
||
format: int32
|
||
type: integer
|
||
items:
|
||
description: Items is a list of downward API volume
|
||
file
|
||
items:
|
||
description: DownwardAPIVolumeFile represents information
|
||
to create the file containing the pod field
|
||
properties:
|
||
fieldRef:
|
||
description: 'Required: Selects a field of the
|
||
pod: only annotations, labels, name and namespace
|
||
are supported.'
|
||
properties:
|
||
apiVersion:
|
||
description: Version of the schema the FieldPath
|
||
is written in terms of, defaults to "v1".
|
||
type: string
|
||
fieldPath:
|
||
description: Path of the field to select in
|
||
the specified API version.
|
||
type: string
|
||
required:
|
||
- fieldPath
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
mode:
|
||
description: 'Optional: mode bits used to set
|
||
permissions on this file, must be an octal value
|
||
between 0000 and 0777 or a decimal value between
|
||
0 and 511. YAML accepts both octal and decimal
|
||
values, JSON requires decimal values for mode
|
||
bits. If not specified, the volume defaultMode
|
||
will be used. This might be in conflict with
|
||
other options that affect the file mode, like
|
||
fsGroup, and the result can be other mode bits
|
||
set.'
|
||
format: int32
|
||
type: integer
|
||
path:
|
||
description: 'Required: Path is the relative
|
||
path name of the file to be created. Must not
|
||
be absolute or contain the ''..'' path. Must
|
||
be utf-8 encoded. The first item of the relative
|
||
path must not start with ''..'''
|
||
type: string
|
||
resourceFieldRef:
|
||
description: 'Selects a resource of the container:
|
||
only resources limits and requests (limits.cpu,
|
||
limits.memory, requests.cpu and requests.memory)
|
||
are currently supported.'
|
||
properties:
|
||
containerName:
|
||
description: 'Container name: required for
|
||
volumes, optional for env vars'
|
||
type: string
|
||
divisor:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
description: Specifies the output format of
|
||
the exposed resources, defaults to "1"
|
||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||
x-kubernetes-int-or-string: true
|
||
resource:
|
||
description: 'Required: resource to select'
|
||
type: string
|
||
required:
|
||
- resource
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
required:
|
||
- path
|
||
type: object
|
||
type: array
|
||
type: object
|
||
emptyDir:
|
||
description: 'EmptyDir represents a temporary directory
|
||
that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||
properties:
|
||
medium:
|
||
description: 'What type of storage medium should back
|
||
this directory. The default is "" which means to use
|
||
the node''s default medium. Must be an empty string
|
||
(default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||
type: string
|
||
sizeLimit:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
description: 'Total amount of local storage required
|
||
for this EmptyDir volume. The size limit is also applicable
|
||
for memory medium. The maximum usage on memory medium
|
||
EmptyDir would be the minimum value between the SizeLimit
|
||
specified here and the sum of memory limits of all
|
||
containers in a pod. The default is nil which means
|
||
that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||
x-kubernetes-int-or-string: true
|
||
type: object
|
||
ephemeral:
|
||
description: "Ephemeral represents a volume that is handled
|
||
by a cluster storage driver. The volume's lifecycle is
|
||
tied to the pod that defines it - it will be created before
|
||
the pod starts, and deleted when the pod is removed. \n
|
||
Use this if: a) the volume is only needed while the pod
|
||
runs, b) features of normal volumes like restoring from
|
||
snapshot or capacity tracking are needed, c) the storage
|
||
driver is specified through a storage class, and d) the
|
||
storage driver supports dynamic volume provisioning through
|
||
a PersistentVolumeClaim (see EphemeralVolumeSource for
|
||
more information on the connection between this volume
|
||
type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
|
||
or one of the vendor-specific APIs for volumes that persist
|
||
for longer than the lifecycle of an individual pod. \n
|
||
Use CSI for light-weight local ephemeral volumes if the
|
||
CSI driver is meant to be used that way - see the documentation
|
||
of the driver for more information. \n A pod can use both
|
||
types of ephemeral volumes and persistent volumes at the
|
||
same time."
|
||
properties:
|
||
volumeClaimTemplate:
|
||
description: "Will be used to create a stand-alone PVC
|
||
to provision the volume. The pod in which this EphemeralVolumeSource
|
||
is embedded will be the owner of the PVC, i.e. the
|
||
PVC will be deleted together with the pod. The name
|
||
of the PVC will be `<pod name>-<volume name>` where
|
||
`<volume name>` is the name from the `PodSpec.Volumes`
|
||
array entry. Pod validation will reject the pod if
|
||
the concatenated name is not valid for a PVC (for
|
||
example, too long). \n An existing PVC with that name
|
||
that is not owned by the pod will *not* be used for
|
||
the pod to avoid using an unrelated volume by mistake.
|
||
Starting the pod is then blocked until the unrelated
|
||
PVC is removed. If such a pre-created PVC is meant
|
||
to be used by the pod, the PVC has to updated with
|
||
an owner reference to the pod once the pod exists.
|
||
Normally this should not be necessary, but it may
|
||
be useful when manually reconstructing a broken cluster.
|
||
\n This field is read-only and no changes will be
|
||
made by Kubernetes to the PVC after it has been created.
|
||
\n Required, must not be nil."
|
||
properties:
|
||
metadata:
|
||
description: May contain labels and annotations
|
||
that will be copied into the PVC when creating
|
||
it. No other fields are allowed and will be rejected
|
||
during validation.
|
||
type: object
|
||
spec:
|
||
description: The specification for the PersistentVolumeClaim.
|
||
The entire content is copied unchanged into the
|
||
PVC that gets created from this template. The
|
||
same fields as in a PersistentVolumeClaim are
|
||
also valid here.
|
||
properties:
|
||
accessModes:
|
||
description: 'AccessModes contains the desired
|
||
access modes the volume should have. More
|
||
info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
|
||
items:
|
||
type: string
|
||
type: array
|
||
dataSource:
|
||
description: 'This field can be used to specify
|
||
either: * An existing VolumeSnapshot object
|
||
(snapshot.storage.k8s.io/VolumeSnapshot) *
|
||
An existing PVC (PersistentVolumeClaim) If
|
||
the provisioner or an external controller
|
||
can support the specified data source, it
|
||
will create a new volume based on the contents
|
||
of the specified data source. If the AnyVolumeDataSource
|
||
feature gate is enabled, this field will always
|
||
have the same contents as the DataSourceRef
|
||
field.'
|
||
properties:
|
||
apiGroup:
|
||
description: APIGroup is the group for the
|
||
resource being referenced. If APIGroup
|
||
is not specified, the specified Kind must
|
||
be in the core API group. For any other
|
||
third-party types, APIGroup is required.
|
||
type: string
|
||
kind:
|
||
description: Kind is the type of resource
|
||
being referenced
|
||
type: string
|
||
name:
|
||
description: Name is the name of resource
|
||
being referenced
|
||
type: string
|
||
required:
|
||
- kind
|
||
- name
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
dataSourceRef:
|
||
description: 'Specifies the object from which
|
||
to populate the volume with data, if a non-empty
|
||
volume is desired. This may be any local object
|
||
from a non-empty API group (non core object)
|
||
or a PersistentVolumeClaim object. When this
|
||
field is specified, volume binding will only
|
||
succeed if the type of the specified object
|
||
matches some installed volume populator or
|
||
dynamic provisioner. This field will replace
|
||
the functionality of the DataSource field
|
||
and as such if both fields are non-empty,
|
||
they must have the same value. For backwards
|
||
compatibility, both fields (DataSource and
|
||
DataSourceRef) will be set to the same value
|
||
automatically if one of them is empty and
|
||
the other is non-empty. There are two important
|
||
differences between DataSource and DataSourceRef:
|
||
* While DataSource only allows two specific
|
||
types of objects, DataSourceRef allows any
|
||
non-core object, as well as PersistentVolumeClaim
|
||
objects. * While DataSource ignores disallowed
|
||
values (dropping them), DataSourceRef preserves
|
||
all values, and generates an error if a disallowed
|
||
value is specified. (Alpha) Using this field
|
||
requires the AnyVolumeDataSource feature gate
|
||
to be enabled.'
|
||
properties:
|
||
apiGroup:
|
||
description: APIGroup is the group for the
|
||
resource being referenced. If APIGroup
|
||
is not specified, the specified Kind must
|
||
be in the core API group. For any other
|
||
third-party types, APIGroup is required.
|
||
type: string
|
||
kind:
|
||
description: Kind is the type of resource
|
||
being referenced
|
||
type: string
|
||
name:
|
||
description: Name is the name of resource
|
||
being referenced
|
||
type: string
|
||
required:
|
||
- kind
|
||
- name
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
resources:
|
||
description: 'Resources represents the minimum
|
||
resources the volume should have. If RecoverVolumeExpansionFailure
|
||
feature is enabled users are allowed to specify
|
||
resource requirements that are lower than
|
||
previous value but must still be higher than
|
||
capacity recorded in the status field of the
|
||
claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||
properties:
|
||
limits:
|
||
additionalProperties:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||
x-kubernetes-int-or-string: true
|
||
description: 'Limits describes the maximum
|
||
amount of compute resources allowed. More
|
||
info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||
type: object
|
||
requests:
|
||
additionalProperties:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||
x-kubernetes-int-or-string: true
|
||
description: 'Requests describes the minimum
|
||
amount of compute resources required.
|
||
If Requests is omitted for a container,
|
||
it defaults to Limits if that is explicitly
|
||
specified, otherwise to an implementation-defined
|
||
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||
type: object
|
||
type: object
|
||
selector:
|
||
description: A label query over volumes to consider
|
||
for binding.
|
||
properties:
|
||
matchExpressions:
|
||
description: matchExpressions is a list
|
||
of label selector requirements. The requirements
|
||
are ANDed.
|
||
items:
|
||
description: A label selector requirement
|
||
is a selector that contains values,
|
||
a key, and an operator that relates
|
||
the key and values.
|
||
properties:
|
||
key:
|
||
description: key is the label key
|
||
that the selector applies to.
|
||
type: string
|
||
operator:
|
||
description: operator represents a
|
||
key's relationship to a set of values.
|
||
Valid operators are In, NotIn, Exists
|
||
and DoesNotExist.
|
||
type: string
|
||
values:
|
||
description: values is an array of
|
||
string values. If the operator is
|
||
In or NotIn, the values array must
|
||
be non-empty. If the operator is
|
||
Exists or DoesNotExist, the values
|
||
array must be empty. This array
|
||
is replaced during a strategic merge
|
||
patch.
|
||
items:
|
||
type: string
|
||
type: array
|
||
required:
|
||
- key
|
||
- operator
|
||
type: object
|
||
type: array
|
||
matchLabels:
|
||
additionalProperties:
|
||
type: string
|
||
description: matchLabels is a map of {key,value}
|
||
pairs. A single {key,value} in the matchLabels
|
||
map is equivalent to an element of matchExpressions,
|
||
whose key field is "key", the operator
|
||
is "In", and the values array contains
|
||
only "value". The requirements are ANDed.
|
||
type: object
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
storageClassName:
|
||
description: 'Name of the StorageClass required
|
||
by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
|
||
type: string
|
||
volumeMode:
|
||
description: volumeMode defines what type of
|
||
volume is required by the claim. Value of
|
||
Filesystem is implied when not included in
|
||
claim spec.
|
||
type: string
|
||
volumeName:
|
||
description: VolumeName is the binding reference
|
||
to the PersistentVolume backing this claim.
|
||
type: string
|
||
type: object
|
||
required:
|
||
- spec
|
||
type: object
|
||
type: object
|
||
fc:
|
||
description: FC represents a Fibre Channel resource that
|
||
is attached to a kubelet's host machine and then exposed
|
||
to the pod.
|
||
properties:
|
||
fsType:
|
||
description: 'Filesystem type to mount. Must be a filesystem
|
||
type supported by the host operating system. Ex. "ext4",
|
||
"xfs", "ntfs". Implicitly inferred to be "ext4" if
|
||
unspecified. TODO: how do we prevent errors in the
|
||
filesystem from compromising the machine'
|
||
type: string
|
||
lun:
|
||
description: 'Optional: FC target lun number'
|
||
format: int32
|
||
type: integer
|
||
readOnly:
|
||
description: 'Optional: Defaults to false (read/write).
|
||
ReadOnly here will force the ReadOnly setting in VolumeMounts.'
|
||
type: boolean
|
||
targetWWNs:
|
||
description: 'Optional: FC target worldwide names (WWNs)'
|
||
items:
|
||
type: string
|
||
type: array
|
||
wwids:
|
||
description: 'Optional: FC volume world wide identifiers
|
||
(wwids) Either wwids or combination of targetWWNs
|
||
and lun must be set, but not both simultaneously.'
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
flexVolume:
|
||
description: FlexVolume represents a generic volume resource
|
||
that is provisioned/attached using an exec based plugin.
|
||
properties:
|
||
driver:
|
||
description: Driver is the name of the driver to use
|
||
for this volume.
|
||
type: string
|
||
fsType:
|
||
description: Filesystem type to mount. Must be a filesystem
|
||
type supported by the host operating system. Ex. "ext4",
|
||
"xfs", "ntfs". The default filesystem depends on FlexVolume
|
||
script.
|
||
type: string
|
||
options:
|
||
additionalProperties:
|
||
type: string
|
||
description: 'Optional: Extra command options if any.'
|
||
type: object
|
||
readOnly:
|
||
description: 'Optional: Defaults to false (read/write).
|
||
ReadOnly here will force the ReadOnly setting in VolumeMounts.'
|
||
type: boolean
|
||
secretRef:
|
||
description: 'Optional: SecretRef is reference to the
|
||
secret object containing sensitive information to
|
||
pass to the plugin scripts. This may be empty if no
|
||
secret object is specified. If the secret object contains
|
||
more than one secret, all secrets are passed to the
|
||
plugin scripts.'
|
||
properties:
|
||
name:
|
||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
TODO: Add other useful fields. apiVersion, kind,
|
||
uid?'
|
||
type: string
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
required:
|
||
- driver
|
||
type: object
|
||
flocker:
|
||
description: Flocker represents a Flocker volume attached
|
||
to a kubelet's host machine. This depends on the Flocker
|
||
control service being running
|
||
properties:
|
||
datasetName:
|
||
description: Name of the dataset stored as metadata
|
||
-> name on the dataset for Flocker should be considered
|
||
as deprecated
|
||
type: string
|
||
datasetUUID:
|
||
description: UUID of the dataset. This is unique identifier
|
||
of a Flocker dataset
|
||
type: string
|
||
type: object
|
||
gcePersistentDisk:
|
||
description: 'GCEPersistentDisk represents a GCE Disk resource
|
||
that is attached to a kubelet''s host machine and then
|
||
exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
|
||
properties:
|
||
fsType:
|
||
description: 'Filesystem type of the volume that you
|
||
want to mount. Tip: Ensure that the filesystem type
|
||
is supported by the host operating system. Examples:
|
||
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
||
if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
|
||
TODO: how do we prevent errors in the filesystem from
|
||
compromising the machine'
|
||
type: string
|
||
partition:
|
||
description: 'The partition in the volume that you want
|
||
to mount. If omitted, the default is to mount by volume
|
||
name. Examples: For volume /dev/sda1, you specify
|
||
the partition as "1". Similarly, the volume partition
|
||
for /dev/sda is "0" (or you can leave the property
|
||
empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
|
||
format: int32
|
||
type: integer
|
||
pdName:
|
||
description: 'Unique name of the PD resource in GCE.
|
||
Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
|
||
type: string
|
||
readOnly:
|
||
description: 'ReadOnly here will force the ReadOnly
|
||
setting in VolumeMounts. Defaults to false. More info:
|
||
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
|
||
type: boolean
|
||
required:
|
||
- pdName
|
||
type: object
|
||
gitRepo:
|
||
description: 'GitRepo represents a git repository at a particular
|
||
revision. DEPRECATED: GitRepo is deprecated. To provision
|
||
a container with a git repo, mount an EmptyDir into an
|
||
InitContainer that clones the repo using git, then mount
|
||
the EmptyDir into the Pod''s container.'
|
||
properties:
|
||
directory:
|
||
description: Target directory name. Must not contain
|
||
or start with '..'. If '.' is supplied, the volume
|
||
directory will be the git repository. Otherwise,
|
||
if specified, the volume will contain the git repository
|
||
in the subdirectory with the given name.
|
||
type: string
|
||
repository:
|
||
description: Repository URL
|
||
type: string
|
||
revision:
|
||
description: Commit hash for the specified revision.
|
||
type: string
|
||
required:
|
||
- repository
|
||
type: object
|
||
glusterfs:
|
||
description: 'Glusterfs represents a Glusterfs mount on
|
||
the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
|
||
properties:
|
||
endpoints:
|
||
description: 'EndpointsName is the endpoint name that
|
||
details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
|
||
type: string
|
||
path:
|
||
description: 'Path is the Glusterfs volume path. More
|
||
info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
|
||
type: string
|
||
readOnly:
|
||
description: 'ReadOnly here will force the Glusterfs
|
||
volume to be mounted with read-only permissions. Defaults
|
||
to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
|
||
type: boolean
|
||
required:
|
||
- endpoints
|
||
- path
|
||
type: object
|
||
hostPath:
|
||
description: 'HostPath represents a pre-existing file or
|
||
directory on the host machine that is directly exposed
|
||
to the container. This is generally used for system agents
|
||
or other privileged things that are allowed to see the
|
||
host machine. Most containers will NOT need this. More
|
||
info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
|
||
--- TODO(jonesdl) We need to restrict who can use host
|
||
directory mounts and who can/can not mount host directories
|
||
as read/write.'
|
||
properties:
|
||
path:
|
||
description: 'Path of the directory on the host. If
|
||
the path is a symlink, it will follow the link to
|
||
the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
|
||
type: string
|
||
type:
|
||
description: 'Type for HostPath Volume Defaults to ""
|
||
More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
|
||
type: string
|
||
required:
|
||
- path
|
||
type: object
|
||
iscsi:
|
||
description: 'ISCSI represents an ISCSI Disk resource that
|
||
is attached to a kubelet''s host machine and then exposed
|
||
to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
|
||
properties:
|
||
chapAuthDiscovery:
|
||
description: whether support iSCSI Discovery CHAP authentication
|
||
type: boolean
|
||
chapAuthSession:
|
||
description: whether support iSCSI Session CHAP authentication
|
||
type: boolean
|
||
fsType:
|
||
description: 'Filesystem type of the volume that you
|
||
want to mount. Tip: Ensure that the filesystem type
|
||
is supported by the host operating system. Examples:
|
||
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
||
if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
|
||
TODO: how do we prevent errors in the filesystem from
|
||
compromising the machine'
|
||
type: string
|
||
initiatorName:
|
||
description: Custom iSCSI Initiator Name. If initiatorName
|
||
is specified with iscsiInterface simultaneously, new
|
||
iSCSI interface <target portal>:<volume name> will
|
||
be created for the connection.
|
||
type: string
|
||
iqn:
|
||
description: Target iSCSI Qualified Name.
|
||
type: string
|
||
iscsiInterface:
|
||
description: iSCSI Interface Name that uses an iSCSI
|
||
transport. Defaults to 'default' (tcp).
|
||
type: string
|
||
lun:
|
||
description: iSCSI Target Lun number.
|
||
format: int32
|
||
type: integer
|
||
portals:
|
||
description: iSCSI Target Portal List. The portal is
|
||
either an IP or ip_addr:port if the port is other
|
||
than default (typically TCP ports 860 and 3260).
|
||
items:
|
||
type: string
|
||
type: array
|
||
readOnly:
|
||
description: ReadOnly here will force the ReadOnly setting
|
||
in VolumeMounts. Defaults to false.
|
||
type: boolean
|
||
secretRef:
|
||
description: CHAP Secret for iSCSI target and initiator
|
||
authentication
|
||
properties:
|
||
name:
|
||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
TODO: Add other useful fields. apiVersion, kind,
|
||
uid?'
|
||
type: string
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
targetPortal:
|
||
description: iSCSI Target Portal. The Portal is either
|
||
an IP or ip_addr:port if the port is other than default
|
||
(typically TCP ports 860 and 3260).
|
||
type: string
|
||
required:
|
||
- iqn
|
||
- lun
|
||
- targetPortal
|
||
type: object
|
||
name:
|
||
description: 'Volume''s name. Must be a DNS_LABEL and unique
|
||
within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
|
||
type: string
|
||
nfs:
|
||
description: 'NFS represents an NFS mount on the host that
|
||
shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
|
||
properties:
|
||
path:
|
||
description: 'Path that is exported by the NFS server.
|
||
More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
|
||
type: string
|
||
readOnly:
|
||
description: 'ReadOnly here will force the NFS export
|
||
to be mounted with read-only permissions. Defaults
|
||
to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
|
||
type: boolean
|
||
server:
|
||
description: 'Server is the hostname or IP address of
|
||
the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
|
||
type: string
|
||
required:
|
||
- path
|
||
- server
|
||
type: object
|
||
persistentVolumeClaim:
|
||
description: 'PersistentVolumeClaimVolumeSource represents
|
||
a reference to a PersistentVolumeClaim in the same namespace.
|
||
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
|
||
properties:
|
||
claimName:
|
||
description: 'ClaimName is the name of a PersistentVolumeClaim
|
||
in the same namespace as the pod using this volume.
|
||
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
|
||
type: string
|
||
readOnly:
|
||
description: Will force the ReadOnly setting in VolumeMounts.
|
||
Default false.
|
||
type: boolean
|
||
required:
|
||
- claimName
|
||
type: object
|
||
photonPersistentDisk:
|
||
description: PhotonPersistentDisk represents a PhotonController
|
||
persistent disk attached and mounted on kubelets host
|
||
machine
|
||
properties:
|
||
fsType:
|
||
description: Filesystem type to mount. Must be a filesystem
|
||
type supported by the host operating system. Ex. "ext4",
|
||
"xfs", "ntfs". Implicitly inferred to be "ext4" if
|
||
unspecified.
|
||
type: string
|
||
pdID:
|
||
description: ID that identifies Photon Controller persistent
|
||
disk
|
||
type: string
|
||
required:
|
||
- pdID
|
||
type: object
|
||
portworxVolume:
|
||
description: PortworxVolume represents a portworx volume
|
||
attached and mounted on kubelets host machine
|
||
properties:
|
||
fsType:
|
||
description: FSType represents the filesystem type to
|
||
mount Must be a filesystem type supported by the host
|
||
operating system. Ex. "ext4", "xfs". Implicitly inferred
|
||
to be "ext4" if unspecified.
|
||
type: string
|
||
readOnly:
|
||
description: Defaults to false (read/write). ReadOnly
|
||
here will force the ReadOnly setting in VolumeMounts.
|
||
type: boolean
|
||
volumeID:
|
||
description: VolumeID uniquely identifies a Portworx
|
||
volume
|
||
type: string
|
||
required:
|
||
- volumeID
|
||
type: object
|
||
projected:
|
||
description: Items for all in one resources secrets, configmaps,
|
||
and downward API
|
||
properties:
|
||
defaultMode:
|
||
description: Mode bits used to set permissions on created
|
||
files by default. Must be an octal value between 0000
|
||
and 0777 or a decimal value between 0 and 511. YAML
|
||
accepts both octal and decimal values, JSON requires
|
||
decimal values for mode bits. Directories within the
|
||
path are not affected by this setting. This might
|
||
be in conflict with other options that affect the
|
||
file mode, like fsGroup, and the result can be other
|
||
mode bits set.
|
||
format: int32
|
||
type: integer
|
||
sources:
|
||
description: list of volume projections
|
||
items:
|
||
description: Projection that may be projected along
|
||
with other supported volume types
|
||
properties:
|
||
configMap:
|
||
description: information about the configMap data
|
||
to project
|
||
properties:
|
||
items:
|
||
description: If unspecified, each key-value
|
||
pair in the Data field of the referenced
|
||
ConfigMap will be projected into the volume
|
||
as a file whose name is the key and content
|
||
is the value. If specified, the listed keys
|
||
will be projected into the specified paths,
|
||
and unlisted keys will not be present. If
|
||
a key is specified which is not present
|
||
in the ConfigMap, the volume setup will
|
||
error unless it is marked optional. Paths
|
||
must be relative and may not contain the
|
||
'..' path or start with '..'.
|
||
items:
|
||
description: Maps a string key to a path
|
||
within a volume.
|
||
properties:
|
||
key:
|
||
description: The key to project.
|
||
type: string
|
||
mode:
|
||
description: 'Optional: mode bits used
|
||
to set permissions on this file. Must
|
||
be an octal value between 0000 and
|
||
0777 or a decimal value between 0
|
||
and 511. YAML accepts both octal and
|
||
decimal values, JSON requires decimal
|
||
values for mode bits. If not specified,
|
||
the volume defaultMode will be used.
|
||
This might be in conflict with other
|
||
options that affect the file mode,
|
||
like fsGroup, and the result can be
|
||
other mode bits set.'
|
||
format: int32
|
||
type: integer
|
||
path:
|
||
description: The relative path of the
|
||
file to map the key to. May not be
|
||
an absolute path. May not contain
|
||
the path element '..'. May not start
|
||
with the string '..'.
|
||
type: string
|
||
required:
|
||
- key
|
||
- path
|
||
type: object
|
||
type: array
|
||
name:
|
||
description: 'Name of the referent. More info:
|
||
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
TODO: Add other useful fields. apiVersion,
|
||
kind, uid?'
|
||
type: string
|
||
optional:
|
||
description: Specify whether the ConfigMap
|
||
or its keys must be defined
|
||
type: boolean
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
downwardAPI:
|
||
description: information about the downwardAPI
|
||
data to project
|
||
properties:
|
||
items:
|
||
description: Items is a list of DownwardAPIVolume
|
||
file
|
||
items:
|
||
description: DownwardAPIVolumeFile represents
|
||
information to create the file containing
|
||
the pod field
|
||
properties:
|
||
fieldRef:
|
||
description: 'Required: Selects a field
|
||
of the pod: only annotations, labels,
|
||
name and namespace are supported.'
|
||
properties:
|
||
apiVersion:
|
||
description: Version of the schema
|
||
the FieldPath is written in terms
|
||
of, defaults to "v1".
|
||
type: string
|
||
fieldPath:
|
||
description: Path of the field to
|
||
select in the specified API version.
|
||
type: string
|
||
required:
|
||
- fieldPath
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
mode:
|
||
description: 'Optional: mode bits used
|
||
to set permissions on this file, must
|
||
be an octal value between 0000 and
|
||
0777 or a decimal value between 0
|
||
and 511. YAML accepts both octal and
|
||
decimal values, JSON requires decimal
|
||
values for mode bits. If not specified,
|
||
the volume defaultMode will be used.
|
||
This might be in conflict with other
|
||
options that affect the file mode,
|
||
like fsGroup, and the result can be
|
||
other mode bits set.'
|
||
format: int32
|
||
type: integer
|
||
path:
|
||
description: 'Required: Path is the
|
||
relative path name of the file to
|
||
be created. Must not be absolute or
|
||
contain the ''..'' path. Must be utf-8
|
||
encoded. The first item of the relative
|
||
path must not start with ''..'''
|
||
type: string
|
||
resourceFieldRef:
|
||
description: 'Selects a resource of
|
||
the container: only resources limits
|
||
and requests (limits.cpu, limits.memory,
|
||
requests.cpu and requests.memory)
|
||
are currently supported.'
|
||
properties:
|
||
containerName:
|
||
description: 'Container name: required
|
||
for volumes, optional for env
|
||
vars'
|
||
type: string
|
||
divisor:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
description: Specifies the output
|
||
format of the exposed resources,
|
||
defaults to "1"
|
||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||
x-kubernetes-int-or-string: true
|
||
resource:
|
||
description: 'Required: resource
|
||
to select'
|
||
type: string
|
||
required:
|
||
- resource
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
required:
|
||
- path
|
||
type: object
|
||
type: array
|
||
type: object
|
||
secret:
|
||
description: information about the secret data
|
||
to project
|
||
properties:
|
||
items:
|
||
description: If unspecified, each key-value
|
||
pair in the Data field of the referenced
|
||
Secret will be projected into the volume
|
||
as a file whose name is the key and content
|
||
is the value. If specified, the listed keys
|
||
will be projected into the specified paths,
|
||
and unlisted keys will not be present. If
|
||
a key is specified which is not present
|
||
in the Secret, the volume setup will error
|
||
unless it is marked optional. Paths must
|
||
be relative and may not contain the '..'
|
||
path or start with '..'.
|
||
items:
|
||
description: Maps a string key to a path
|
||
within a volume.
|
||
properties:
|
||
key:
|
||
description: The key to project.
|
||
type: string
|
||
mode:
|
||
description: 'Optional: mode bits used
|
||
to set permissions on this file. Must
|
||
be an octal value between 0000 and
|
||
0777 or a decimal value between 0
|
||
and 511. YAML accepts both octal and
|
||
decimal values, JSON requires decimal
|
||
values for mode bits. If not specified,
|
||
the volume defaultMode will be used.
|
||
This might be in conflict with other
|
||
options that affect the file mode,
|
||
like fsGroup, and the result can be
|
||
other mode bits set.'
|
||
format: int32
|
||
type: integer
|
||
path:
|
||
description: The relative path of the
|
||
file to map the key to. May not be
|
||
an absolute path. May not contain
|
||
the path element '..'. May not start
|
||
with the string '..'.
|
||
type: string
|
||
required:
|
||
- key
|
||
- path
|
||
type: object
|
||
type: array
|
||
name:
|
||
description: 'Name of the referent. More info:
|
||
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
TODO: Add other useful fields. apiVersion,
|
||
kind, uid?'
|
||
type: string
|
||
optional:
|
||
description: Specify whether the Secret or
|
||
its key must be defined
|
||
type: boolean
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
serviceAccountToken:
|
||
description: information about the serviceAccountToken
|
||
data to project
|
||
properties:
|
||
audience:
|
||
description: Audience is the intended audience
|
||
of the token. A recipient of a token must
|
||
identify itself with an identifier specified
|
||
in the audience of the token, and otherwise
|
||
should reject the token. The audience defaults
|
||
to the identifier of the apiserver.
|
||
type: string
|
||
expirationSeconds:
|
||
description: ExpirationSeconds is the requested
|
||
duration of validity of the service account
|
||
token. As the token approaches expiration,
|
||
the kubelet volume plugin will proactively
|
||
rotate the service account token. The kubelet
|
||
will start trying to rotate the token if
|
||
the token is older than 80 percent of its
|
||
time to live or if the token is older than
|
||
24 hours.Defaults to 1 hour and must be
|
||
at least 10 minutes.
|
||
format: int64
|
||
type: integer
|
||
path:
|
||
description: Path is the path relative to
|
||
the mount point of the file to project the
|
||
token into.
|
||
type: string
|
||
required:
|
||
- path
|
||
type: object
|
||
type: object
|
||
type: array
|
||
type: object
|
||
quobyte:
|
||
description: Quobyte represents a Quobyte mount on the host
|
||
that shares a pod's lifetime
|
||
properties:
|
||
group:
|
||
description: Group to map volume access to Default is
|
||
no group
|
||
type: string
|
||
readOnly:
|
||
description: ReadOnly here will force the Quobyte volume
|
||
to be mounted with read-only permissions. Defaults
|
||
to false.
|
||
type: boolean
|
||
registry:
|
||
description: Registry represents a single or multiple
|
||
Quobyte Registry services specified as a string as
|
||
host:port pair (multiple entries are separated with
|
||
commas) which acts as the central registry for volumes
|
||
type: string
|
||
tenant:
|
||
description: Tenant owning the given Quobyte volume
|
||
in the Backend Used with dynamically provisioned Quobyte
|
||
volumes, value is set by the plugin
|
||
type: string
|
||
user:
|
||
description: User to map volume access to Defaults to
|
||
serivceaccount user
|
||
type: string
|
||
volume:
|
||
description: Volume is a string that references an already
|
||
created Quobyte volume by name.
|
||
type: string
|
||
required:
|
||
- registry
|
||
- volume
|
||
type: object
|
||
rbd:
|
||
description: 'RBD represents a Rados Block Device mount
|
||
on the host that shares a pod''s lifetime. More info:
|
||
https://examples.k8s.io/volumes/rbd/README.md'
|
||
properties:
|
||
fsType:
|
||
description: 'Filesystem type of the volume that you
|
||
want to mount. Tip: Ensure that the filesystem type
|
||
is supported by the host operating system. Examples:
|
||
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
||
if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
|
||
TODO: how do we prevent errors in the filesystem from
|
||
compromising the machine'
|
||
type: string
|
||
image:
|
||
description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
||
type: string
|
||
keyring:
|
||
description: 'Keyring is the path to key ring for RBDUser.
|
||
Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
||
type: string
|
||
monitors:
|
||
description: 'A collection of Ceph monitors. More info:
|
||
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
||
items:
|
||
type: string
|
||
type: array
|
||
pool:
|
||
description: 'The rados pool name. Default is rbd. More
|
||
info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
||
type: string
|
||
readOnly:
|
||
description: 'ReadOnly here will force the ReadOnly
|
||
setting in VolumeMounts. Defaults to false. More info:
|
||
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
||
type: boolean
|
||
secretRef:
|
||
description: 'SecretRef is name of the authentication
|
||
secret for RBDUser. If provided overrides keyring.
|
||
Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
||
properties:
|
||
name:
|
||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
TODO: Add other useful fields. apiVersion, kind,
|
||
uid?'
|
||
type: string
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
user:
|
||
description: 'The rados user name. Default is admin.
|
||
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
||
type: string
|
||
required:
|
||
- image
|
||
- monitors
|
||
type: object
|
||
scaleIO:
|
||
description: ScaleIO represents a ScaleIO persistent volume
|
||
attached and mounted on Kubernetes nodes.
|
||
properties:
|
||
fsType:
|
||
description: Filesystem type to mount. Must be a filesystem
|
||
type supported by the host operating system. Ex. "ext4",
|
||
"xfs", "ntfs". Default is "xfs".
|
||
type: string
|
||
gateway:
|
||
description: The host address of the ScaleIO API Gateway.
|
||
type: string
|
||
protectionDomain:
|
||
description: The name of the ScaleIO Protection Domain
|
||
for the configured storage.
|
||
type: string
|
||
readOnly:
|
||
description: Defaults to false (read/write). ReadOnly
|
||
here will force the ReadOnly setting in VolumeMounts.
|
||
type: boolean
|
||
secretRef:
|
||
description: SecretRef references to the secret for
|
||
ScaleIO user and other sensitive information. If this
|
||
is not provided, Login operation will fail.
|
||
properties:
|
||
name:
|
||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
TODO: Add other useful fields. apiVersion, kind,
|
||
uid?'
|
||
type: string
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
sslEnabled:
|
||
description: Flag to enable/disable SSL communication
|
||
with Gateway, default false
|
||
type: boolean
|
||
storageMode:
|
||
description: Indicates whether the storage for a volume
|
||
should be ThickProvisioned or ThinProvisioned. Default
|
||
is ThinProvisioned.
|
||
type: string
|
||
storagePool:
|
||
description: The ScaleIO Storage Pool associated with
|
||
the protection domain.
|
||
type: string
|
||
system:
|
||
description: The name of the storage system as configured
|
||
in ScaleIO.
|
||
type: string
|
||
volumeName:
|
||
description: The name of a volume already created in
|
||
the ScaleIO system that is associated with this volume
|
||
source.
|
||
type: string
|
||
required:
|
||
- gateway
|
||
- secretRef
|
||
- system
|
||
type: object
|
||
secret:
|
||
description: 'Secret represents a secret that should populate
|
||
this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
|
||
properties:
|
||
defaultMode:
|
||
description: 'Optional: mode bits used to set permissions
|
||
on created files by default. Must be an octal value
|
||
between 0000 and 0777 or a decimal value between 0
|
||
and 511. YAML accepts both octal and decimal values,
|
||
JSON requires decimal values for mode bits. Defaults
|
||
to 0644. Directories within the path are not affected
|
||
by this setting. This might be in conflict with other
|
||
options that affect the file mode, like fsGroup, and
|
||
the result can be other mode bits set.'
|
||
format: int32
|
||
type: integer
|
||
items:
|
||
description: If unspecified, each key-value pair in
|
||
the Data field of the referenced Secret will be projected
|
||
into the volume as a file whose name is the key and
|
||
content is the value. If specified, the listed keys
|
||
will be projected into the specified paths, and unlisted
|
||
keys will not be present. If a key is specified which
|
||
is not present in the Secret, the volume setup will
|
||
error unless it is marked optional. Paths must be
|
||
relative and may not contain the '..' path or start
|
||
with '..'.
|
||
items:
|
||
description: Maps a string key to a path within a
|
||
volume.
|
||
properties:
|
||
key:
|
||
description: The key to project.
|
||
type: string
|
||
mode:
|
||
description: 'Optional: mode bits used to set
|
||
permissions on this file. Must be an octal value
|
||
between 0000 and 0777 or a decimal value between
|
||
0 and 511. YAML accepts both octal and decimal
|
||
values, JSON requires decimal values for mode
|
||
bits. If not specified, the volume defaultMode
|
||
will be used. This might be in conflict with
|
||
other options that affect the file mode, like
|
||
fsGroup, and the result can be other mode bits
|
||
set.'
|
||
format: int32
|
||
type: integer
|
||
path:
|
||
description: The relative path of the file to
|
||
map the key to. May not be an absolute path.
|
||
May not contain the path element '..'. May not
|
||
start with the string '..'.
|
||
type: string
|
||
required:
|
||
- key
|
||
- path
|
||
type: object
|
||
type: array
|
||
optional:
|
||
description: Specify whether the Secret or its keys
|
||
must be defined
|
||
type: boolean
|
||
secretName:
|
||
description: 'Name of the secret in the pod''s namespace
|
||
to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
|
||
type: string
|
||
type: object
|
||
storageos:
|
||
description: StorageOS represents a StorageOS volume attached
|
||
and mounted on Kubernetes nodes.
|
||
properties:
|
||
fsType:
|
||
description: Filesystem type to mount. Must be a filesystem
|
||
type supported by the host operating system. Ex. "ext4",
|
||
"xfs", "ntfs". Implicitly inferred to be "ext4" if
|
||
unspecified.
|
||
type: string
|
||
readOnly:
|
||
description: Defaults to false (read/write). ReadOnly
|
||
here will force the ReadOnly setting in VolumeMounts.
|
||
type: boolean
|
||
secretRef:
|
||
description: SecretRef specifies the secret to use for
|
||
obtaining the StorageOS API credentials. If not specified,
|
||
default values will be attempted.
|
||
properties:
|
||
name:
|
||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
TODO: Add other useful fields. apiVersion, kind,
|
||
uid?'
|
||
type: string
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
volumeName:
|
||
description: VolumeName is the human-readable name of
|
||
the StorageOS volume. Volume names are only unique
|
||
within a namespace.
|
||
type: string
|
||
volumeNamespace:
|
||
description: VolumeNamespace specifies the scope of
|
||
the volume within StorageOS. If no namespace is specified
|
||
then the Pod's namespace will be used. This allows
|
||
the Kubernetes name scoping to be mirrored within
|
||
StorageOS for tighter integration. Set VolumeName
|
||
to any name to override the default behaviour. Set
|
||
to "default" if you are not using namespaces within
|
||
StorageOS. Namespaces that do not pre-exist within
|
||
StorageOS will be created.
|
||
type: string
|
||
type: object
|
||
vsphereVolume:
|
||
description: VsphereVolume represents a vSphere volume attached
|
||
and mounted on kubelets host machine
|
||
properties:
|
||
fsType:
|
||
description: Filesystem type to mount. Must be a filesystem
|
||
type supported by the host operating system. Ex. "ext4",
|
||
"xfs", "ntfs". Implicitly inferred to be "ext4" if
|
||
unspecified.
|
||
type: string
|
||
storagePolicyID:
|
||
description: Storage Policy Based Management (SPBM)
|
||
profile ID associated with the StoragePolicyName.
|
||
type: string
|
||
storagePolicyName:
|
||
description: Storage Policy Based Management (SPBM)
|
||
profile name.
|
||
type: string
|
||
volumePath:
|
||
description: Path that identifies vSphere volume vmdk
|
||
type: string
|
||
required:
|
||
- volumePath
|
||
type: object
|
||
required:
|
||
- name
|
||
type: object
|
||
type: array
|
||
required:
|
||
- volumeMounts
|
||
- volumes
|
||
type: object
|
||
name:
|
||
description: name is the Control Center cluster name.
|
||
type: string
|
||
oneReplicaPerNode:
|
||
description: oneReplicaPerNode controls whether to run 1 pod per node
|
||
using the pod anti-affinity capability. Enabling this configuration
|
||
in an existing cluster will roll the cluster.
|
||
type: boolean
|
||
podTemplate:
|
||
description: podTemplate specifies the statefulset pod template configuration.
|
||
properties:
|
||
affinity:
|
||
description: 'affinity specifies a group of affinity scheduling
|
||
rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.'
|
||
properties:
|
||
nodeAffinity:
|
||
description: Describes node affinity scheduling rules for
|
||
the pod.
|
||
properties:
|
||
preferredDuringSchedulingIgnoredDuringExecution:
|
||
description: The scheduler will prefer to schedule pods
|
||
to nodes that satisfy the affinity expressions specified
|
||
by this field, but it may choose a node that violates
|
||
one or more of the expressions. The node that is most
|
||
preferred is the one with the greatest sum of weights,
|
||
i.e. for each node that meets all of the scheduling
|
||
requirements (resource request, requiredDuringScheduling
|
||
affinity expressions, etc.), compute a sum by iterating
|
||
through the elements of this field and adding "weight"
|
||
to the sum if the node matches the corresponding matchExpressions;
|
||
the node(s) with the highest sum are the most preferred.
|
||
items:
|
||
description: An empty preferred scheduling term matches
|
||
all objects with implicit weight 0 (i.e. it's a no-op).
|
||
A null preferred scheduling term matches no objects
|
||
(i.e. is also a no-op).
|
||
properties:
|
||
preference:
|
||
description: A node selector term, associated with
|
||
the corresponding weight.
|
||
properties:
|
||
matchExpressions:
|
||
description: A list of node selector requirements
|
||
by node's labels.
|
||
items:
|
||
description: A node selector requirement is
|
||
a selector that contains values, a key,
|
||
and an operator that relates the key and
|
||
values.
|
||
properties:
|
||
key:
|
||
description: The label key that the selector
|
||
applies to.
|
||
type: string
|
||
operator:
|
||
description: Represents a key's relationship
|
||
to a set of values. Valid operators
|
||
are In, NotIn, Exists, DoesNotExist.
|
||
Gt, and Lt.
|
||
type: string
|
||
values:
|
||
description: An array of string values.
|
||
If the operator is In or NotIn, the
|
||
values array must be non-empty. If the
|
||
operator is Exists or DoesNotExist,
|
||
the values array must be empty. If the
|
||
operator is Gt or Lt, the values array
|
||
must have a single element, which will
|
||
be interpreted as an integer. This array
|
||
is replaced during a strategic merge
|
||
patch.
|
||
items:
|
||
type: string
|
||
type: array
|
||
required:
|
||
- key
|
||
- operator
|
||
type: object
|
||
type: array
|
||
matchFields:
|
||
description: A list of node selector requirements
|
||
by node's fields.
|
||
items:
|
||
description: A node selector requirement is
|
||
a selector that contains values, a key,
|
||
and an operator that relates the key and
|
||
values.
|
||
properties:
|
||
key:
|
||
description: The label key that the selector
|
||
applies to.
|
||
type: string
|
||
operator:
|
||
description: Represents a key's relationship
|
||
to a set of values. Valid operators
|
||
are In, NotIn, Exists, DoesNotExist.
|
||
Gt, and Lt.
|
||
type: string
|
||
values:
|
||
description: An array of string values.
|
||
If the operator is In or NotIn, the
|
||
values array must be non-empty. If the
|
||
operator is Exists or DoesNotExist,
|
||
the values array must be empty. If the
|
||
operator is Gt or Lt, the values array
|
||
must have a single element, which will
|
||
be interpreted as an integer. This array
|
||
is replaced during a strategic merge
|
||
patch.
|
||
items:
|
||
type: string
|
||
type: array
|
||
required:
|
||
- key
|
||
- operator
|
||
type: object
|
||
type: array
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
weight:
|
||
description: Weight associated with matching the
|
||
corresponding nodeSelectorTerm, in the range 1-100.
|
||
format: int32
|
||
type: integer
|
||
required:
|
||
- preference
|
||
- weight
|
||
type: object
|
||
type: array
|
||
requiredDuringSchedulingIgnoredDuringExecution:
|
||
description: If the affinity requirements specified by
|
||
this field are not met at scheduling time, the pod will
|
||
not be scheduled onto the node. If the affinity requirements
|
||
specified by this field cease to be met at some point
|
||
during pod execution (e.g. due to an update), the system
|
||
may or may not try to eventually evict the pod from
|
||
its node.
|
||
properties:
|
||
nodeSelectorTerms:
|
||
description: Required. A list of node selector terms.
|
||
The terms are ORed.
|
||
items:
|
||
description: A null or empty node selector term
|
||
matches no objects. The requirements of them are
|
||
ANDed. The TopologySelectorTerm type implements
|
||
a subset of the NodeSelectorTerm.
|
||
properties:
|
||
matchExpressions:
|
||
description: A list of node selector requirements
|
||
by node's labels.
|
||
items:
|
||
description: A node selector requirement is
|
||
a selector that contains values, a key,
|
||
and an operator that relates the key and
|
||
values.
|
||
properties:
|
||
key:
|
||
description: The label key that the selector
|
||
applies to.
|
||
type: string
|
||
operator:
|
||
description: Represents a key's relationship
|
||
to a set of values. Valid operators
|
||
are In, NotIn, Exists, DoesNotExist.
|
||
Gt, and Lt.
|
||
type: string
|
||
values:
|
||
description: An array of string values.
|
||
If the operator is In or NotIn, the
|
||
values array must be non-empty. If the
|
||
operator is Exists or DoesNotExist,
|
||
the values array must be empty. If the
|
||
operator is Gt or Lt, the values array
|
||
must have a single element, which will
|
||
be interpreted as an integer. This array
|
||
is replaced during a strategic merge
|
||
patch.
|
||
items:
|
||
type: string
|
||
type: array
|
||
required:
|
||
- key
|
||
- operator
|
||
type: object
|
||
type: array
|
||
matchFields:
|
||
description: A list of node selector requirements
|
||
by node's fields.
|
||
items:
|
||
description: A node selector requirement is
|
||
a selector that contains values, a key,
|
||
and an operator that relates the key and
|
||
values.
|
||
properties:
|
||
key:
|
||
description: The label key that the selector
|
||
applies to.
|
||
type: string
|
||
operator:
|
||
description: Represents a key's relationship
|
||
to a set of values. Valid operators
|
||
are In, NotIn, Exists, DoesNotExist.
|
||
Gt, and Lt.
|
||
type: string
|
||
values:
|
||
description: An array of string values.
|
||
If the operator is In or NotIn, the
|
||
values array must be non-empty. If the
|
||
operator is Exists or DoesNotExist,
|
||
the values array must be empty. If the
|
||
operator is Gt or Lt, the values array
|
||
must have a single element, which will
|
||
be interpreted as an integer. This array
|
||
is replaced during a strategic merge
|
||
patch.
|
||
items:
|
||
type: string
|
||
type: array
|
||
required:
|
||
- key
|
||
- operator
|
||
type: object
|
||
type: array
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
type: array
|
||
required:
|
||
- nodeSelectorTerms
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
type: object
|
||
podAffinity:
|
||
description: Describes pod affinity scheduling rules (e.g.
|
||
co-locate this pod in the same node, zone, etc. as some
|
||
other pod(s)).
|
||
properties:
|
||
preferredDuringSchedulingIgnoredDuringExecution:
|
||
description: The scheduler will prefer to schedule pods
|
||
to nodes that satisfy the affinity expressions specified
|
||
by this field, but it may choose a node that violates
|
||
one or more of the expressions. The node that is most
|
||
preferred is the one with the greatest sum of weights,
|
||
i.e. for each node that meets all of the scheduling
|
||
requirements (resource request, requiredDuringScheduling
|
||
affinity expressions, etc.), compute a sum by iterating
|
||
through the elements of this field and adding "weight"
|
||
to the sum if the node has pods which matches the corresponding
|
||
podAffinityTerm; the node(s) with the highest sum are
|
||
the most preferred.
|
||
items:
|
||
description: The weights of all of the matched WeightedPodAffinityTerm
|
||
fields are added per-node to find the most preferred
|
||
node(s)
|
||
properties:
|
||
podAffinityTerm:
|
||
description: Required. A pod affinity term, associated
|
||
with the corresponding weight.
|
||
properties:
|
||
labelSelector:
|
||
description: A label query over a set of resources,
|
||
in this case pods.
|
||
properties:
|
||
matchExpressions:
|
||
description: matchExpressions is a list
|
||
of label selector requirements. The requirements
|
||
are ANDed.
|
||
items:
|
||
description: A label selector requirement
|
||
is a selector that contains values,
|
||
a key, and an operator that relates
|
||
the key and values.
|
||
properties:
|
||
key:
|
||
description: key is the label key
|
||
that the selector applies to.
|
||
type: string
|
||
operator:
|
||
description: operator represents a
|
||
key's relationship to a set of values.
|
||
Valid operators are In, NotIn, Exists
|
||
and DoesNotExist.
|
||
type: string
|
||
values:
|
||
description: values is an array of
|
||
string values. If the operator is
|
||
In or NotIn, the values array must
|
||
be non-empty. If the operator is
|
||
Exists or DoesNotExist, the values
|
||
array must be empty. This array
|
||
is replaced during a strategic merge
|
||
patch.
|
||
items:
|
||
type: string
|
||
type: array
|
||
required:
|
||
- key
|
||
- operator
|
||
type: object
|
||
type: array
|
||
matchLabels:
|
||
additionalProperties:
|
||
type: string
|
||
description: matchLabels is a map of {key,value}
|
||
pairs. A single {key,value} in the matchLabels
|
||
map is equivalent to an element of matchExpressions,
|
||
whose key field is "key", the operator
|
||
is "In", and the values array contains
|
||
only "value". The requirements are ANDed.
|
||
type: object
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
namespaceSelector:
|
||
description: A label query over the set of namespaces
|
||
that the term applies to. The term is applied
|
||
to the union of the namespaces selected by
|
||
this field and the ones listed in the namespaces
|
||
field. null selector and null or empty namespaces
|
||
list means "this pod's namespace". An empty
|
||
selector ({}) matches all namespaces. This
|
||
field is beta-level and is only honored when
|
||
PodAffinityNamespaceSelector feature is enabled.
|
||
properties:
|
||
matchExpressions:
|
||
description: matchExpressions is a list
|
||
of label selector requirements. The requirements
|
||
are ANDed.
|
||
items:
|
||
description: A label selector requirement
|
||
is a selector that contains values,
|
||
a key, and an operator that relates
|
||
the key and values.
|
||
properties:
|
||
key:
|
||
description: key is the label key
|
||
that the selector applies to.
|
||
type: string
|
||
operator:
|
||
description: operator represents a
|
||
key's relationship to a set of values.
|
||
Valid operators are In, NotIn, Exists
|
||
and DoesNotExist.
|
||
type: string
|
||
values:
|
||
description: values is an array of
|
||
string values. If the operator is
|
||
In or NotIn, the values array must
|
||
be non-empty. If the operator is
|
||
Exists or DoesNotExist, the values
|
||
array must be empty. This array
|
||
is replaced during a strategic merge
|
||
patch.
|
||
items:
|
||
type: string
|
||
type: array
|
||
required:
|
||
- key
|
||
- operator
|
||
type: object
|
||
type: array
|
||
matchLabels:
|
||
additionalProperties:
|
||
type: string
|
||
description: matchLabels is a map of {key,value}
|
||
pairs. A single {key,value} in the matchLabels
|
||
map is equivalent to an element of matchExpressions,
|
||
whose key field is "key", the operator
|
||
is "In", and the values array contains
|
||
only "value". The requirements are ANDed.
|
||
type: object
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
namespaces:
|
||
description: namespaces specifies a static list
|
||
of namespace names that the term applies to.
|
||
The term is applied to the union of the namespaces
|
||
listed in this field and the ones selected
|
||
by namespaceSelector. null or empty namespaces
|
||
list and null namespaceSelector means "this
|
||
pod's namespace"
|
||
items:
|
||
type: string
|
||
type: array
|
||
topologyKey:
|
||
description: This pod should be co-located (affinity)
|
||
or not co-located (anti-affinity) with the
|
||
pods matching the labelSelector in the specified
|
||
namespaces, where co-located is defined as
|
||
running on a node whose value of the label
|
||
with key topologyKey matches that of any node
|
||
on which any of the selected pods is running.
|
||
Empty topologyKey is not allowed.
|
||
type: string
|
||
required:
|
||
- topologyKey
|
||
type: object
|
||
weight:
|
||
description: weight associated with matching the
|
||
corresponding podAffinityTerm, in the range 1-100.
|
||
format: int32
|
||
type: integer
|
||
required:
|
||
- podAffinityTerm
|
||
- weight
|
||
type: object
|
||
type: array
|
||
requiredDuringSchedulingIgnoredDuringExecution:
|
||
description: If the affinity requirements specified by
|
||
this field are not met at scheduling time, the pod will
|
||
not be scheduled onto the node. If the affinity requirements
|
||
specified by this field cease to be met at some point
|
||
during pod execution (e.g. due to a pod label update),
|
||
the system may or may not try to eventually evict the
|
||
pod from its node. When there are multiple elements,
|
||
the lists of nodes corresponding to each podAffinityTerm
|
||
are intersected, i.e. all terms must be satisfied.
|
||
items:
|
||
description: Defines a set of pods (namely those matching
|
||
the labelSelector relative to the given namespace(s))
|
||
that this pod should be co-located (affinity) or not
|
||
co-located (anti-affinity) with, where co-located
|
||
is defined as running on a node whose value of the
|
||
label with key <topologyKey> matches that of any node
|
||
on which a pod of the set of pods is running
|
||
properties:
|
||
labelSelector:
|
||
description: A label query over a set of resources,
|
||
in this case pods.
|
||
properties:
|
||
matchExpressions:
|
||
description: matchExpressions is a list of label
|
||
selector requirements. The requirements are
|
||
ANDed.
|
||
items:
|
||
description: A label selector requirement
|
||
is a selector that contains values, a key,
|
||
and an operator that relates the key and
|
||
values.
|
||
properties:
|
||
key:
|
||
description: key is the label key that
|
||
the selector applies to.
|
||
type: string
|
||
operator:
|
||
description: operator represents a key's
|
||
relationship to a set of values. Valid
|
||
operators are In, NotIn, Exists and
|
||
DoesNotExist.
|
||
type: string
|
||
values:
|
||
description: values is an array of string
|
||
values. If the operator is In or NotIn,
|
||
the values array must be non-empty.
|
||
If the operator is Exists or DoesNotExist,
|
||
the values array must be empty. This
|
||
array is replaced during a strategic
|
||
merge patch.
|
||
items:
|
||
type: string
|
||
type: array
|
||
required:
|
||
- key
|
||
- operator
|
||
type: object
|
||
type: array
|
||
matchLabels:
|
||
additionalProperties:
|
||
type: string
|
||
description: matchLabels is a map of {key,value}
|
||
pairs. A single {key,value} in the matchLabels
|
||
map is equivalent to an element of matchExpressions,
|
||
whose key field is "key", the operator is
|
||
"In", and the values array contains only "value".
|
||
The requirements are ANDed.
|
||
type: object
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
namespaceSelector:
|
||
description: A label query over the set of namespaces
|
||
that the term applies to. The term is applied
|
||
to the union of the namespaces selected by this
|
||
field and the ones listed in the namespaces field.
|
||
null selector and null or empty namespaces list
|
||
means "this pod's namespace". An empty selector
|
||
({}) matches all namespaces. This field is beta-level
|
||
and is only honored when PodAffinityNamespaceSelector
|
||
feature is enabled.
|
||
properties:
|
||
matchExpressions:
|
||
description: matchExpressions is a list of label
|
||
selector requirements. The requirements are
|
||
ANDed.
|
||
items:
|
||
description: A label selector requirement
|
||
is a selector that contains values, a key,
|
||
and an operator that relates the key and
|
||
values.
|
||
properties:
|
||
key:
|
||
description: key is the label key that
|
||
the selector applies to.
|
||
type: string
|
||
operator:
|
||
description: operator represents a key's
|
||
relationship to a set of values. Valid
|
||
operators are In, NotIn, Exists and
|
||
DoesNotExist.
|
||
type: string
|
||
values:
|
||
description: values is an array of string
|
||
values. If the operator is In or NotIn,
|
||
the values array must be non-empty.
|
||
If the operator is Exists or DoesNotExist,
|
||
the values array must be empty. This
|
||
array is replaced during a strategic
|
||
merge patch.
|
||
items:
|
||
type: string
|
||
type: array
|
||
required:
|
||
- key
|
||
- operator
|
||
type: object
|
||
type: array
|
||
matchLabels:
|
||
additionalProperties:
|
||
type: string
|
||
description: matchLabels is a map of {key,value}
|
||
pairs. A single {key,value} in the matchLabels
|
||
map is equivalent to an element of matchExpressions,
|
||
whose key field is "key", the operator is
|
||
"In", and the values array contains only "value".
|
||
The requirements are ANDed.
|
||
type: object
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
namespaces:
|
||
description: namespaces specifies a static list
|
||
of namespace names that the term applies to. The
|
||
term is applied to the union of the namespaces
|
||
listed in this field and the ones selected by
|
||
namespaceSelector. null or empty namespaces list
|
||
and null namespaceSelector means "this pod's namespace"
|
||
items:
|
||
type: string
|
||
type: array
|
||
topologyKey:
|
||
description: This pod should be co-located (affinity)
|
||
or not co-located (anti-affinity) with the pods
|
||
matching the labelSelector in the specified namespaces,
|
||
where co-located is defined as running on a node
|
||
whose value of the label with key topologyKey
|
||
matches that of any node on which any of the selected
|
||
pods is running. Empty topologyKey is not allowed.
|
||
type: string
|
||
required:
|
||
- topologyKey
|
||
type: object
|
||
type: array
|
||
type: object
|
||
podAntiAffinity:
|
||
description: Describes pod anti-affinity scheduling rules
|
||
(e.g. avoid putting this pod in the same node, zone, etc.
|
||
as some other pod(s)).
|
||
properties:
|
||
preferredDuringSchedulingIgnoredDuringExecution:
|
||
description: The scheduler will prefer to schedule pods
|
||
to nodes that satisfy the anti-affinity expressions
|
||
specified by this field, but it may choose a node that
|
||
violates one or more of the expressions. The node that
|
||
is most preferred is the one with the greatest sum of
|
||
weights, i.e. for each node that meets all of the scheduling
|
||
requirements (resource request, requiredDuringScheduling
|
||
anti-affinity expressions, etc.), compute a sum by iterating
|
||
through the elements of this field and adding "weight"
|
||
to the sum if the node has pods which matches the corresponding
|
||
podAffinityTerm; the node(s) with the highest sum are
|
||
the most preferred.
|
||
items:
|
||
description: The weights of all of the matched WeightedPodAffinityTerm
|
||
fields are added per-node to find the most preferred
|
||
node(s)
|
||
properties:
|
||
podAffinityTerm:
|
||
description: Required. A pod affinity term, associated
|
||
with the corresponding weight.
|
||
properties:
|
||
labelSelector:
|
||
description: A label query over a set of resources,
|
||
in this case pods.
|
||
properties:
|
||
matchExpressions:
|
||
description: matchExpressions is a list
|
||
of label selector requirements. The requirements
|
||
are ANDed.
|
||
items:
|
||
description: A label selector requirement
|
||
is a selector that contains values,
|
||
a key, and an operator that relates
|
||
the key and values.
|
||
properties:
|
||
key:
|
||
description: key is the label key
|
||
that the selector applies to.
|
||
type: string
|
||
operator:
|
||
description: operator represents a
|
||
key's relationship to a set of values.
|
||
Valid operators are In, NotIn, Exists
|
||
and DoesNotExist.
|
||
type: string
|
||
values:
|
||
description: values is an array of
|
||
string values. If the operator is
|
||
In or NotIn, the values array must
|
||
be non-empty. If the operator is
|
||
Exists or DoesNotExist, the values
|
||
array must be empty. This array
|
||
is replaced during a strategic merge
|
||
patch.
|
||
items:
|
||
type: string
|
||
type: array
|
||
required:
|
||
- key
|
||
- operator
|
||
type: object
|
||
type: array
|
||
matchLabels:
|
||
additionalProperties:
|
||
type: string
|
||
description: matchLabels is a map of {key,value}
|
||
pairs. A single {key,value} in the matchLabels
|
||
map is equivalent to an element of matchExpressions,
|
||
whose key field is "key", the operator
|
||
is "In", and the values array contains
|
||
only "value". The requirements are ANDed.
|
||
type: object
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
namespaceSelector:
|
||
description: A label query over the set of namespaces
|
||
that the term applies to. The term is applied
|
||
to the union of the namespaces selected by
|
||
this field and the ones listed in the namespaces
|
||
field. null selector and null or empty namespaces
|
||
list means "this pod's namespace". An empty
|
||
selector ({}) matches all namespaces. This
|
||
field is beta-level and is only honored when
|
||
PodAffinityNamespaceSelector feature is enabled.
|
||
properties:
|
||
matchExpressions:
|
||
description: matchExpressions is a list
|
||
of label selector requirements. The requirements
|
||
are ANDed.
|
||
items:
|
||
description: A label selector requirement
|
||
is a selector that contains values,
|
||
a key, and an operator that relates
|
||
the key and values.
|
||
properties:
|
||
key:
|
||
description: key is the label key
|
||
that the selector applies to.
|
||
type: string
|
||
operator:
|
||
description: operator represents a
|
||
key's relationship to a set of values.
|
||
Valid operators are In, NotIn, Exists
|
||
and DoesNotExist.
|
||
type: string
|
||
values:
|
||
description: values is an array of
|
||
string values. If the operator is
|
||
In or NotIn, the values array must
|
||
be non-empty. If the operator is
|
||
Exists or DoesNotExist, the values
|
||
array must be empty. This array
|
||
is replaced during a strategic merge
|
||
patch.
|
||
items:
|
||
type: string
|
||
type: array
|
||
required:
|
||
- key
|
||
- operator
|
||
type: object
|
||
type: array
|
||
matchLabels:
|
||
additionalProperties:
|
||
type: string
|
||
description: matchLabels is a map of {key,value}
|
||
pairs. A single {key,value} in the matchLabels
|
||
map is equivalent to an element of matchExpressions,
|
||
whose key field is "key", the operator
|
||
is "In", and the values array contains
|
||
only "value". The requirements are ANDed.
|
||
type: object
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
namespaces:
|
||
description: namespaces specifies a static list
|
||
of namespace names that the term applies to.
|
||
The term is applied to the union of the namespaces
|
||
listed in this field and the ones selected
|
||
by namespaceSelector. null or empty namespaces
|
||
list and null namespaceSelector means "this
|
||
pod's namespace"
|
||
items:
|
||
type: string
|
||
type: array
|
||
topologyKey:
|
||
description: This pod should be co-located (affinity)
|
||
or not co-located (anti-affinity) with the
|
||
pods matching the labelSelector in the specified
|
||
namespaces, where co-located is defined as
|
||
running on a node whose value of the label
|
||
with key topologyKey matches that of any node
|
||
on which any of the selected pods is running.
|
||
Empty topologyKey is not allowed.
|
||
type: string
|
||
required:
|
||
- topologyKey
|
||
type: object
|
||
weight:
|
||
description: weight associated with matching the
|
||
corresponding podAffinityTerm, in the range 1-100.
|
||
format: int32
|
||
type: integer
|
||
required:
|
||
- podAffinityTerm
|
||
- weight
|
||
type: object
|
||
type: array
|
||
requiredDuringSchedulingIgnoredDuringExecution:
|
||
description: If the anti-affinity requirements specified
|
||
by this field are not met at scheduling time, the pod
|
||
will not be scheduled onto the node. If the anti-affinity
|
||
requirements specified by this field cease to be met
|
||
at some point during pod execution (e.g. due to a pod
|
||
label update), the system may or may not try to eventually
|
||
evict the pod from its node. When there are multiple
|
||
elements, the lists of nodes corresponding to each podAffinityTerm
|
||
are intersected, i.e. all terms must be satisfied.
|
||
items:
|
||
description: Defines a set of pods (namely those matching
|
||
the labelSelector relative to the given namespace(s))
|
||
that this pod should be co-located (affinity) or not
|
||
co-located (anti-affinity) with, where co-located
|
||
is defined as running on a node whose value of the
|
||
label with key <topologyKey> matches that of any node
|
||
on which a pod of the set of pods is running
|
||
properties:
|
||
labelSelector:
|
||
description: A label query over a set of resources,
|
||
in this case pods.
|
||
properties:
|
||
matchExpressions:
|
||
description: matchExpressions is a list of label
|
||
selector requirements. The requirements are
|
||
ANDed.
|
||
items:
|
||
description: A label selector requirement
|
||
is a selector that contains values, a key,
|
||
and an operator that relates the key and
|
||
values.
|
||
properties:
|
||
key:
|
||
description: key is the label key that
|
||
the selector applies to.
|
||
type: string
|
||
operator:
|
||
description: operator represents a key's
|
||
relationship to a set of values. Valid
|
||
operators are In, NotIn, Exists and
|
||
DoesNotExist.
|
||
type: string
|
||
values:
|
||
description: values is an array of string
|
||
values. If the operator is In or NotIn,
|
||
the values array must be non-empty.
|
||
If the operator is Exists or DoesNotExist,
|
||
the values array must be empty. This
|
||
array is replaced during a strategic
|
||
merge patch.
|
||
items:
|
||
type: string
|
||
type: array
|
||
required:
|
||
- key
|
||
- operator
|
||
type: object
|
||
type: array
|
||
matchLabels:
|
||
additionalProperties:
|
||
type: string
|
||
description: matchLabels is a map of {key,value}
|
||
pairs. A single {key,value} in the matchLabels
|
||
map is equivalent to an element of matchExpressions,
|
||
whose key field is "key", the operator is
|
||
"In", and the values array contains only "value".
|
||
The requirements are ANDed.
|
||
type: object
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
namespaceSelector:
|
||
description: A label query over the set of namespaces
|
||
that the term applies to. The term is applied
|
||
to the union of the namespaces selected by this
|
||
field and the ones listed in the namespaces field.
|
||
null selector and null or empty namespaces list
|
||
means "this pod's namespace". An empty selector
|
||
({}) matches all namespaces. This field is beta-level
|
||
and is only honored when PodAffinityNamespaceSelector
|
||
feature is enabled.
|
||
properties:
|
||
matchExpressions:
|
||
description: matchExpressions is a list of label
|
||
selector requirements. The requirements are
|
||
ANDed.
|
||
items:
|
||
description: A label selector requirement
|
||
is a selector that contains values, a key,
|
||
and an operator that relates the key and
|
||
values.
|
||
properties:
|
||
key:
|
||
description: key is the label key that
|
||
the selector applies to.
|
||
type: string
|
||
operator:
|
||
description: operator represents a key's
|
||
relationship to a set of values. Valid
|
||
operators are In, NotIn, Exists and
|
||
DoesNotExist.
|
||
type: string
|
||
values:
|
||
description: values is an array of string
|
||
values. If the operator is In or NotIn,
|
||
the values array must be non-empty.
|
||
If the operator is Exists or DoesNotExist,
|
||
the values array must be empty. This
|
||
array is replaced during a strategic
|
||
merge patch.
|
||
items:
|
||
type: string
|
||
type: array
|
||
required:
|
||
- key
|
||
- operator
|
||
type: object
|
||
type: array
|
||
matchLabels:
|
||
additionalProperties:
|
||
type: string
|
||
description: matchLabels is a map of {key,value}
|
||
pairs. A single {key,value} in the matchLabels
|
||
map is equivalent to an element of matchExpressions,
|
||
whose key field is "key", the operator is
|
||
"In", and the values array contains only "value".
|
||
The requirements are ANDed.
|
||
type: object
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
namespaces:
|
||
description: namespaces specifies a static list
|
||
of namespace names that the term applies to. The
|
||
term is applied to the union of the namespaces
|
||
listed in this field and the ones selected by
|
||
namespaceSelector. null or empty namespaces list
|
||
and null namespaceSelector means "this pod's namespace"
|
||
items:
|
||
type: string
|
||
type: array
|
||
topologyKey:
|
||
description: This pod should be co-located (affinity)
|
||
or not co-located (anti-affinity) with the pods
|
||
matching the labelSelector in the specified namespaces,
|
||
where co-located is defined as running on a node
|
||
whose value of the label with key topologyKey
|
||
matches that of any node on which any of the selected
|
||
pods is running. Empty topologyKey is not allowed.
|
||
type: string
|
||
required:
|
||
- topologyKey
|
||
type: object
|
||
type: array
|
||
type: object
|
||
type: object
|
||
annotations:
|
||
additionalProperties:
|
||
type: string
|
||
description: 'annotations is a map of string key and value pairs
|
||
stored with the resource and may be set by external tools to
|
||
store and retrieve arbitrary metadata. They are not queryable
|
||
and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.'
|
||
type: object
|
||
x-kubernetes-map-type: granular
|
||
envVars:
|
||
description: 'envVars contain environment variables to be injected
|
||
into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.'
|
||
items:
|
||
description: EnvVar represents an environment variable present
|
||
in a Container.
|
||
properties:
|
||
name:
|
||
description: Name of the environment variable. Must be a
|
||
C_IDENTIFIER.
|
||
type: string
|
||
value:
|
||
description: 'Variable references $(VAR_NAME) are expanded
|
||
using the previously defined environment variables in
|
||
the container and any service environment variables. If
|
||
a variable cannot be resolved, the reference in the input
|
||
string will be unchanged. Double $$ are reduced to a single
|
||
$, which allows for escaping the $(VAR_NAME) syntax: i.e.
|
||
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
|
||
Escaped references will never be expanded, regardless
|
||
of whether the variable exists or not. Defaults to "".'
|
||
type: string
|
||
valueFrom:
|
||
description: Source for the environment variable's value.
|
||
Cannot be used if value is not empty.
|
||
properties:
|
||
configMapKeyRef:
|
||
description: Selects a key of a ConfigMap.
|
||
properties:
|
||
key:
|
||
description: The key to select.
|
||
type: string
|
||
name:
|
||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
TODO: Add other useful fields. apiVersion, kind,
|
||
uid?'
|
||
type: string
|
||
optional:
|
||
description: Specify whether the ConfigMap or its
|
||
key must be defined
|
||
type: boolean
|
||
required:
|
||
- key
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
fieldRef:
|
||
description: 'Selects a field of the pod: supports metadata.name,
|
||
metadata.namespace, `metadata.labels[''<KEY>'']`,
|
||
`metadata.annotations[''<KEY>'']`, spec.nodeName,
|
||
spec.serviceAccountName, status.hostIP, status.podIP,
|
||
status.podIPs.'
|
||
properties:
|
||
apiVersion:
|
||
description: Version of the schema the FieldPath
|
||
is written in terms of, defaults to "v1".
|
||
type: string
|
||
fieldPath:
|
||
description: Path of the field to select in the
|
||
specified API version.
|
||
type: string
|
||
required:
|
||
- fieldPath
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
resourceFieldRef:
|
||
description: 'Selects a resource of the container: only
|
||
resources limits and requests (limits.cpu, limits.memory,
|
||
limits.ephemeral-storage, requests.cpu, requests.memory
|
||
and requests.ephemeral-storage) are currently supported.'
|
||
properties:
|
||
containerName:
|
||
description: 'Container name: required for volumes,
|
||
optional for env vars'
|
||
type: string
|
||
divisor:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
description: Specifies the output format of the
|
||
exposed resources, defaults to "1"
|
||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||
x-kubernetes-int-or-string: true
|
||
resource:
|
||
description: 'Required: resource to select'
|
||
type: string
|
||
required:
|
||
- resource
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
secretKeyRef:
|
||
description: Selects a key of a secret in the pod's
|
||
namespace
|
||
properties:
|
||
key:
|
||
description: The key of the secret to select from. Must
|
||
be a valid secret key.
|
||
type: string
|
||
name:
|
||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||
TODO: Add other useful fields. apiVersion, kind,
|
||
uid?'
|
||
type: string
|
||
optional:
|
||
description: Specify whether the Secret or its key
|
||
must be defined
|
||
type: boolean
|
||
required:
|
||
- key
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
type: object
|
||
required:
|
||
- name
|
||
type: object
|
||
type: array
|
||
labels:
|
||
additionalProperties:
|
||
type: string
|
||
description: 'labels is a map of string key and value pairs that
|
||
can be used to organize and categorize (scope and select) objects.
|
||
More info: http://kubernetes.io/docs/user-guide/labels.'
|
||
type: object
|
||
x-kubernetes-map-type: granular
|
||
podSecurityContext:
|
||
description: PodSecurityContext holds pod-level security attributes
|
||
and common container settings. Some fields are also present
|
||
in container.securityContext. Field values of container.securityContext
|
||
take precedence over field values of PodSecurityContext.
|
||
properties:
|
||
fsGroup:
|
||
description: "A special supplemental group that applies to
|
||
all containers in a pod. Some volume types allow the Kubelet
|
||
to change the ownership of that volume to be owned by the
|
||
pod: \n 1. The owning GID will be the FSGroup 2. The setgid
|
||
bit is set (new files created in the volume will be owned
|
||
by FSGroup) 3. The permission bits are OR'd with rw-rw----
|
||
\n If unset, the Kubelet will not modify the ownership and
|
||
permissions of any volume. Note that this field cannot be
|
||
set when spec.os.name is windows."
|
||
format: int64
|
||
type: integer
|
||
fsGroupChangePolicy:
|
||
description: 'fsGroupChangePolicy defines behavior of changing
|
||
ownership and permission of the volume before being exposed
|
||
inside Pod. This field will only apply to volume types which
|
||
support fsGroup based ownership(and permissions). It will
|
||
have no effect on ephemeral volume types such as: secret,
|
||
configmaps and emptydir. Valid values are "OnRootMismatch"
|
||
and "Always". If not specified, "Always" is used. Note that
|
||
this field cannot be set when spec.os.name is windows.'
|
||
type: string
|
||
runAsGroup:
|
||
description: The GID to run the entrypoint of the container
|
||
process. Uses runtime default if unset. May also be set
|
||
in SecurityContext. If set in both SecurityContext and
|
||
PodSecurityContext, the value specified in SecurityContext
|
||
takes precedence for that container. Note that this field
|
||
cannot be set when spec.os.name is windows.
|
||
format: int64
|
||
type: integer
|
||
runAsNonRoot:
|
||
description: Indicates that the container must run as a non-root
|
||
user. If true, the Kubelet will validate the image at runtime
|
||
to ensure that it does not run as UID 0 (root) and fail
|
||
to start the container if it does. If unset or false, no
|
||
such validation will be performed. May also be set in SecurityContext. If
|
||
set in both SecurityContext and PodSecurityContext, the
|
||
value specified in SecurityContext takes precedence.
|
||
type: boolean
|
||
runAsUser:
|
||
description: The UID to run the entrypoint of the container
|
||
process. Defaults to user specified in image metadata if
|
||
unspecified. May also be set in SecurityContext. If set
|
||
in both SecurityContext and PodSecurityContext, the value
|
||
specified in SecurityContext takes precedence for that container.
|
||
Note that this field cannot be set when spec.os.name is
|
||
windows.
|
||
format: int64
|
||
type: integer
|
||
seLinuxOptions:
|
||
description: The SELinux context to be applied to all containers.
|
||
If unspecified, the container runtime will allocate a random
|
||
SELinux context for each container. May also be set in
|
||
SecurityContext. If set in both SecurityContext and PodSecurityContext,
|
||
the value specified in SecurityContext takes precedence
|
||
for that container. Note that this field cannot be set when
|
||
spec.os.name is windows.
|
||
properties:
|
||
level:
|
||
description: Level is SELinux level label that applies
|
||
to the container.
|
||
type: string
|
||
role:
|
||
description: Role is a SELinux role label that applies
|
||
to the container.
|
||
type: string
|
||
type:
|
||
description: Type is a SELinux type label that applies
|
||
to the container.
|
||
type: string
|
||
user:
|
||
description: User is a SELinux user label that applies
|
||
to the container.
|
||
type: string
|
||
type: object
|
||
seccompProfile:
|
||
description: The seccomp options to use by the containers
|
||
in this pod. Note that this field cannot be set when spec.os.name
|
||
is windows.
|
||
properties:
|
||
localhostProfile:
|
||
description: localhostProfile indicates a profile defined
|
||
in a file on the node should be used. The profile must
|
||
be preconfigured on the node to work. Must be a descending
|
||
path, relative to the kubelet's configured seccomp profile
|
||
location. Must only be set if type is "Localhost".
|
||
type: string
|
||
type:
|
||
description: "type indicates which kind of seccomp profile
|
||
will be applied. Valid options are: \n Localhost - a
|
||
profile defined in a file on the node should be used.
|
||
RuntimeDefault - the container runtime default profile
|
||
should be used. Unconfined - no profile should be applied."
|
||
type: string
|
||
required:
|
||
- type
|
||
type: object
|
||
supplementalGroups:
|
||
description: A list of groups applied to the first process
|
||
run in each container, in addition to the container's primary
|
||
GID. If unspecified, no groups will be added to any container.
|
||
Note that this field cannot be set when spec.os.name is
|
||
windows.
|
||
items:
|
||
format: int64
|
||
type: integer
|
||
type: array
|
||
sysctls:
|
||
description: Sysctls hold a list of namespaced sysctls used
|
||
for the pod. Pods with unsupported sysctls (by the container
|
||
runtime) might fail to launch. Note that this field cannot
|
||
be set when spec.os.name is windows.
|
||
items:
|
||
description: Sysctl defines a kernel parameter to be set
|
||
properties:
|
||
name:
|
||
description: Name of a property to set
|
||
type: string
|
||
value:
|
||
description: Value of a property to set
|
||
type: string
|
||
required:
|
||
- name
|
||
- value
|
||
type: object
|
||
type: array
|
||
windowsOptions:
|
||
description: The Windows specific settings applied to all
|
||
containers. If unspecified, the options within a container's
|
||
SecurityContext will be used. If set in both SecurityContext
|
||
and PodSecurityContext, the value specified in SecurityContext
|
||
takes precedence. Note that this field cannot be set when
|
||
spec.os.name is linux.
|
||
properties:
|
||
gmsaCredentialSpec:
|
||
description: GMSACredentialSpec is where the GMSA admission
|
||
webhook (https://github.com/kubernetes-sigs/windows-gmsa)
|
||
inlines the contents of the GMSA credential spec named
|
||
by the GMSACredentialSpecName field.
|
||
type: string
|
||
gmsaCredentialSpecName:
|
||
description: GMSACredentialSpecName is the name of the
|
||
GMSA credential spec to use.
|
||
type: string
|
||
hostProcess:
|
||
description: HostProcess determines if a container should
|
||
be run as a 'Host Process' container. This field is
|
||
alpha-level and will only be honored by components that
|
||
enable the WindowsHostProcessContainers feature flag.
|
||
Setting this field without the feature flag will result
|
||
in errors when validating the Pod. All of a Pod's containers
|
||
must have the same effective HostProcess value (it is
|
||
not allowed to have a mix of HostProcess containers
|
||
and non-HostProcess containers). In addition, if HostProcess
|
||
is true then HostNetwork must also be set to true.
|
||
type: boolean
|
||
runAsUserName:
|
||
description: The UserName in Windows to run the entrypoint
|
||
of the container process. Defaults to the user specified
|
||
in image metadata if unspecified. May also be set in
|
||
PodSecurityContext. If set in both SecurityContext and
|
||
PodSecurityContext, the value specified in SecurityContext
|
||
takes precedence.
|
||
type: string
|
||
type: object
|
||
type: object
|
||
priorityClassName:
|
||
description: priorityClassName specifies the priority class for
|
||
the pod (if any).
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
probe:
|
||
description: probe contains the fields for standard Kubernetes
|
||
readiness/liveness probe configuration.
|
||
properties:
|
||
liveness:
|
||
description: liveness configures the Kubernetes probe settings.
|
||
The changes will override the existing default configuration.
|
||
properties:
|
||
failureThreshold:
|
||
description: failureThreshold is the minimum consecutive
|
||
failures for the probe to be considered failed. Confluent
|
||
Platform components come with the right configuration,
|
||
and this setting is not required to change most of the
|
||
time.
|
||
format: int32
|
||
type: integer
|
||
initialDelaySeconds:
|
||
description: initialDelaySeconds is the number of seconds
|
||
after the container has started and before probes are
|
||
initiated. Confluent Platform components come with the
|
||
right configuration, and this setting is not required
|
||
to change most of the time.
|
||
format: int32
|
||
type: integer
|
||
periodSeconds:
|
||
description: periodSeconds specifies how often to perform
|
||
the probe. Confluent Platform components come with the
|
||
right configuration, and this setting is not required
|
||
to change most of the time.
|
||
format: int32
|
||
type: integer
|
||
successThreshold:
|
||
description: successThreshold is the minimum consecutive
|
||
successes for the probe to be considered successful
|
||
after having failed. The default values is `1`. Must
|
||
be `1` for liveness and startup. The minimum value is
|
||
`1`.
|
||
format: int32
|
||
type: integer
|
||
timeoutSeconds:
|
||
description: timeoutSeconds is the number of seconds after
|
||
which the probe times out. Confluent Platform components
|
||
come with the right configuration, and this setting
|
||
is not required to change most of the time.
|
||
format: int32
|
||
type: integer
|
||
type: object
|
||
readiness:
|
||
description: readiness configures the Kubernetes probe setting.
|
||
The changes will override the existing default configuration.
|
||
properties:
|
||
failureThreshold:
|
||
description: failureThreshold is the minimum consecutive
|
||
failures for the probe to be considered failed. Confluent
|
||
Platform components come with the right configuration,
|
||
and this setting is not required to change most of the
|
||
time.
|
||
format: int32
|
||
type: integer
|
||
initialDelaySeconds:
|
||
description: initialDelaySeconds is the number of seconds
|
||
after the container has started and before probes are
|
||
initiated. Confluent Platform components come with the
|
||
right configuration, and this setting is not required
|
||
to change most of the time.
|
||
format: int32
|
||
type: integer
|
||
periodSeconds:
|
||
description: periodSeconds specifies how often to perform
|
||
the probe. Confluent Platform components come with the
|
||
right configuration, and this setting is not required
|
||
to change most of the time.
|
||
format: int32
|
||
type: integer
|
||
successThreshold:
|
||
description: successThreshold is the minimum consecutive
|
||
successes for the probe to be considered successful
|
||
after having failed. The default values is `1`. Must
|
||
be `1` for liveness and startup. The minimum value is
|
||
`1`.
|
||
format: int32
|
||
type: integer
|
||
timeoutSeconds:
|
||
description: timeoutSeconds is the number of seconds after
|
||
which the probe times out. Confluent Platform components
|
||
come with the right configuration, and this setting
|
||
is not required to change most of the time.
|
||
format: int32
|
||
type: integer
|
||
type: object
|
||
type: object
|
||
resources:
|
||
description: resources describe the compute resource requirements.
|
||
properties:
|
||
limits:
|
||
additionalProperties:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||
x-kubernetes-int-or-string: true
|
||
description: 'Limits describes the maximum amount of compute
|
||
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||
type: object
|
||
requests:
|
||
additionalProperties:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||
x-kubernetes-int-or-string: true
|
||
description: 'Requests describes the minimum amount of compute
|
||
resources required. If Requests is omitted for a container,
|
||
it defaults to Limits if that is explicitly specified, otherwise
|
||
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||
type: object
|
||
type: object
|
||
securityContext:
|
||
description: SecurityContext holds security configuration that
|
||
will be applied to a container. Some fields are present in both
|
||
SecurityContext and PodSecurityContext. When both are set,
|
||
the values in SecurityContext take precedence.
|
||
properties:
|
||
allowPrivilegeEscalation:
|
||
description: 'AllowPrivilegeEscalation controls whether a
|
||
process can gain more privileges than its parent process.
|
||
This bool directly controls if the no_new_privs flag will
|
||
be set on the container process. AllowPrivilegeEscalation
|
||
is true always when the container is: 1) run as Privileged
|
||
2) has CAP_SYS_ADMIN Note that this field cannot be set
|
||
when spec.os.name is windows.'
|
||
type: boolean
|
||
capabilities:
|
||
description: The capabilities to add/drop when running containers.
|
||
Defaults to the default set of capabilities granted by the
|
||
container runtime. Note that this field cannot be set when
|
||
spec.os.name is windows.
|
||
properties:
|
||
add:
|
||
description: Added capabilities
|
||
items:
|
||
description: Capability represent POSIX capabilities
|
||
type
|
||
type: string
|
||
type: array
|
||
drop:
|
||
description: Removed capabilities
|
||
items:
|
||
description: Capability represent POSIX capabilities
|
||
type
|
||
type: string
|
||
type: array
|
||
type: object
|
||
privileged:
|
||
description: Run container in privileged mode. Processes in
|
||
privileged containers are essentially equivalent to root
|
||
on the host. Defaults to false. Note that this field cannot
|
||
be set when spec.os.name is windows.
|
||
type: boolean
|
||
procMount:
|
||
description: procMount denotes the type of proc mount to use
|
||
for the containers. The default is DefaultProcMount which
|
||
uses the container runtime defaults for readonly paths and
|
||
masked paths. This requires the ProcMountType feature flag
|
||
to be enabled. Note that this field cannot be set when spec.os.name
|
||
is windows.
|
||
type: string
|
||
readOnlyRootFilesystem:
|
||
description: Whether this container has a read-only root filesystem.
|
||
Default is false. Note that this field cannot be set when
|
||
spec.os.name is windows.
|
||
type: boolean
|
||
runAsGroup:
|
||
description: The GID to run the entrypoint of the container
|
||
process. Uses runtime default if unset. May also be set
|
||
in PodSecurityContext. If set in both SecurityContext and
|
||
PodSecurityContext, the value specified in SecurityContext
|
||
takes precedence. Note that this field cannot be set when
|
||
spec.os.name is windows.
|
||
format: int64
|
||
type: integer
|
||
runAsNonRoot:
|
||
description: Indicates that the container must run as a non-root
|
||
user. If true, the Kubelet will validate the image at runtime
|
||
to ensure that it does not run as UID 0 (root) and fail
|
||
to start the container if it does. If unset or false, no
|
||
such validation will be performed. May also be set in PodSecurityContext. If
|
||
set in both SecurityContext and PodSecurityContext, the
|
||
value specified in SecurityContext takes precedence.
|
||
type: boolean
|
||
runAsUser:
|
||
description: The UID to run the entrypoint of the container
|
||
process. Defaults to user specified in image metadata if
|
||
unspecified. May also be set in PodSecurityContext. If
|
||
set in both SecurityContext and PodSecurityContext, the
|
||
value specified in SecurityContext takes precedence. Note
|
||
that this field cannot be set when spec.os.name is windows.
|
||
format: int64
|
||
type: integer
|
||
seLinuxOptions:
|
||
description: The SELinux context to be applied to the container.
|
||
If unspecified, the container runtime will allocate a random
|
||
SELinux context for each container. May also be set in
|
||
PodSecurityContext. If set in both SecurityContext and
|
||
PodSecurityContext, the value specified in SecurityContext
|
||
takes precedence. Note that this field cannot be set when
|
||
spec.os.name is windows.
|
||
properties:
|
||
level:
|
||
description: Level is SELinux level label that applies
|
||
to the container.
|
||
type: string
|
||
role:
|
||
description: Role is a SELinux role label that applies
|
||
to the container.
|
||
type: string
|
||
type:
|
||
description: Type is a SELinux type label that applies
|
||
to the container.
|
||
type: string
|
||
user:
|
||
description: User is a SELinux user label that applies
|
||
to the container.
|
||
type: string
|
||
type: object
|
||
seccompProfile:
|
||
description: The seccomp options to use by this container.
|
||
If seccomp options are provided at both the pod & container
|
||
level, the container options override the pod options. Note
|
||
that this field cannot be set when spec.os.name is windows.
|
||
properties:
|
||
localhostProfile:
|
||
description: localhostProfile indicates a profile defined
|
||
in a file on the node should be used. The profile must
|
||
be preconfigured on the node to work. Must be a descending
|
||
path, relative to the kubelet's configured seccomp profile
|
||
location. Must only be set if type is "Localhost".
|
||
type: string
|
||
type:
|
||
description: "type indicates which kind of seccomp profile
|
||
will be applied. Valid options are: \n Localhost - a
|
||
profile defined in a file on the node should be used.
|
||
RuntimeDefault - the container runtime default profile
|
||
should be used. Unconfined - no profile should be applied."
|
||
type: string
|
||
required:
|
||
- type
|
||
type: object
|
||
windowsOptions:
|
||
description: The Windows specific settings applied to all
|
||
containers. If unspecified, the options from the PodSecurityContext
|
||
will be used. If set in both SecurityContext and PodSecurityContext,
|
||
the value specified in SecurityContext takes precedence.
|
||
Note that this field cannot be set when spec.os.name is
|
||
linux.
|
||
properties:
|
||
gmsaCredentialSpec:
|
||
description: GMSACredentialSpec is where the GMSA admission
|
||
webhook (https://github.com/kubernetes-sigs/windows-gmsa)
|
||
inlines the contents of the GMSA credential spec named
|
||
by the GMSACredentialSpecName field.
|
||
type: string
|
||
gmsaCredentialSpecName:
|
||
description: GMSACredentialSpecName is the name of the
|
||
GMSA credential spec to use.
|
||
type: string
|
||
hostProcess:
|
||
description: HostProcess determines if a container should
|
||
be run as a 'Host Process' container. This field is
|
||
alpha-level and will only be honored by components that
|
||
enable the WindowsHostProcessContainers feature flag.
|
||
Setting this field without the feature flag will result
|
||
in errors when validating the Pod. All of a Pod's containers
|
||
must have the same effective HostProcess value (it is
|
||
not allowed to have a mix of HostProcess containers
|
||
and non-HostProcess containers). In addition, if HostProcess
|
||
is true then HostNetwork must also be set to true.
|
||
type: boolean
|
||
runAsUserName:
|
||
description: The UserName in Windows to run the entrypoint
|
||
of the container process. Defaults to the user specified
|
||
in image metadata if unspecified. May also be set in
|
||
PodSecurityContext. If set in both SecurityContext and
|
||
PodSecurityContext, the value specified in SecurityContext
|
||
takes precedence.
|
||
type: string
|
||
type: object
|
||
type: object
|
||
serviceAccountName:
|
||
description: 'ServiceAccountName is the name of the service account
|
||
used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.'
|
||
type: string
|
||
terminationGracePeriodSeconds:
|
||
description: terminationGracePeriodSeconds is the grace period
|
||
before the pod is deleted.
|
||
format: int64
|
||
type: integer
|
||
tolerations:
|
||
description: tolerations specify the pods to schedule onto the
|
||
nodes with matching taints, using the triple `<key,value,effect>`
|
||
and the matching operator `<operator>`.
|
||
items:
|
||
description: The pod this Toleration is attached to tolerates
|
||
any taint that matches the triple <key,value,effect> using
|
||
the matching operator <operator>.
|
||
properties:
|
||
effect:
|
||
description: Effect indicates the taint effect to match.
|
||
Empty means match all taint effects. When specified, allowed
|
||
values are NoSchedule, PreferNoSchedule and NoExecute.
|
||
type: string
|
||
key:
|
||
description: Key is the taint key that the toleration applies
|
||
to. Empty means match all taint keys. If the key is empty,
|
||
operator must be Exists; this combination means to match
|
||
all values and all keys.
|
||
type: string
|
||
operator:
|
||
description: Operator represents a key's relationship to
|
||
the value. Valid operators are Exists and Equal. Defaults
|
||
to Equal. Exists is equivalent to wildcard for value,
|
||
so that a pod can tolerate all taints of a particular
|
||
category.
|
||
type: string
|
||
tolerationSeconds:
|
||
description: TolerationSeconds represents the period of
|
||
time the toleration (which must be of effect NoExecute,
|
||
otherwise this field is ignored) tolerates the taint.
|
||
By default, it is not set, which means tolerate the taint
|
||
forever (do not evict). Zero and negative values will
|
||
be treated as 0 (evict immediately) by the system.
|
||
format: int64
|
||
type: integer
|
||
value:
|
||
description: Value is the taint value the toleration matches
|
||
to. If the operator is Exists, the value should be empty,
|
||
otherwise just a regular string.
|
||
type: string
|
||
type: object
|
||
type: array
|
||
topologySpreadConstraints:
|
||
description: topologySpreadConstraints describe how a group of
|
||
pods ought to spread across topology domains. Scheduler will
|
||
schedule pods based on the constraints. All topologySpreadConstraints
|
||
are ANDed.
|
||
items:
|
||
description: TopologySpreadConstraint specifies how to spread
|
||
matching pods among the given topology.
|
||
properties:
|
||
labelSelector:
|
||
description: LabelSelector is used to find matching pods.
|
||
Pods that match this label selector are counted to determine
|
||
the number of pods in their corresponding topology domain.
|
||
properties:
|
||
matchExpressions:
|
||
description: matchExpressions is a list of label selector
|
||
requirements. The requirements are ANDed.
|
||
items:
|
||
description: A label selector requirement is a selector
|
||
that contains values, a key, and an operator that
|
||
relates the key and values.
|
||
properties:
|
||
key:
|
||
description: key is the label key that the selector
|
||
applies to.
|
||
type: string
|
||
operator:
|
||
description: operator represents a key's relationship
|
||
to a set of values. Valid operators are In,
|
||
NotIn, Exists and DoesNotExist.
|
||
type: string
|
||
values:
|
||
description: values is an array of string values.
|
||
If the operator is In or NotIn, the values array
|
||
must be non-empty. If the operator is Exists
|
||
or DoesNotExist, the values array must be empty.
|
||
This array is replaced during a strategic merge
|
||
patch.
|
||
items:
|
||
type: string
|
||
type: array
|
||
required:
|
||
- key
|
||
- operator
|
||
type: object
|
||
type: array
|
||
matchLabels:
|
||
additionalProperties:
|
||
type: string
|
||
description: matchLabels is a map of {key,value} pairs.
|
||
A single {key,value} in the matchLabels map is equivalent
|
||
to an element of matchExpressions, whose key field
|
||
is "key", the operator is "In", and the values array
|
||
contains only "value". The requirements are ANDed.
|
||
type: object
|
||
type: object
|
||
x-kubernetes-map-type: atomic
|
||
maxSkew:
|
||
description: 'MaxSkew describes the degree to which pods
|
||
may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
|
||
it is the maximum permitted difference between the number
|
||
of matching pods in the target topology and the global
|
||
minimum. For example, in a 3-zone cluster, MaxSkew is
|
||
set to 1, and pods with the same labelSelector spread
|
||
as 1/1/0: | zone1 | zone2 | zone3 | | P | P | |
|
||
- if MaxSkew is 1, incoming pod can only be scheduled
|
||
to zone3 to become 1/1/1; scheduling it onto zone1(zone2)
|
||
would make the ActualSkew(2-0) on zone1(zone2) violate
|
||
MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
|
||
onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
|
||
it is used to give higher precedence to topologies that
|
||
satisfy it. It''s a required field. Default value is 1
|
||
and 0 is not allowed.'
|
||
format: int32
|
||
type: integer
|
||
topologyKey:
|
||
description: TopologyKey is the key of node labels. Nodes
|
||
that have a label with this key and identical values are
|
||
considered to be in the same topology. We consider each
|
||
<key, value> as a "bucket", and try to put balanced number
|
||
of pods into each bucket. It's a required field.
|
||
type: string
|
||
whenUnsatisfiable:
|
||
description: 'WhenUnsatisfiable indicates how to deal with
|
||
a pod if it doesn''t satisfy the spread constraint. -
|
||
DoNotSchedule (default) tells the scheduler not to schedule
|
||
it. - ScheduleAnyway tells the scheduler to schedule the
|
||
pod in any location, but giving higher precedence to topologies
|
||
that would help reduce the skew. A constraint is considered
|
||
"Unsatisfiable" for an incoming pod if and only if every
|
||
possible node assignment for that pod would violate "MaxSkew"
|
||
on some topology. For example, in a 3-zone cluster, MaxSkew
|
||
is set to 1, and pods with the same labelSelector spread
|
||
as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
|
||
If WhenUnsatisfiable is set to DoNotSchedule, incoming
|
||
pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
|
||
as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
|
||
In other words, the cluster can still be imbalanced, but
|
||
scheduler won''t make it *more* imbalanced. It''s a required
|
||
field.'
|
||
type: string
|
||
required:
|
||
- maxSkew
|
||
- topologyKey
|
||
- whenUnsatisfiable
|
||
type: object
|
||
type: array
|
||
type: object
|
||
replicas:
|
||
description: replicas is the desired number of replicas. A change
|
||
to this setting will roll the cluster.
|
||
format: int32
|
||
type: integer
|
||
storageClass:
|
||
description: storageClass references the user-provided storage class.
|
||
properties:
|
||
name:
|
||
description: name is the storage class name.
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- name
|
||
type: object
|
||
telemetry:
|
||
description: telemetry specifies the Confluent telemetry reporter
|
||
configuration.
|
||
properties:
|
||
global:
|
||
description: global allows disabling telemetry configuration.
|
||
If CFK is deployed with telemetry, this field is only used to
|
||
disable telemetry. The default value is `true` if telemetry
|
||
is enabled at the global level.
|
||
type: boolean
|
||
type: object
|
||
tls:
|
||
description: tls specifies the TLS configurations.
|
||
properties:
|
||
autoGeneratedCerts:
|
||
description: autoGeneratedCerts specifies that the certificates
|
||
are auto-generated based on the CA key pair provided.
|
||
type: boolean
|
||
directoryPathInContainer:
|
||
description: directoryPathInContainer specifies the directory
|
||
path in the container where `keystore.jks`, `truststore.jks`,
|
||
and `jksPassword.txt` keys are mounted. `truststore.jks` is
|
||
not configured and can be ignored when the `ignoreTrustStoreConfig`
|
||
field is set to `true`.
|
||
minLength: 1
|
||
type: string
|
||
ignoreTrustStoreConfig:
|
||
description: ignoreTrustStoreConfig indicates whether to ignore
|
||
the truststore configuration for the Confluent component.
|
||
type: boolean
|
||
jksPassword:
|
||
description: jksPassword references the secret containing the
|
||
JKS password.
|
||
properties:
|
||
secretRef:
|
||
description: 'secretRef references the name of the secret
|
||
containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
required:
|
||
- secretRef
|
||
type: object
|
||
secretRef:
|
||
description: 'secretRef references the secret containing the certificates.
|
||
More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
|
||
maxLength: 30
|
||
minLength: 1
|
||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||
type: string
|
||
type: object
|
||
required:
|
||
- dataVolumeCapacity
|
||
- image
|
||
- replicas
|
||
type: object
|
||
status:
|
||
description: status defines the observed state of the Control Center cluster.
|
||
properties:
|
||
arbitraryData:
|
||
description: arbitraryData is the map for any arbitrary data associated
|
||
with this Confluent component.
|
||
x-kubernetes-preserve-unknown-fields: true
|
||
authorizationType:
|
||
description: authorizationType is the authorization type for this
|
||
Confluent component.
|
||
type: string
|
||
clusterName:
|
||
description: clusterName is the name of the Confluent Platform component
|
||
cluster.
|
||
type: string
|
||
clusterNamespace:
|
||
description: clusterNamespace is the namespace where the Confluent
|
||
Platform component cluster is running.
|
||
type: string
|
||
conditions:
|
||
description: conditions specify the latest available observations
|
||
of the current state.
|
||
items:
|
||
description: Condition represent the latest available observations
|
||
of the current state.
|
||
properties:
|
||
lastProbeTime:
|
||
description: lastProbeTime shows the last time the condition
|
||
was evaluated.
|
||
format: date-time
|
||
type: string
|
||
lastTransitionTime:
|
||
description: lastTransitionTime shows the last time the condition
|
||
was transitioned from one status to another.
|
||
format: date-time
|
||
type: string
|
||
message:
|
||
description: message shows a human-readable message with details
|
||
about the transition.
|
||
type: string
|
||
reason:
|
||
description: reason shows the reason for the last transition
|
||
of the condition.
|
||
type: string
|
||
status:
|
||
description: status shows the status of the condition, one of
|
||
`True`, `False`, or `Unknown`.
|
||
type: string
|
||
type:
|
||
description: type shows the condition type.
|
||
type: string
|
||
type: object
|
||
type: array
|
||
controlCenterName:
|
||
description: name is the name of the Control Center cluster.
|
||
type: string
|
||
currentReplicas:
|
||
description: currentReplicas is the number of currently running replicas.
|
||
format: int32
|
||
type: integer
|
||
id:
|
||
description: id is the identifier of the Control Center cluster.
|
||
format: int32
|
||
type: integer
|
||
internalSecrets:
|
||
description: internalSecrets are internal secrets created by CFK for
|
||
this Confluent component.
|
||
items:
|
||
type: string
|
||
type: array
|
||
internalTopicNames:
|
||
description: internalTopicNames are the topics used by the component
|
||
for internal use.
|
||
items:
|
||
type: string
|
||
type: array
|
||
kafka:
|
||
description: kafka is the Kafka client side status for the Control
|
||
Center cluster.
|
||
properties:
|
||
authenticationType:
|
||
description: authenticationType describes the authentication method
|
||
for the Kafka cluster.
|
||
type: string
|
||
bootstrapEndpoint:
|
||
description: bootstrapEndpoint specifies the Kafka bootstrap endpoint.
|
||
type: string
|
||
tls:
|
||
description: tls indicates whether TLS is enabled for the Kafka
|
||
dependency.
|
||
type: boolean
|
||
type: object
|
||
observedGeneration:
|
||
description: observedGeneration is the most recent generation observed
|
||
for this Confluent component.
|
||
format: int64
|
||
type: integer
|
||
operatorVersion:
|
||
description: operatorVersion is the internal version of CFK.
|
||
type: string
|
||
phase:
|
||
description: phase describes the state of the Confluent Platform component.
|
||
type: string
|
||
rbac:
|
||
description: rbac contains the RBAC-related status when RBAC is enabled.
|
||
properties:
|
||
clusterID:
|
||
description: clusterID specifies the id of the cluster.
|
||
type: string
|
||
internalRolebindings:
|
||
description: internalRolebindings specifies the internal rolebindings.
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
readyReplicas:
|
||
description: readyReplicas is the number of currently ready replicas.
|
||
format: int32
|
||
type: integer
|
||
replicas:
|
||
description: replicas is the number of replicas.
|
||
format: int32
|
||
type: integer
|
||
restConfig:
|
||
description: restConfig is the REST API configuration of the Control
|
||
Center cluster.
|
||
properties:
|
||
advertisedExternalEndpoints:
|
||
description: advertisedExternalEndpoints specifies other advertised
|
||
endpoints used, especially for Kafka.
|
||
items:
|
||
type: string
|
||
type: array
|
||
authenticationType:
|
||
description: authenticationType shows the authentication type
|
||
configured by the listener.
|
||
type: string
|
||
externalAccessType:
|
||
description: externalAccessType shows the external access type
|
||
used for the listener.
|
||
type: string
|
||
externalEndpoint:
|
||
description: externalEndpoint specifies the external endpoint
|
||
to connect to the Confluent component cluster.
|
||
type: string
|
||
internalEndpoint:
|
||
description: internalEndpoint specifies the internal endpoint
|
||
to connect to the Confluent component cluster.
|
||
type: string
|
||
tls:
|
||
description: tls shows whether TLS is configured for the listener.
|
||
type: boolean
|
||
type: object
|
||
selector:
|
||
description: selector gets the label selector of the child pod. The
|
||
Horizontal Pod Autoscaler(HPA) will scale using the label selector
|
||
of the child pod.
|
||
type: string
|
||
type: object
|
||
required:
|
||
- spec
|
||
type: object
|
||
served: true
|
||
storage: true
|
||
subresources:
|
||
scale:
|
||
specReplicasPath: .spec.replicas
|
||
statusReplicasPath: .status.replicas
|
||
status: {}
|