diff --git a/config.yaml b/config.yaml index 6caa7f4f3..cc01f3762 100644 --- a/config.yaml +++ b/config.yaml @@ -90,8 +90,8 @@ security: # Global parameters accessible by any Page params: # The current "latest" version. Used in the version dropdown - latest: "1.15" - docs: true + latest: "1.16" + docs: true anchors: # Generate heading anchors for any heading between min and max min: 2 diff --git a/content/master/guides/import-existing-resources.md b/content/master/guides/import-existing-resources.md index 6df790c95..c80a6a43f 100644 --- a/content/master/guides/import-existing-resources.md +++ b/content/master/guides/import-existing-resources.md @@ -5,7 +5,7 @@ weight: 200 If you have resources that are already provisioned in a Provider, you can import them as managed resources and let Crossplane manage them. -A managed resource's [`managementPolicies`]({{}}) +A managed resource's [`managementPolicies`]({{}}) field enables importing external resources into Crossplane. Crossplane can import resources either [manually]({{}}) @@ -14,17 +14,17 @@ or [automatically]({{}}). ## Import resources manually Crossplane can discover and import existing Provider resources by matching the -`crossplane.io/external-name` annotation in a managed resource. +`crossplane.io/external-name` annotation in a managed resource. To import an existing external resource in a Provider, create a new managed resource with the `crossplane.io/external-name` annotation. Set the annotation value to the name of the resource in the Provider. -For example, to import an existing GCP Network named +For example, to import an existing GCP Network named {{}}my-existing-network{{}}, -create a new managed resource and use the +create a new managed resource and use the {{}}my-existing-network{{}} in the -annotation. +annotation. ```yaml {label="annotation",copy-lines="none"} apiVersion: compute.gcp.crossplane.io/v1beta1 @@ -34,14 +34,14 @@ metadata: crossplane.io/external-name: my-existing-network ``` -The {{}}metadata.name{{}} -field can be anything you want. For example, -{{}}imported-network{{}}. +The {{}}metadata.name{{}} +field can be anything you want. For example, +{{}}imported-network{{}}. {{< hint "note" >}} -This name is the +This name is the name of the Kubernetes object. It's not related to the resource name inside the -Provider. +Provider. {{< /hint >}} ```yaml {label="name",copy-lines="none"} @@ -53,15 +53,15 @@ metadata: crossplane.io/external-name: my-existing-network ``` -Leave the -{{}}spec.forProvider{{}} field empty. -Crossplane imports the settings and automatically applies them to the managed -resource. +Leave the +{{}}spec.forProvider{{}} field empty. +Crossplane imports the settings and automatically applies them to the managed +resource. {{< hint "important" >}} -If the managed resource has _required_ fields in the +If the managed resource has _required_ fields in the {{}}spec.forProvider{{}} you must add it to -the `forProvider` field. +the `forProvider` field. The values of those fields must match what's inside the Provider or Crossplane overwrites the existing values. @@ -82,17 +82,17 @@ spec: Crossplane now controls and manages this imported resource. Any changes to the managed resource `spec` changes the external resource. -## Import resources automatically +## Import resources automatically -Automatically import external resources with an `Observe` [management policy]({{}}). +Automatically import external resources with an `Observe` [management policy]({{}}). Crossplane imports observe only resources but never changes or deletes the resources. {{}} -The managed resource `managementPolicies` option is a beta feature. +The managed resource `managementPolicies` option is a beta feature. -The Provider determines support for management policies. +The Provider determines support for management policies. Refer to the Provider's documentation to see if the Provider supports management policies. {{< /hint >}} @@ -101,15 +101,15 @@ management policies. ### Apply the Observe management policy -Create a new managed resource matching the -{{}}apiVersion{{}} and +Create a new managed resource matching the +{{}}apiVersion{{}} and {{}}kind{{}} of the resource to import and add -{{}}managementPolicies: ["Observe"]{{}} to the +{{}}managementPolicies: ["Observe"]{{}} to the {{}}spec{{}} For example, to import a GCP SQL DatabaseInstance, create a new resource with -the {{}}managementPolicies: ["Observe"]{{}} +the {{}}managementPolicies: ["Observe"]{{}} set. ```yaml {label="oo-policy",copy-lines="none"} apiVersion: sql.gcp.upbound.io/v1beta1 @@ -119,14 +119,14 @@ spec: ``` ### Add the external-name annotation -Add the {{}}crossplane.io/external-name{{}} +Add the {{}}crossplane.io/external-name{{}} annotation for the resource. This name must match the name inside the Provider. -For example, for a GCP database named +For example, for a GCP database named {{}}my-external-database{{}}, apply -the -{{}}crossplane.io/external-name{{}} -annotation with the value +the +{{}}crossplane.io/external-name{{}} +annotation with the value {{}}my-external-database{{}}. ```yaml {label="oo-ex-name",copy-lines="none"} @@ -140,10 +140,10 @@ spec: ``` ### Create a Kubernetes object name -Create a {{}}name{{}} to use for the -Kubernetes object. +Create a {{}}name{{}} to use for the +Kubernetes object. -For example, name the Kubernetes object +For example, name the Kubernetes object {{}}my-imported-database{{}}. ```yaml {label="oo-name",copy-lines="none"} @@ -159,11 +159,11 @@ spec: ### Identify a specific external resource If more than one resource inside the Provider shares the same name, identify the -specific resource with a unique -{{}}spec.forProvider{{}} field. +specific resource with a unique +{{}}spec.forProvider{{}} field. -For example, only import the GCP SQL database in the -{{}}us-central1{{}} region. +For example, only import the GCP SQL database in the +{{}}us-central1{{}} region. ```yaml {label="oo-region"} apiVersion: sql.gcp.upbound.io/v1beta1 @@ -181,7 +181,7 @@ spec: ### Apply the managed resource Apply the new managed resource. Crossplane syncs the status of the external -resource in the cloud with the newly created managed resource. +resource in the cloud with the newly created managed resource. ### View the discovered resource Crossplane discovers the managed resource and populates the @@ -229,13 +229,13 @@ status: ``` ## Control imported ObserveOnly resources - + -Crossplane can take active control of observe only imported resources by +Crossplane can take active control of observe only imported resources by changing the `managementPolicies` after import. Change the {{}}managementPolicies{{}} field -of the managed resource to +of the managed resource to {{}}["*"]{{}}. Copy any required parameter values from @@ -281,5 +281,5 @@ status: type: Synced ``` -Crossplane now fully manages the imported resource. Crossplane applies any -changes to the managed resource in the Provider's external resource. \ No newline at end of file +Crossplane now fully manages the imported resource. Crossplane applies any +changes to the managed resource in the Provider's external resource. \ No newline at end of file diff --git a/content/v1.13/concepts/composition-functions.md b/content/v1.13/concepts/composition-functions.md deleted file mode 100644 index da05b9e5d..000000000 --- a/content/v1.13/concepts/composition-functions.md +++ /dev/null @@ -1,1019 +0,0 @@ ---- -title: Composition Functions -state: alpha -alphaVersion: "1.11" -weight: 80 -description: "Composition Functions or XFNs allow for complex Composition patches" -aliases: - - /knowledge-base/guides/composition-functions ---- - - - -Composition Functions allow you to supplement or replace your Compositions with -advanced logic not implementable through available patching strategies. - - -You can build a Function using general-purpose programming -languages such as Go or Python, or relevant tools such as Helm, -[Kustomize](https://kustomize.io/), or -[CUE](https://cuelang.org/). - -Functions complement contemporary "Patch and Transform" (P&T) style -Composition. It's possible to use only P&T, only Functions, or a mix of both in -the same Composition. - -```yaml -apiVersion: apiextensions.crossplane.io/v1 -kind: Composition -metadata: - name: example -spec: - compositeTypeRef: - apiVersion: database.example.org/v1alpha1 - kind: XPostgreSQLInstance - functions: - - name: my-cool-Function - type: Container - container: - image: xpkg.upbound.io/my-cool-Function:0.1.0 -``` - -A Composition Function is a short-lived OCI container that tells Crossplane how -to reconcile a Composite Resource (XR). The preceding example shows a minimal -`Composition` that uses a Composition Function. Note that it has a `functions` -array rather than the typical P&T style array of `resources`. - -## Enabling functions - -Enable support for Composition Functions by enabling the alpha feature flag in Crossplane with `helm install --args`. - -```shell -helm install crossplane --namespace crossplane-system crossplane-stable/crossplane \ - --create-namespace \ - --set "args='{--debug,--enable-composition-functions}'" \ - --set "xfn.enabled=true" \ - --set "xfn.args='{--debug}'" -``` - -The preceding Helm command installs Crossplane with the Composition Functions -feature flag enabled, and with the reference _xfn_ Composition Function runner -deployed as a sidecar container. Confirm Composition Functions were enabled by -looking for a log line: - -```shell {copy-lines="1"} - kubectl -n crossplane-system logs -l app=crossplane -{"level":"info","ts":1674535093.36186,"logger":"crossplane","msg":"Alpha feature enabled","flag":"EnableAlphaCompositionFunctions"} -``` - -You should see the log line emitted shortly after Crossplane starts. - - -## Using functions - -To use Composition Functions you must: - -1. Find one or more Composition Functions, or write your own. -2. Create a `Composition` that uses your Functions. -3. Create an XR that uses your `Composition`. - -Your XRs, claims, and providers don't need to be updated or otherwise aware -of Composition Functions to use them. They need only use a `Composition` that -includes one or more entries in its `spec.functions` array. - -Composition Functions are designed to be run in a pipeline, so you can 'stack' -several of them together. Each Function is passed the output of the previous -Function as its input. Functions can also be used in conjunction with P&T -Composition (a `spec.resources` array). - -In the following example P&T Composition composes an RDS instance. A pipeline of -(hypothetical) Composition Functions then mutates the desired RDS instance by -adding a randomly generated password, and composes an RDS security group. - -```yaml -apiVersion: apiextensions.crossplane.io/v1 -kind: Composition -metadata: - name: example -spec: - compositeTypeRef: - apiVersion: database.example.org/v1alpha1 - kind: XPostgreSQLInstance - resources: - - name: rds-instance - base: - apiVersion: rds.aws.upbound.io/v1beta1 - kind: Instance - spec: - forProvider: - dbName: exmaple - instanceClass: db.t3.micro - region: us-west-2 - skipFinalSnapshot: true - username: exampleuser - engine: postgres - engineVersion: "12" - patches: - - fromFieldPath: spec.parameters.storageGB - toFieldPath: spec.forProvider.allocatedStorage - connectionDetails: - - type: FromFieldPath - name: username - fromFieldPath: spec.forProvider.username - - type: FromConnectionSecretKey - name: password - fromConnectionSecretKey: attribute.password - functions: - - name: rds-instance-password - type: Container - container: - image: xpkg.upbound.io/provider-aws-xfns/random-rds-password:v0.1.0 - - name: compose-dbsecuritygroup - type: Container - container: - image: xpkg.upbound.io/example-org/compose-rds-securitygroup:v0.9.0 -``` - - -Use `kubectl explain` to explore the configuration options available when using -Composition Functions, or take a look at the following example. - -{{< expand "View Composition Function configuration options" >}} -```shell {copy-lines="1"} -kubectl explain composition.spec.functions -KIND: Composition -VERSION: apiextensions.crossplane.io/v1 - -RESOURCE: Functions <[]Object> - -DESCRIPTION: - Functions is list of Composition Functions that will be used when a - composite resource referring to this composition is created. At least one - of resources and Functions must be specified. If both are specified the - resources will be rendered first, then passed to the Functions for further - processing. THIS IS AN ALPHA FIELD. Do not use it in production. It is not - honored unless the relevant Crossplane feature flag is enabled, and may be - changed or removed without notice. - - A Function represents a Composition Function. - -FIELDS: - config <> - Config is an optional, arbitrary Kubernetes resource (i.e. a resource with - an apiVersion and kind) that will be passed to the Composition Function as - the 'config' block of its FunctionIO. - - container - Container configuration of this Function. - - name -required- - Name of this Function. Must be unique within its Composition. - - type -required- - Type of this Function. -``` -{{< /expand >}} - -{{< expand "An example of most Composition Function configuration options" >}} -```yaml -apiVersion: apiextensions.crossplane.io/v1 -kind: Composition -metadata: - name: example -spec: - compositeTypeRef: - apiVersion: database.example.org/v1alpha1 - kind: XPostgreSQLInstance - functions: - - name: my-cool-Function - # Currently only Container is supported. Other types may be added in future. - type: Container - # Configuration specific to type: Container. - container: - # The OCI image to pull and run. - image: xkpg.io/my-cool-Function:0.1.0 - # Whether to pull the Function image Never, Always, or IfNotPresent. - imagePullPolicy: IfNotPresent - # Note that only resource limits are supported - not requests. - # The Function will be run with the specified resource limits, specified - # in Kubernetes-style resource.Quantity form. - resources: - limits: - # Defaults to 128Mi - memory: 64Mi - # Defaults to 100m (a 10th of a core) - cpu: 250m - # Defaults to 'Isolated' - an isolated network namespace with no network - # access. Use 'Runner' to allow a Function access to the runner's (the xfn - # container's) network namespace. - network: - policy: Runner - # How long the Function may run before it's killed. Defaults to 20s. - # Keep in mind the Function pipeline is typically invoked once every - # 30 to 60 seconds - sometimes more frequently during error conditions. - timeout: 30s - # An arbitrary Kubernetes resource. Passed to the Function as the config - # block of its FunctionIO. Doesn't need to exist as a Custom Resource (CR), - # since this resource doesn't exist by itself in the API server but must be - # a valid Kubernetes resource (have an apiVersion and kind). - config: - apiVersion: database.example.org/v1alpha1 - kind: Config - metadata: - name: cloudsql - spec: - version: POSTGRES_9_6 -``` -{{< /expand >}} - -Use `kubectl describe ` to debug Composition Functions. Look -for status conditions and events. Most Functions will emit events associated -with the XR if they experience issues. - -## Building a function - - Crossplane doesn't have opinions about how a Composition Function is - implemented. Functions must: - - * Be packaged as an OCI image, where the `ENTRYPOINT` is the Function. - * Accept input in the form of a `FunctionIO` document on stdin. - * Return the `FunctionIO` they were passed, optionally mutated, on stdout. - * Run within the constraints specified by the Composition that includes them, - such as timeouts, compute, network access. - -This means Functions may be written using a general-purpose programming language -like Python, Go, or TypeScript. They may also be implemented using a shell -script, or an existing tool like Helm or Kustomize. - -### FunctionIO - -When a Composition Function runner like `xfn` runs your Function it will write -`FunctionIO` to its stdin. A `FunctionIO` is a Kubernetes style YAML manifest. -It's not a custom resource (it never gets created in the API server) but it -follows Kubernetes conventions. - -A `FunctionIO` consists of: - -* An optional, arbitrary `config` object. -* The `observed` state of the XR, any existing composed resources, and their connection details. -* The `desired` state of the XR and any composed resources. -* Optional `results` of the Function pipeline. - -Here's a brief example of a `FunctionIO`: - -```yaml -apiVersion: apiextensions.crossplane.io/v1alpha1 -kind: FunctionIO -config: - apiVersion: database.example.org/v1alpha1 - kind: Config - metadata: - name: cloudsql - spec: - version: POSTGRES_9_6 -observed: - composite: - resource: - apiVersion: database.example.org/v1alpha1 - kind: XPostgreSQLInstance - metadata: - name: platform-ref-gcp-db-p9wrj - connectionDetails: - - name: privateIP - value: 10.135.0.3 - resources: - - name: db-instance - resource: - apiVersion: sql.gcp.upbound.io/v1beta1 - kind: DatabaseInstance - metadata: - name: platform-ref-gcp-db-p9wrj-tvvtg - connectionDetails: - - name: privateIP - value: 10.135.0.3 -desired: - composite: - resource: - apiVersion: database.example.org/v1alpha1 - kind: XPostgreSQLInstance - metadata: - name: platform-ref-gcp-db-p9wrj - connectionDetails: - - name: privateIP - value: 10.135.0.3 - resources: - - name: db-instance - resource: - apiVersion: sql.gcp.upbound.io/v1beta1 - kind: DatabaseInstance - metadata: - name: platform-ref-gcp-db-p9wrj-tvvtg - - name: db-user - resource: - apiVersion: sql.gcp.upbound.io/v1beta1 - kind: User - metadata: - name: platform-ref-gcp-db-p9wrj-z8lpz - connectionDetails: - - name: password - type: FromValue - value: very-secret - readinessChecks: - - type: None -results: -- severity: Normal - message: "Successfully composed GCP SQL user" -``` - -The `config` object is copied from the `Composition`. It will match what's -passed as your Function's `config` in the `Functions` array. It must be a valid -Kubernetes object - have an `apiVersion` and `kind`. - -The `observed` state of the XR and any existing composed resources reflects the -observed state at the beginning of a reconcile, before any Composition happens. -Your Function will only see composite and composed resources that _actually -exist_ in the API server in the `observed` state. The `observed` state also -includes any observed connection details. Initial function invocations -might see empty connection details, but once external resources are created, -connection details will be passed to the functions. Access to the connection -details enables us to implement quite sophisticated tweaks on composed resources. - -For example, if a composition is declared on two or more resources, it is possible -to use one resource's connection details to update another. This ability is not available -with any of the available patch types available. - -The `desired` state of the XR and composed resources is how your Function tells -Crossplane what it should do. Crossplane 'bootstraps' the initial desired state -passed to a Function pipeline with: - -* A copy of the observed state of the XR. -* A copy of the observed state of any existing composed resources. -* Any new composed resources or modifications to observed resources produced - from the `resources` array. - -When adding a new desired resource to the `desired.resources` array you don't -need to: - -* Update the XR's resource references. -* Add any composition annotations like `crossplane.io/composite-resource-name`. -* Set the XR as a controller/owner reference of the desired resource. - -Crossplane will take care of all of these for you. It won't do anything else, -including setting a sensible `metadata.name` for the new composed resource - -this is up to your Function. - -Finally, the `results` array allows your Function to surface events and debug -logs on the XR. Results support the following severities: - -* `Normal` emits a debug log and a `Normal` event associated with the XR. -* `Warning` emits a debug log and a `Warning` event associated with the XR. -* `Fatal` stops the Composition process before applying any changes. - -When Crossplane encounters a `Fatal` result it will finish running the -Composition Function pipeline. Crossplane will then return an error without -applying any changes to the API server. Crossplane surfaces this error as a -`Warning` event, a debug log, and by setting the `Synced` status condition of -the XR to "False". - -The preceding example is heavily edited for brevity. Expand the following -example for a more detailed, realistic, and commented example of a `FunctionIO`. - -{{< expand "A more detailed example" >}} -In this example a `XPostgreSQLInstance` XR has one existing composed resource - -`db-instance`. The composition Function returns a `desired` object with one new -composed resource, a `db-user`, to tell Crossplane it should also create a -database user. - -```yaml -apiVersion: apiextensions.crossplane.io/v1alpha1 -kind: FunctionIO -config: - apiVersion: database.example.org/v1alpha1 - kind: Config - metadata: - name: cloudsql - spec: - version: POSTGRES_9_6 -observed: - # The observed state of the Composite Resource. - composite: - resource: - apiVersion: database.example.org/v1alpha1 - kind: XPostgreSQLInstance - metadata: - creationTimestamp: "2023-01-27T23:47:12Z" - finalizers: - - composite.apiextensions.crossplane.io - generateName: platform-ref-gcp-db- - generation: 5 - labels: - crossplane.io/claim-name: platform-ref-gcp-db - crossplane.io/claim-namespace: default - crossplane.io/composite: platform-ref-gcp-db-p9wrj - name: platform-ref-gcp-db-p9wrj - resourceVersion: "6817" - uid: 96623f41-be2e-4eda-84d4-9668b48e284d - spec: - claimRef: - apiVersion: database.example.org/v1alpha1 - kind: PostgreSQLInstance - name: platform-ref-gcp-db - namespace: default - compositionRef: - name: xpostgresqlinstances.database.example.org - compositionRevisionRef: - name: xpostgresqlinstances.database.example.org-eb6c684 - compositionUpdatePolicy: Automatic - parameters: - storageGB: 10 - resourceRefs: - - apiVersion: sql.gcp.upbound.io/v1beta1 - kind: DatabaseInstance - name: platform-ref-gcp-db-p9wrj-tvvtg - writeConnectionSecretToRef: - name: 96623f41-be2e-4eda-84d4-9668b48e284d - namespace: upbound-system - status: - conditions: - - lastTransitionTime: "2023-01-27T23:47:12Z" - reason: ReconcileSuccess - status: "True" - type: Synced - - lastTransitionTime: "2023-01-28T00:09:12Z" - reason: Creating - status: "False" - type: Ready - connectionDetails: - lastPublishedTime: "2023-01-28T00:08:12Z" - # Any observed Composite Resource connection details. - connectionDetails: - - name: privateIP - value: 10.135.0.3 - # The observed state of any existing Composed Resources. - resources: - - name: db-instance - resource: - apiVersion: sql.gcp.upbound.io/v1beta1 - kind: DatabaseInstance - metadata: - annotations: - crossplane.io/composition-resource-name: db-instance - crossplane.io/external-name: platform-ref-gcp-db-p9wrj-tvvtg - creationTimestamp: "2023-01-27T23:47:12Z" - finalizers: - - finalizer.managedresource.crossplane.io - generateName: platform-ref-gcp-db-p9wrj- - generation: 80 - labels: - crossplane.io/claim-name: platform-ref-gcp-db - crossplane.io/claim-namespace: default - crossplane.io/composite: platform-ref-gcp-db-p9wrj - name: platform-ref-gcp-db-p9wrj-tvvtg - ownerReferences: - - apiVersion: database.example.org/v1alpha1 - blockOwnerDeletion: true - controller: true - kind: XPostgreSQLInstance - name: platform-ref-gcp-db-p9wrj - uid: 96623f41-be2e-4eda-84d4-9668b48e284d - resourceVersion: "7992" - uid: 43919834-fdce-427e-85d9-d03eab9501f1 - spec: - forProvider: - databaseVersion: POSTGRES_13 - deletionProtection: false - project: example - region: us-west2 - settings: - - diskSize: 10 - ipConfiguration: - - privateNetwork: projects/example/global/networks/platform-ref-gcp-cluster - privateNetworkRef: - name: platform-ref-gcp-cluster - tier: db-f1-micro - providerConfigRef: - name: default - writeConnectionSecretToRef: - name: 96623f41-be2e-4eda-84d4-9668b48e284d-gcp-postgresql - namespace: upbound-system - status: - atProvider: - connectionName: example:us-west2:platform-ref-gcp-db-p9wrj-tvvtg - firstIpAddress: 34.102.103.85 - id: platform-ref-gcp-db-p9wrj-tvvtg - privateIpAddress: 10.135.0.3 - publicIpAddress: 34.102.103.85 - settings: - - version: 1 - conditions: - - lastTransitionTime: "2023-01-28T00:07:30Z" - reason: Available - status: "True" - type: Ready - - lastTransitionTime: "2023-01-27T23:47:14Z" - reason: ReconcileSuccess - status: "True" - type: Synced - # Any observed composed resource connection details. - connectionDetails: - - name: privateIP - value: 10.135.0.3 -desired: - # The observed state of the Composite Resource. - composite: - resource: - apiVersion: database.example.org/v1alpha1 - kind: XPostgreSQLInstance - metadata: - creationTimestamp: "2023-01-27T23:47:12Z" - finalizers: - - composite.apiextensions.crossplane.io - generateName: platform-ref-gcp-db- - generation: 5 - labels: - crossplane.io/claim-name: platform-ref-gcp-db - crossplane.io/claim-namespace: default - crossplane.io/composite: platform-ref-gcp-db-p9wrj - name: platform-ref-gcp-db-p9wrj - resourceVersion: "6817" - uid: 96623f41-be2e-4eda-84d4-9668b48e284d - spec: - claimRef: - e apiVersion: database.example.org/v1alpha1 - kind: PostgreSQLInstance - name: platform-ref-gcp-db - namespace: default - compositionRef: - name: xpostgresqlinstances.database.example.org - compositionRevisionRef: - name: xpostgresqlinstances.database.example.org-eb6c684 - compositionUpdatePolicy: Automatic - parameters: - storageGB: 10 - resourceRefs: - - apiVersion: sql.gcp.upbound.io/v1beta1 - kind: DatabaseInstance - name: platform-ref-gcp-db-p9wrj-tvvtg - writeConnectionSecretToRef: - name: 96623f41-be2e-4eda-84d4-9668b48e284d - namespace: upbound-system - status: - conditions: - - lastTransitionTime: "2023-01-27T23:47:12Z" - reason: ReconcileSuccess - status: "True" - type: Synced - - lastTransitionTime: "2023-01-28T00:09:12Z" - reason: Creating - status: "False" - type: Ready - connectionDetails: - lastPublishedTime: "2023-01-28T00:08:12Z" - # Any desired Composite Resource connection details. Your Composition - # Function can add new entries to this array and Crossplane will record them - # as the XR's connection details. - connectionDetails: - - name: privateIP - value: 10.135.0.3 - # The desired composed resources. - resources: - # This db-instance matches the entry in observed. Functions must include any - # observed resources in their desired resources array. If you omit an observed - # resource from the desired resources array Crossplane will delete it. - # Crossplane will 'bootstrap' the desired state passed to the Function - # pipeline by copying all observed resources into the desired resources array. - - name: db-instance - resource: - apiVersion: sql.gcp.upbound.io/v1beta1 - kind: DatabaseInstance - metadata: - annotations: - crossplane.io/composition-resource-name: DBInstance - crossplane.io/external-name: platform-ref-gcp-db-p9wrj-tvvtg - creationTimestamp: "2023-01-27T23:47:12Z" - finalizers: - - finalizer.managedresource.crossplane.io - generateName: platform-ref-gcp-db-p9wrj- - generation: 80 - labels: - crossplane.io/claim-name: platform-ref-gcp-db - crossplane.io/claim-namespace: default - crossplane.io/composite: platform-ref-gcp-db-p9wrj - name: platform-ref-gcp-db-p9wrj-tvvtg - ownerReferences: - - apiVersion: database.example.org/v1alpha1 - blockOwnerDeletion: true - controller: true - kind: XPostgreSQLInstance - name: platform-ref-gcp-db-p9wrj - uid: 96623f41-be2e-4eda-84d4-9668b48e284d - resourceVersion: "7992" - uid: 43919834-fdce-427e-85d9-d03eab9501f1 - spec: - forProvider: - databaseVersion: POSTGRES_13 - deletionProtection: false - project: example - region: us-west2 - settings: - - diskSize: 10 - ipConfiguration: - - privateNetwork: projects/example/global/networks/platform-ref-gcp-cluster - privateNetworkRef: - name: platform-ref-gcp-cluster - tier: db-f1-micro - providerConfigRef: - name: default - writeConnectionSecretToRef: - name: 96623f41-be2e-4eda-84d4-9668b48e284d-gcp-postgresql - namespace: upbound-system - status: - atProvider: - connectionName: example:us-west2:platform-ref-gcp-db-p9wrj-tvvtg - firstIpAddress: 34.102.103.85 - id: platform-ref-gcp-db-p9wrj-tvvtg - privateIpAddress: 10.135.0.3 - publicIpAddress: 34.102.103.85 - settings: - - version: 1 - conditions: - - lastTransitionTime: "2023-01-28T00:07:30Z" - reason: Available - status: "True" - type: Ready - - lastTransitionTime: "2023-01-27T23:47:14Z" - reason: ReconcileSuccess - status: "True" - type: Synced - # This db-user is a desired composed resource that doesn't yet exist. This - # Composition Function is requesting it be created. - - name: db-user - resource: - apiVersion: sql.gcp.upbound.io/v1beta1 - kind: User - metadata: - annotations: - crossplane.io/composition-resource-name: db-user - crossplane.io/external-name: platform-ref-gcp-db-p9wrj-z8lpz - creationTimestamp: "2023-01-27T23:47:12Z" - finalizers: - - finalizer.managedresource.crossplane.io - generateName: platform-ref-gcp-db-p9wrj- - generation: 115 - labels: - crossplane.io/claim-name: platform-ref-gcp-db - crossplane.io/claim-namespace: default - crossplane.io/composite: platform-ref-gcp-db-p9wrj - name: platform-ref-gcp-db-p9wrj-z8lpz - ownerReferences: - - apiVersion: database.example.org/v1alpha1 - blockOwnerDeletion: true - controller: true - kind: XPostgreSQLInstance - name: platform-ref-gcp-db-p9wrj - uid: 96623f41-be2e-4eda-84d4-9668b48e284d - resourceVersion: "9951" - uid: ab5dafbe-2bc8-47ea-8b5b-9bcb40183e45 - spec: - forProvider: - instance: platform-ref-gcp-db-p9wrj-tvvtg - project: example - providerConfigRef: - name: default - # Any desired connection details for the new db-user composed resource. - # Desired connection details can be FromValue, FromFieldPath, or - # FromConnectionSecretKey, just like their P&T Composition equivalents. - connectionDetails: - - name: password - type: FromValue - value: very-secret - # Any desired readiness checks for the new db-user composed resource. - # Desired readiness checks can be NonEmpty, MatchString, MatchInteger, or - # None, just like their P&T Composition equivalents. - readinessChecks: - - type: None -# An optional array of results. -results: -- severity: Normal - message: "Successfully composed GCP SQL user" -``` -{{< /expand >}} - -### An example Function - -You can write a Composition Function using any programming language that can be -containerized, or existing tools like Helm or Kustomize. - -Here's a Python Composition Function that doesn't create any new desired -resources, but instead annotates any existing desired resources with a quote. -Because this function accesses the internet it needs to be run with the `Runner` -network policy. - -```python -import sys - -import requests -import yaml - -ANNOTATION_KEY_AUTHOR = "quotable.io/author" -ANNOTATION_KEY_QUOTE = "quotable.io/quote" - - -def get_quote() -> tuple[str, str]: - """Get a quote from quotable.io""" - rsp = requests.get("https://api.quotable.io/random") - rsp.raise_for_status() - j = rsp.json() - return (j["author"], j["content"]) - - -def read_Functionio() -> dict: - """Read the FunctionIO from stdin.""" - return yaml.load(sys.stdin.read(), yaml.Loader) - - -def write_Functionio(Functionio: dict): - """Write the FunctionIO to stdout and exit.""" - sys.stdout.write(yaml.dump(Functionio)) - sys.exit(0) - - -def result_warning(Functionio: dict, message: str): - """Add a warning result to the supplied FunctionIO.""" - if "results" not in Functionio: - Functionio["results"] = [] - Functionio["results"].append({"severity": "Warning", "message": message}) - - -def main(): - """Annotate all desired composed resources with a quote from quotable.io""" - try: - Functionio = read_Functionio() - except yaml.parser.ParserError as err: - sys.stdout.write("cannot parse FunctionIO: {}\n".format(err)) - sys.exit(1) - - # Return early if there are no desired resources to annotate. - if "desired" not in Functionio or "resources" not in Functionio["desired"]: - write_Functionio(Functionio) - - # If we can't get our quote, add a warning and return early. - try: - quote, author = get_quote() - except requests.exceptions.RequestException as err: - result_warning(Functionio, "Cannot get quote: {}".format(err)) - write_Functionio(Functionio) - - # Annotate all desired resources with our quote. - for r in Functionio["desired"]["resources"]: - if "resource" not in r: - # This shouldn't happen - add a warning and continue. - result_warning( - Functionio, - "Desired resource {name} missing resource body".format( - name=r.get("name", "unknown") - ), - ) - continue - - if "metadata" not in r["resource"]: - r["resource"]["metadata"] = {} - - if "annotations" not in r["resource"]["metadata"]: - r["resource"]["metadata"]["annotations"] = {} - - if ANNOTATION_KEY_QUOTE in r["resource"]["metadata"]["annotations"]: - continue - - r["resource"]["metadata"]["annotations"][ANNOTATION_KEY_AUTHOR] = author - r["resource"]["metadata"]["annotations"][ANNOTATION_KEY_QUOTE] = quote - - write_Functionio(Functionio) - - -if __name__ == "__main__": - main() -``` - -Building this function requires its `requirements.txt` and a `Dockerfile`: - -{{< expand "The Function's requirements" >}} -```python -certifi==2022.12.7 -charset-normalizer==3.0.1 -click==8.1.3 -idna==3.4 -pathspec==0.10.3 -platformdirs==2.6.2 -PyYAML==6.0 -requests==2.28.2 -tomli==2.0.1 -urllib3==1.26.14 -``` -{{< /expand >}} - -{{< expand "The Function's Dockerfile" >}} -```Dockerfile -FROM debian:11-slim AS build -RUN apt-get update && \ - apt-get install --no-install-suggests --no-install-recommends --yes python3-venv && \ - python3 -m venv /venv && \ - /venv/bin/pip install --upgrade pip setuptools wheel - -FROM build AS build-venv -COPY requirements.txt /requirements.txt -RUN /venv/bin/pip install --disable-pip-version-check -r /requirements.txt - -FROM gcr.io/distroless/python3-debian11 -COPY --from=build-venv /venv /venv -COPY . /app -WORKDIR /app -ENTRYPOINT ["/venv/bin/python3", "main.py"] -``` -{{< /expand >}} - -Create and push the Function just like you would any Docker image. - -Build the function. - -```shell {copy-lines="1"} -docker build . -Sending build context to Docker daemon 38.99MB -Step 1/10 : FROM debian:11-slim AS build - ---> 4810399f6c13 -Step 2/10 : RUN apt-get update && apt-get install --no-install-suggests --no-install-recommends --yes python3-venv gcc && python3 -m venv /venv && /venv/bin/pip install --upgrade pip setuptools wheel - ---> Using cache - ---> 9b34960c88d7 -Step 3/10 : FROM build AS build-venv - ---> 9b34960c88d7 -Step 4/10 : COPY requirements.txt /requirements.txt - ---> Using cache - ---> fae19dad52af -Step 5/10 : RUN /venv/bin/pip install --disable-pip-version-check -r /requirements.txt - ---> Using cache - ---> f4b811c75812 -Step 6/10 : FROM gcr.io/distroless/python3-debian11 - ---> 2a0e74a2b005 -Step 7/10 : COPY --from=build-venv /venv /venv - ---> Using cache - ---> cf727d3f20d3 -Step 8/10 : COPY . /app - ---> a044aef45e32 -Step 9/10 : WORKDIR /app - ---> Running in d08a6144815b -Removing intermediate container d08a6144815b - ---> 7250f5aa653e -Step 10/10 : ENTRYPOINT ["/venv/bin/python3", "main.py"] - ---> Running in 3f4d9dc55bad -Removing intermediate container 3f4d9dc55bad - ---> bfd2f920c591 -Successfully built bfd2f920c591 -``` - -Tag the function. -```shell -docker tag bfd2f920c591 example-org/xfn-quotable-simple:v0.1.0 -``` - -Push the function. - -```shell {copy-lines="1"} -docker push xpkg.upbound.io/example-org/xfn-quotable-simple:v0.1.0 -The push refers to repository [xpkg.upbound.io/example-org/xfn-quotable-simple] -cf6d94b88843: Pushed -77646fd315d2: Mounted from example-org/xfn-quotable -50630ee42b6e: Mounted from example-org/xfn-quotable -7e2cf97ed8c4: Mounted from example-org/xfn-quotable -96e320b34b54: Mounted from example-org/xfn-quotable -fba4381f2bb7: Mounted from example-org/xfn-quotable -v0.1.0: digest: sha256:d8a6404e5fe38936aa8dadd861fea35ede0aded6168d501052f91cdabab0135e size: 1584 -``` - -You can now use this Function in your Composition. The following example will -create an `RDSInstance` using P&T Composition, then run the Function to annotate -it with a quote. - -```yaml -apiVersion: apiextensions.crossplane.io/v1 -kind: Composition -metadata: - name: example -spec: - compositeTypeRef: - apiVersion: database.example.org/v1alpha1 - kind: XPostgreSQLInstance - resources: - - name: rds-instance - base: - apiVersion: rds.aws.upbound.io/v1beta1 - kind: Instance - spec: - forProvider: - dbName: example - instanceClass: db.t3.micro - region: us-west-2 - skipFinalSnapshot: true - username: exampleuser - engine: postgres - engineVersion: "12" - patches: - - fromFieldPath: spec.parameters.storageGB - toFieldPath: spec.forProvider.allocatedStorage - connectionDetails: - - type: FromFieldPath - name: username - fromFieldPath: spec.forProvider.username - - type: FromConnectionSecretKey - name: password - fromConnectionSecretKey: attribute.password - functions: - - name: quotable - type: Container - container: - image: xpkg.upbound.io/example-org/xfn-quotable-simple:v0.1.0 - network: - policy: Runner -``` - -### Tips for new functions - -Here are some things to keep in mind when building a Composition Function: - -* Your Function may be running as part of a pipeline. This means your Function - _must_ pass through any desired state that it's unconcerned with. If your - Function is passed a desired composed resource and doesn't return that - composed resource in its output, it will be deleted. Crossplane considers the - desired state of the XR and any composed resources to be whatever `FunctionIO` - is returned by the last Function in the pipeline. -* Crossplane won't set a `metadata.name` for your desired resources resources. - It's a good practice to match P&T Composition's behavior by setting - `metadata.generateName: "name-of-the-xr-"` for any new desired resources. -* Don't add new entries to the desired resources array every time your function - is invoked. Remember to check whether your desired resource is already in the - `observed` and/or `desired` objects. You may need to update it rather than - create it. -* Don't bypass providers. Composition Functions are designed to tell Crossplane - how to orchestrate managed resources - not to directly orchestrate external - systems. -* Include your function name and version in any results you return to aid in - debugging. -* Write tests for your function. Pass it a `FunctionIO` on stdin in and ensure - it returns the expected `FunctionIO` on stdout. -* Keep your Functions fast and lightweight. Remember that Crossplane runs them - approximately once every 30-60 seconds. - -## The xfn runner - -Composition Function runners are designed to be pluggable. Each time Crossplane -needs to invoke a Composition Function it makes a gRPC call to a configurable -endpoint. The default, reference Composition Function runner is named `xfn`. - -{{< hint "note" >}} -The default runner endpoint is `unix-abstract:crossplane/fn/default.sock`. It's -possible to run Functions using a different endpoint, for example: - -```yaml - functions: - - name: my-cool-Function - type: Container - container: - image: xkpg.io/my-cool-Function:0.1.0 - runner: - endpoint: unix-abstract:/your/custom/runner.sock -``` - -Currently Crossplane uses unauthenticated, unencrypted gRPC requests to run -Functions, so requests shouldn't be sent over the network. Encryption and -authentication will be added in a future release. -{{< /hint >}} - -`xfn` runs as a sidecar container within the Crossplane pod. It runs each -Composition Function as a nested [rootless container][rootless-containers]. - -{{< img src="media/composition-functions-xfn-runner.png" alt="Crossplane running Functions using xfn via gRPC" size="tiny" >}} - -The Crossplane Helm chart deploys `xfn` with: - -* The [`Unconfined` seccomp profile][kubernetes-seccomp]. -* The `CAP_SETUID` and `CAP_SETGID` capabilities. - -The `Unconfined` seccomp profile allows Crossplane to make required syscalls -such as `unshare` and `mount` that are not allowed by most `RuntimeDefault` -profiles. It's possible to run `xfn` with nearly the same restrictions as most -`RuntimeDefault` profiles by authoring a custom `Localhost` profile. Refer to -the [seccomp documentation][kubernetes-seccomp] for information on how to do so. - -Granting `CAP_SETUID` and `CAP_SETGID` allows `xfn` to create Function -containers that support up to 65,536 UIDs and GIDs. If `xfn` is run without -these capabilities it will be restricted to creating Function containers that -support only UID and GID 0. - -Regardless of capabilities `xfn` always runs each Composition Function as an -unprivileged user. That user will appear to be root inside the Composition -Function container thanks to [`user_namespaces(7)`]. - -[rootless-containers]: https://rootlesscontaine.rs -[kubernetes-seccomp]: https://kubernetes.io/docs/tutorials/security/seccomp/ -[`user_namespaces(7)`]: https://man7.org/linux/man-pages/man7/user_namespaces.7.html diff --git a/content/v1.13/concepts/packages.md b/content/v1.13/concepts/packages.md deleted file mode 100644 index 3bd1f527d..000000000 --- a/content/v1.13/concepts/packages.md +++ /dev/null @@ -1,513 +0,0 @@ ---- -title: Crossplane Packages -weight: 104 -description: "Packages combine multiple Crossplane resources into a single, portable, OCI image." ---- - - -Crossplane packages are opinionated [OCI images] that contain a stream of YAML -that can be parsed by the Crossplane package manager. Crossplane packages come -in two varieties: [Providers] and Configurations. Ultimately, the primary -purposes of Crossplane packages are as follows: - -- **Convenient Distribution**: Crossplane packages can be pushed to or installed - from any OCI-compatible registry. -- **Version Upgrade**: Crossplane can update packages in-place, meaning that you - can pick up support for new resource types or controller bug-fixes without - modifying your existing infrastructure. -- **Permissions**: Crossplane allocates permissions to packaged controllers in a - manner that ensures they will not maliciously take over control of existing - resources owned by other packages. Installing CRDs via packages also allows - Crossplane itself to manage those resources, allowing for powerful - [composition] features to be enabled. -- **Dependency Management**: Crossplane resolves dependencies between packages, - automatically installing a package's dependencies if they are not present in - the cluster, and checking if dependency versions are valid if they are already - installed. - -## Table of Contents - -The following packaging operations are covered in detail below: - -- [Table of Contents](#table-of-contents) -- [Building a Package](#building-a-package) - - [Provider Packages](#provider-packages) - - [Configuration Packages](#configuration-packages) -- [Pushing a Package](#pushing-a-package) -- [Installing a Package](#installing-a-package) - - [spec.package](#specpackage) - - [spec.packagePullPolicy](#specpackagepullpolicy) - - [spec.revisionActivationPolicy](#specrevisionactivationpolicy) - - [spec.revisionHistoryLimit](#specrevisionhistorylimit) - - [spec.packagePullSecrets](#specpackagepullsecrets) - - [spec.skipDependencyResolution](#specskipdependencyresolution) - - [spec.ignoreCrossplaneConstraints](#specignorecrossplaneconstraints) - - [spec.controllerConfigRef](#speccontrollerconfigref) -- [Upgrading a Package](#upgrading-a-package) - - [Package Upgrade Issues](#package-upgrade-issues) -- [The Package Cache](#the-package-cache) - - [Pre-Populating the Package Cache](#pre-populating-the-package-cache) - -## Building a Package - -As stated above, Crossplane packages are just opinionated OCI images, meaning -they can be constructed using any tool that outputs files that comply the the -OCI specification. However, constructing packages using the Crossplane CLI is a -more streamlined experience, as it will perform build-time checks on your -packages to ensure that they are compliant with the Crossplane [package format]. - -Providers and Configurations vary in the types of resources they may contain in -their packages. All packages must have a `crossplane.yaml` file in the root -directory with package contents. The `crossplane.yaml` contains the package's -metadata, which governs how Crossplane will install the package. - -### Provider Packages - -A Provider package contains a `crossplane.yaml` with the following format: - -```yaml -apiVersion: meta.pkg.crossplane.io/v1 -kind: Provider -metadata: - name: provider-gcp -spec: - crossplane: - version: ">=v1.0.0" - controller: - image: crossplane/provider-gcp-controller:v0.14.0 - permissionRequests: - - apiGroups: - - apiextensions.crossplane.io - resources: - - compositions - verbs: - - get - - list - - create - - update - - patch - - watch -``` - -See all available fields in the [official documentation][provider-docs]. - -> Note: The `meta.pkg.crossplane.io` group does not contain custom resources -> that may be installed into the cluster. They are strictly used as metadata in -> a Crossplane package. - -A Provider package may optionally contain one or more CRDs. These CRDs will be -installed prior to the creation of the Provider's `Deployment`. Crossplane will -not install _any_ CRDs for a package unless it can determine that _all_ CRDs can -be installed. This guards against multiple Providers attempting to reconcile the -same CRDs. Crossplane will also create a `ServiceAccount` with permissions to -reconcile these CRDs and it will be assigned to the controller `Deployment`. - -The `spec.controller.image` fields specifies that the `Provider` desires for the -controller `Deployment` to be created with the provided image. It is important -to note that this image is separate from the package image itself. In the case -above, it is an image containing the `provider-gcp` controller binary. - -The `spec.controller.permissionRequests` field allows a package author to -request additional RBAC for the packaged controller. The controller's -`ServiceAccount` will automatically give the controller permission to reconcile -all types that its package installs, as well as `Secrets`, `ConfigMaps`, and -`Events`. Any additional permissions must be explicitly requested. - -> Note that the Crossplane RBAC manager can be configured to reject permissions -> for certain API groups. If a package requests permissions that Crossplane is -> configured to reject, the package will fail to be installed. -> Authorized permissions should be aggregated to the rbac manager clusterrole -> (the cluster role defined by the provider-clusterrole flag in the rbac manager) -> by using the label `rbac.crossplane.io/aggregate-to-allowed-provider-permissions: "true"` - -The `spec.crossplane.version` field specifies the version constraints for core -Crossplane that the `Provider` is compatible with. It is advisable to use this -field if a package relies on specific features in a minimum version of -Crossplane. - -> All version constraints used in packages follow the [specification] outlined -> in the `Masterminds/semver` repository. - -For an example Provider package, see [provider-gcp]. - -To build a Provider package, navigate to the package root directory and execute -the following command: - -``` -crossplane build provider -``` - -If the Provider package is valid, you will see a file with the `.xpkg` -extension. - -> Note that the Crossplane CLI will not follow symbolic links for files in the -> root package directory. - -### Configuration Packages - -A Configuration package contains a `crossplane.yaml` with the following format: - -```yaml -apiVersion: meta.pkg.crossplane.io/v1 -kind: Configuration -metadata: - name: my-org-infra -spec: - crossplane: - version: ">=v1.0.0" - dependsOn: - - provider: xpkg.upbound.io/crossplane-contrib/provider-gcp - version: ">=v0.14.0" -``` - -See all available fields in the [official documentation][configuration-docs]. - -A Configuration package may also specify one or more of -`CompositeResourceDefinition` and `Composition` types. These resources will be -installed and will be solely owned by the Configuration package. No other -package will be able to modify them. - -The `spec.crossplane.version` field serves the same purpose that it does in a -`Provider` package. - -The `spec.dependsOn` field specifies packages that this package depends on. When -installed, the package manager will ensure that all dependencies are present and -have a valid version given the constraint. If a dependency is not installed, the -package manager will install it at the latest version that fits within the -provided constraints. - -> Dependency resolution is a `beta` feature and depends on the `v1beta1` -> [`Lock` API][lock-api]. - -For an example Configuration package, see [getting-started-with-gcp](https://github.com/crossplane/docs/tree/master/content/media/snippets/package/gcp). - -To build a Configuration package, navigate to the package root directory and -execute the following command: - -``` -crossplane build configuration -``` - -If the Provider package is valid, you will see a file with the `.xpkg` -extension. - -## Pushing a Package - -Crossplane packages can be pushed to any OCI-compatible registry. If a specific -registry is not specified they will be pushed to Docker Hub. - -To push a Provider package, execute the following command: - -``` -crossplane push provider xpkg.upbound.io/crossplane-contrib/provider-gcp:v0.22.0 -``` - -To push a Configuration package, execute the following command: - -``` -crossplane push configuration xpkg.upbound.io/crossplane-contrib/my-org-infra:v0.1.0 -``` - -> Note: Both of the above commands assume a single `.xpkg` file exists in the -> directory. If multiple exist or you would like to specify a package in a -> different directory, you can supply the `-f` flag with the path to the -> package. - -## Installing a Package - -Packages can be installed into a Crossplane cluster using the Crossplane CLI. - -To install a Provider package, execute the following command: - -``` -crossplane install provider xpkg.upbound.io/crossplane-contrib/provider-gcp:v0.22.0 -``` - -To install a Configuration package, execute the following command: - -``` -crossplane install configuration xpkg.upbound.io/crossplane-contrib/my-org-infra:v0.1.0 -``` - -Packages can also be installed manually by creating a `Provider` or -`Configuration` object directly. The preceding commands would result in the -creation of the following two resources, which could have been authored by hand: - -```yaml -apiVersion: pkg.crossplane.io/v1 -kind: Provider -metadata: - name: provider-gcp -spec: - package: xpkg.upbound.io/crossplane-contrib/provider-gcp:v0.22.0 - packagePullPolicy: IfNotPresent - revisionActivationPolicy: Automatic - revisionHistoryLimit: 1 -``` - -```yaml -apiVersion: pkg.crossplane.io/v1 -kind: Configuration -metadata: - name: my-org-infra -spec: - package: xpkg.upbound.io/crossplane-contrib/my-org-infra:v0.1.0 - packagePullPolicy: IfNotPresent - revisionActivationPolicy: Automatic - revisionHistoryLimit: 1 -``` - -> Note: These types differ from the `Provider` and `Configuration` types we saw -> earlier. They exist in the `pkg.crossplane.io` group rather than the -> `meta.pkg.crossplane.io` group and are actual custom resources created in the -> cluster. - -The default fields specified above can be configured with different values to -modify the installation and upgrade behavior of a package. In addition, there -are multiple other fields which can further customize how the package manager -handles a specific revision. - -### spec.package - -This is the package image that we built, pushed, and are asking Crossplane to -install. The tag we specify here is important. Crossplane will periodically -check if the installed image matches the digest of the image in the remote -registry. If it does not, Crossplane will create a new _Revision_ (either -`ProviderRevision` or `ConfigurationRevision`). If you do not wish Crossplane to -ever update your packages without explicitly instructing it to do so, you should -consider specifying a tag which you know will not have the underlying contents -change unexpectedly (e.g. a specific semantic version, such as `v0.1.0`) or, for -an even stronger guarantee, providing the image with a `@sha256` extension -instead of a tag. - -### spec.packagePullPolicy - -Valid values: `IfNotPresent`, `Always`, or `Never` (default: `IfNotPresent`) - -When a package is installed, Crossplane downloads the image contents into a -cache. Depending on the image identifier (tag or digest) and the -`packagePullPolicy`, the Crossplane package manager will decide if and when to -check and see if newer package contents are available. The following table -describes expected behavior based on the supplied fields: - -| | `IfNotPresent` | `Always` | `Never` | -|---------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------| -| Semver Tag (e.g. `v1.3.0`) | Package is downloaded when initially installed, and as long as it is present in the cache, it will not be downloaded again. If the cache is lost and the a new version of the package image has been pushed for the same tag, package could inadvertently be upgraded.

**Upgrade Safety: Strong** | Package is downloaded when initially installed, but Crossplane will check every minute if new content is available. New content would have to be pushed for the same semver tag for upgrade to take place.

**Upgrade Safety: Weak** | Crossplane will never download content. Must manually load package image in cache.

**Upgrade Safety: Strongest** | -| Digest (e.g. `@sha256:28b6...`) | Package is downloaded when initially installed, and as long as it is present in the cache, it will not be downloaded again. If the cache is lost but an image with this digest is still available, it will be downloaded again. The package will never be upgraded without a user changing the digest.

**Upgrade Safety: Very Strong** | Package is downloaded when initially installed, but Crossplane will check every minute if new content is available. Because image digest is used, new content will never be downloaded.

**Upgrade Safety: Strong** | Crossplane will never download content. Must manually load package image in cache.

**Upgrade Safety: Strongest** | -| Channel Tag (e.g. `latest`) | Package is downloaded when initially installed, and as long as it is present in the cache, it will not be downloaded again. If the cache is lost, the latest version of this package image will be downloaded again, which will frequently have different contents.

**Upgrade Safety: Weak** | Package is downloaded when initially installed, but Crossplane will check every minute if new content is available. When the image content is new, Crossplane will download the new contents and create a new revision.

**Upgrade Safety: Very Weak** | Crossplane will never download content. Must manually load package image in cache.

**Upgrade Safety: Strongest** | - -### spec.revisionActivationPolicy - -Valid values: `Automatic` or `Manual` (default: `Automatic`) - -When Crossplane downloads new contents for a package, regardless of whether it -was a manual upgrade (i.e. user updating package image tag), or an automatic one -(enabled by the `packagePullPolicy`), it will create a new package revision. -However, the new objects and / or controllers will not be installed until the -new revision is marked as `Active`. This activation process is configured by the -`revisionActivationPolicy` field. - -An `Active` package revision attempts to become the _controller_ of all -resources it installs. There can only be one controller of a resource, so if two -`Active` revisions both install the same resource, one will fail to install -until the other cedes control. - -An `Inactive` package revision attempts to become the _owner_ of all resources -it installs. There can be an arbitrary number of owners of a resource, so -multiple `Inactive` revisions and a single `Active` revision can exist for a -resource. Importantly, an `Inactive` package revision will not perform any -auxiliary actions (such as creating a `Deployment` in the case of a `Provider`), -meaning we will not encounter a situation where two revisions are fighting over -reconciling a resource. - -With `revisionActivationPolicy: Automatic`, Crossplane will mark any new -revision as `Active` when it is created, as well as transition any old revisions -to `Inactive`. When `revisionActivationPolicy: Manual`, the user must manually -edit a new revision and mark it as `Active`. This can be useful if you are using -a `packagePullPolicy: Automatic` with a channel tag (e.g. `latest`) and you want -Crossplane to create new revisions when a new version is available, but you -don't want to automatically update to that newer revision. - -It is recommended for most users to use semver tags or image digests and -manually update their packages, but use a `revisionActivationPolicy: Automatic` -to avoid having to manually activate new versions. However, each user should -consider their specific environment and choose a combination that makes sense -for them. - -For security reasons, it's suggested using image digests instead or alongside -tags (`vx.y.z@sha256:...`), to ensure that the package content wasn't tampered -with. - -### spec.revisionHistoryLimit - -Valid values: any integer, disabled by explicitly setting to `0` (default `1`) - -When a revision transitions from `Inactive` to `Active`, its revision number -gets set to one greater than the largest revision number of all revisions for -its package. Therefore, as the number of revisions increases, the least recently -`Active` revision will have the lowest revision number. Crossplane will garbage -collect old `Inactive` revisions if they fall outside the -`spec.revisionHistoryLimit`. For instance, if my revision history limit is `3` -and I currently have three old `Inactive` revisions and one `Active` revision, -when I upgrade the next time, the new revision will be given the highest -revision number when it becomes `Active`, the previously `Active` revision will -become `Inactive`, and the oldest `Inactive` revision will be garbage collected. - -> Note: In the case that `spec.revisionActivationPolicy: Manual` and you upgrade -> enough times (but do not make `Active` the new revisions), it is possible that -> activating a newer revision could cause the previously `Active` revision to -> immediately be garbage collected if it is outside the -> `spec.revisionHistoryLimit`. - -### spec.packagePullSecrets - -Valid values: slice of `Secret` names (secrets must exist in `namespace` -Crossplane was installed in, typically `crossplane-system`) - -This field allows a user to provide credentials required to pull a package from -a private repository on a registry. The credentials are passed along to a -packaged controller if the package is a `Provider`, but are not passed along to -any dependencies. - -### spec.skipDependencyResolution - -Valid values: `true` or `false` (default: `false`) - -If `skipDependencyResolution: true`, the package manager will install a package -without considering its dependencies. - -### spec.ignoreCrossplaneConstraints - -Valid values: `true` or `false` (default: `false`) - -If `ignoreCrossplaneConstraints: true`, the package manager will install a -package without considering the version of Crossplane that is installed. - -### spec.controllerConfigRef - -{{< hint "warning" >}} -The `ControllerConfig` API has been deprecated and will be removed in a future -release when a comparable alternative is available. -{{< /hint >}} - -Valid values: name of a `ControllerConfig` object - -Packaged `Provider` controllers are installed in the form of a `Deployment`. -Crossplane populates the `Deployment` with default values that may not be -appropriate for every use-case. In the event that a user wants to override some -of the defaults that Crossplane has set, they may create and reference a -`ControllerConfig`. - -An example of when this may be useful is when a user is running Crossplane on -EKS and wants to take advantage of [IAM Roles for Service Accounts]. This -requires setting an `fsGroup` and annotating the `ServiceAccount` that -Crossplane creates for the controller. This could be accomplished with the -following `ControllerConfig` and `Provider`: - -```yaml -apiVersion: pkg.crossplane.io/v1alpha1 -kind: ControllerConfig -metadata: - name: aws-config - annotations: - eks.amazonaws.com/role-arn: arn:aws:iam::$AWS_ACCOUNT_ID\:role/$IAM_ROLE_NAME -spec: - podSecurityContext: - fsGroup: 2000 ---- -apiVersion: pkg.crossplane.io/v1 -kind: Provider -metadata: - name: provider-aws -spec: - package: xpkg.upbound.io/crossplane-contrib/provider-aws:v0.33.0 - controllerConfigRef: - name: aws-config -``` - -You can find all configurable values in the [official `ControllerConfig` -documentation][controller-config-docs]. - -## Upgrading a Package - -Upgrading a `Provider` or `Configuration` to a new version can be accomplished -by editing the existing manifest and applying it with a new version tag in -`spec.package`. Crossplane will observe the updated manifest and create a new -`ProviderRevision` or `ConfigurationRevision` for the specified version. The new -revision will be activated in accordance with `spec.revisionActivationPolicy`. - -### Package Upgrade Issues - -Upgrading a package can require manual intervention in the event that the -previous version of the package supported a version of a custom resource that -has been dropped and replaced by a new version in the new package revision. -Kubernetes does not allow for applying a `CustomResourceDefinition` (CRD) that -drops a version in the `spec` that is in the current `status.storedVersions` -list, meaning that a revision cannot update and become the _controller_ of all -of its resources. - -This situation can be remedied by manually deleting the offending CRD and -letting the new revision re-create it. In the event that custom resources exist -for the given CRD, they must be deleted before the CRD can be removed. - -## The Package Cache - -When a package is installed into a cluster, Crossplane fetches the package image -and stores its contents in a dedicated package cache. By default, this cache is -backed by an [`emptyDir` Volume][emptyDir-volume], meaning that all cached data -is lost when a `Pod` restarts. Users who wish for cache contents to be persisted -between `Pod` restarts may opt to instead use a [`persistentVolumeClaim` -(PVC)][pvc] by setting the `packageCache.pvc` Helm chart parameter to the name -of the PVC. - -### Pre-Populating the Package Cache - -Because the package cache can be backed by any storage medium, users are able to -optionally to pre-populate the cache with images that are not present on an -external [OCI registry]. To utilize a package that has been manually stored in -the cache, users must specify the name of the package in `spec.package` and use -`packagePullPolicy: Never`. For instance, if a user built a `Configuration` -package named `mycoolpkg.xpkg` and loaded it into the volume that was to be used -for the package cache (i.e. copied the `.xpkg` file into the storage medium -backing the PVC), the package could be utilized with the following manifest: - -```yaml -apiVersion: pkg.crossplane.io/v1 -kind: Configuration -metadata: - name: my-cool-pkg -spec: - package: mycoolpkg - packagePullPolicy: Never -``` - -Importantly, as long as a package is being used as the `spec.package` of a -`Configuration` or `Provider`, it must remain in the cache. For this reason, it -is recommended that users opt for a durable storage medium when manually loading -packages into the cache. - -In addition, if manually loading a `Provider` package into the cache, users must -ensure that the controller image that it references is able to be pulled by the -cluster nodes. This can be accomplished either by pushing it to a registry, or -by [pre-pulling images] onto nodes in the cluster. - - - - -[OCI images]: https://github.com/opencontainers/image-spec -[Providers]: {{}} -[provider-docs]: https://doc.crds.dev/github.com/crossplane/crossplane/meta.pkg.crossplane.io/Provider/v1 -[configuration-docs]: https://doc.crds.dev/github.com/crossplane/crossplane/meta.pkg.crossplane.io/Configuration/v1 -[lock-api]: https://doc.crds.dev/github.com/crossplane/crossplane/pkg.crossplane.io/Lock/v1beta1 -[specification]: https://github.com/Masterminds/semver#basic-comparisons -[composition]: {{}} -[IAM Roles for Service Accounts]: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html -[controller-config-docs]: https://doc.crds.dev/github.com/crossplane/crossplane/pkg.crossplane.io/ControllerConfig/v1alpha1 -[package format]: https://github.com/crossplane/crossplane/blob/1aa83092172bdf0d2ed64754d33517c612ff7368/design/one-pager-package-format-v2.md -[provider-gcp]: https://doc.crds.dev/github.com/crossplane/crossplane/meta.pkg.crossplane.io/Provider/v1 -[emptyDir-volume]: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir -[pvc]: https://kubernetes.io/docs/concepts/storage/volumes/#persistentvolumeclaim -[OCI registry]: https://github.com/opencontainers/distribution-spec -[pre-pulling images]: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images diff --git a/content/v1.13/concepts/providers.md b/content/v1.13/concepts/providers.md deleted file mode 100644 index c02b019e0..000000000 --- a/content/v1.13/concepts/providers.md +++ /dev/null @@ -1,447 +0,0 @@ ---- -title: Providers -weight: 5 -description: "Providers connect Crossplane to external APIs" ---- - -Providers enable Crossplane to provision infrastructure on an -external service. Providers create new Kubernetes APIs and map them to external -APIs. - -Providers are responsible for all aspects of connecting to non-Kubernetes -resources. This includes authentication, making external API calls and -providing -[Kubernetes Controller](https://kubernetes.io/docs/concepts/architecture/controller/) -logic for any external resources. - -Examples of providers include: - -* [Provider AWS](https://github.com/upbound/provider-aws) -* [Provider Azure](https://github.com/upbound/provider-azure) -* [Provider GCP](https://github.com/upbound/provider-gcp) -* [Provider Kubernetes](https://github.com/crossplane-contrib/provider-kubernetes) - -{{< hint "tip" >}} -Find more providers in the [Upbound Marketplace](https://marketplace.upbound.io). -{{< /hint >}} - - - -Providers define every external resource they can create in Kubernetes as a -Kubernetes API endpoint. These endpoints are -[_Managed Resources_]({{}}). - - -{{< hint "note" >}} -Instructions on building your own Provider are outside of the scope of this -document. Read the Crossplane contributing [Provider Development Guide](https://github.com/crossplane/crossplane/blob/master/contributing/guide-provider-development.md) -for more information. -{{< /hint >}} - -## Install a Provider - -Installing a provider creates new Kubernetes resources representing the -Provider's APIs. Installing a provider also creates a Provider pod that's -responsible for reconciling the Provider's APIs into the Kubernetes cluster. -Providers constantly watch the state of the desired managed resources and create -any external resources that are missing. - -Install a Provider with a Crossplane -{{}}Provider{{}} object setting the -{{}}spec.package{{}} value to the -location of the provider package. - -For example, to install the -[AWS Community Provider](https://github.com/crossplane-contrib/provider-aws), - -```yaml {label="install"} -apiVersion: pkg.crossplane.io/v1 -kind: Provider -metadata: - name: provider-aws -spec: - package: xpkg.upbound.io/crossplane-contrib/provider-aws:v0.39.0 -``` - -{{< hint "tip" >}} -Providers are Crossplane Packages. Read more about Packages in the -[Packages documentation]({{}}). -{{< /hint >}} - -By default, the Provider pod installs in the same namespace as Crossplane -(`crossplane-system`). - -### Install with Helm - -Crossplane supports installing Providers during an initial Crossplane -installation with the Crossplane Helm chart. - -Use the -{{}}--set provider.packages{{}} -argument with `helm install`. - -For example, to install the AWS Community Provider, - -```shell {label="helm"} -helm install crossplane \ -crossplane-stable/crossplane \ ---namespace crossplane-system \ ---create-namespace \ ---set provider.packages='{xpkg.upbound.io/crossplane-contrib/provider-aws:v0.39.0}' -``` - -### Install from a private repository - -Installing a Provider from a private package repository requires a -Kubernetes secret object. The Provider uses the secret with the -{{}}packagePullSecrets{{}} option. - -```yaml {label="pps"} -apiVersion: pkg.crossplane.io/v1 -kind: Provider -metadata: - name: private-provider -spec: - package: private-repo.example.org/providers/my-provider - packagePullSecrets: - - name: my-secret -``` - -{{< hint "note" >}} -The Kubernetes secret object the Provider uses must be in the same namespace as -the Crossplane pod. -{{< /hint >}} - -## Upgrade a Provider - -To upgrade an existing Provider edit the installed Provider Package by either -applying a new Provider manifest or with `kubectl edit providers`. - -Update the version number in the Provider's `spec.package` and apply the change. -Crossplane installs the new image and creates a new `ProviderRevision`. - -## Remove a Provider - -Remove a Provider by deleting the Provider object with `kubectl delete -provider`. - -{{< hint "warning" >}} -Removing a Provider without first removing the Provider's managed resources -may abandon the resources. The external resources aren't deleted. - -If you remove the Provider first, you must manually delete external resources -through your cloud provider. Managed resources must be manually deleted by -removing their finalizers. - -For more information on deleting abandoned resources read the [Crossplane troubleshooting guide]({{}}). -{{< /hint >}} - -## Verify a Provider - -Providers install their own APIs representing the managed resources they support. -Providers may also create Deployments, Service Accounts or RBAC configuration. - -View the status of a Provider with - -`kubectl get providers` - -During the install a Provider report `INSTALLED` as `True` and `HEALTHY` as -`Unknown`. - -```shell {copy-lines="1"} -kubectl get providers -NAME INSTALLED HEALTHY PACKAGE AGE -crossplane-contrib-provider-aws True Unknown xpkg.upbound.io/crossplane-contrib/provider-aws:v0.39.0 63s -``` - -After the Provider install completes and it's ready for use the `HEALTHY` status -reports `True`. - -```shell {copy-lines="1"} -kubectl get providers -NAME INSTALLED HEALTHY PACKAGE AGE -crossplane-contrib-provider-aws True True xpkg.upbound.io/crossplane-contrib/provider-aws:v0.39.0 88s -``` - -{{}} -Some Providers install hundreds of Kubernetes Custom Resource Definitions (`CRDs`). -This can create significant strain on undersized API Servers, impacting Provider -install times. - -The Crossplane community has more -[details on scaling CRDs](https://github.com/crossplane/crossplane/blob/master/design/one-pager-crd-scaling.md). -{{< /hint >}} - -### Provider conditions - -Crossplane uses a standard set of `Conditions` for Providers. -View the conditions of a provider under their `Status` with -`kubectl describe provider`. - -```yaml -kubectl describe provider -Name: my-provider -API Version: pkg.crossplane.io/v1 -Kind: Provider -# Removed for brevity -Status: - Conditions: - Reason: HealthyPackageRevision - Status: True - Type: Healthy - Reason: ActivePackageRevision - Status: True - Type: Installed -# Removed for brevity -``` - -#### Types - -Provider `Conditions` support two `Types`: - -* `Type: Installed` - the Provider package installed but isn't ready for use. -* `Type: Healthy` - The Provider package is ready to use. - -#### Reasons - -Each `Reason` relates to a specific `Type` and `Status`. Crossplane uses the -following `Reasons` for Provider `Conditions`. - - -##### InactivePackageRevision - -`Reason: InactivePackageRevision` indicates the Provider Package is using an -inactive Provider Package Revision. - - -```yaml -Type: Installed -Status: False -Reason: InactivePackageRevision -``` - - -##### ActivePackageRevision - -The Provider Package is the current Package Revision, but Crossplane hasn't -finished installing the Package Revision yet. - -{{< hint "tip" >}} -Providers stuck in this state are because of a problem with Package Revisions. - -Use `kubectl describe providerrevisions` for more details. -{{< /hint >}} - -```yaml -Type: Installed -Status: True -Reason: ActivePackageRevision -``` - - -##### HealthyPackageRevision - -The Provider is fully installed and ready to use. - -{{}} -`Reason: HealthyPackageRevision` is the normal state of a working Provider. -{{< /hint >}} - - -```yaml -Type: Healthy -Status: True -Reason: HealthyPackageRevision -``` - - -##### UnhealthyPackageRevision - - -There was an error installing the Provider Package Revision, preventing -Crossplane from installing the Provider Package. - -{{}} -Use `kubectl describe providerrevisions` for more details on why the Package -Revision failed. -{{< /hint >}} - -```yaml -Type: Healthy -Status: False -Reason: UnhealthyPackageRevision -``` - -##### UnknownPackageRevisionHealth - - -The status of the Provider Package Revision is `Unknown`. The Provider Package -Revision may be installing or has an issue. - -{{}} -Use `kubectl describe providerrevisions` for more details on why the Package -Revision failed. -{{< /hint >}} - -```yaml -Type: Healthy -Status: Unknown -Reason: UnknownPackageRevisionHealth -``` - -## Configure a Provider - -Providers have two different types of configurations: - -* _Controller configurations_ that change the settings of the Provider pod - running inside the Kubernetes cluster. For example, Pod `toleration`. -* _Provider configurations_ that change settings used when communicating with - an external provider. For example, cloud provider authentication. - -{{}} -Apply `ControllerConfig` objects to Providers. - -Apply `ProviderConfig` objects to managed resources. -{{< /hint >}} - -### Controller configuration - -{{< hint "important" >}} -The Crossplane community deprecated the `ControllerConfig` type in v1.11 to -indicate that no further enhancements will be made to it. -Applying a Controller configuration generates a deprecation warning. - -Controller configurations are still supported until there is a replacement type -in a future Crossplane version. You can read more about the design of -[Package Runtime Config](https://github.com/crossplane/crossplane/blob/master/design/one-pager-package-runtime-config.md) -which will replace it in the future. -{{< /hint >}} - -Applying a Crossplane `ControllerConfig` to a Provider changes the settings of -the Provider's pod. The -[Crossplane ControllerConfig schema](https://doc.crds.dev/github.com/crossplane/crossplane/pkg.crossplane.io/ControllerConfig/v1alpha1) -defines the supported set of ControllerConfig settings. - -The most common use case for ControllerConfigs are providing `args` to a -Provider's pod enabling optional services. For example, enabling -[external secret stores]({{< ref "../guides/vault-as-secret-store#enable-external-secret-stores-in-the-provider" >}}) -for a Provider. - -Each Provider determines their supported set of `args`. - -### Provider configuration - -The `ProviderConfig` determines settings the Provider uses communicating to the -external provider. Each Provider determines available settings of their -`ProviderConfig`. - - - -Provider authentication is usually configured with a `ProviderConfig`. For -example, to use basic key-pair authentication with Provider AWS a -{{}}ProviderConfig{{}} -{{}}spec{{}} -defines the -{{}}credentials{{}} and that -the Provider pod should look in the Kubernetes -{{}}Secrets{{}} objects and use -the key named -{{}}aws-creds{{}}. - -```yaml {label="providerconfig"} -apiVersion: aws.crossplane.io/v1beta1 -kind: ProviderConfig -metadata: - name: aws-provider -spec: - credentials: - source: Secret - secretRef: - namespace: crossplane-system - name: aws-creds - key: creds -``` - -{{< hint "important" >}} -Authentication configuration may be different across Providers. - -Read the documentation on a specific Provider for instructions on configuring -authentication for that Provider. -{{< /hint >}} - - - -ProviderConfig objects apply to individual Managed Resources. A single -Provider can authenticate with multiple users or accounts through -ProviderConfigs. - - -Each account's credentials tie to a unique ProviderConfig. When creating a -managed resource, attach the desired ProviderConfig. - -For example, two AWS ProviderConfigs, named -{{}}user-keys{{}} and -{{}}admin-keys{{}} -use different Kubernetes secrets. - -```yaml {label="user"} -apiVersion: aws.crossplane.io/v1beta1 -kind: ProviderConfig -metadata: - name: user-keys -spec: - credentials: - source: Secret - secretRef: - namespace: crossplane-system - name: my-key - key: secret-key -``` - -```yaml {label="admin"} -apiVersion: aws.crossplane.io/v1beta1 -kind: ProviderConfig -metadata: - name: admin-keys -spec: - credentials: - source: Secret - secretRef: - namespace: crossplane-system - name: admin-key - key: admin-secret-key -``` - -Apply the ProviderConfig when creating a managed resource. - -This creates an AWS {{}}Bucket{{< /hover >}} -resource using the -{{}}user-keys{{< /hover >}} ProviderConfig. - -```yaml {label="user-bucket"} -apiVersion: s3.aws.upbound.io/v1beta1 -kind: Bucket -metadata: - name: user-bucket -spec: - forProvider: - region: us-east-2 - providerConfigRef: - name: user-keys -``` - -This creates a second {{}}Bucket{{< /hover >}} -resource using the -{{}}admin-keys{{< /hover >}} ProviderConfig. - -```yaml {label="admin-bucket"} -apiVersion: s3.aws.upbound.io/v1beta1 -kind: Bucket -metadata: - name: user-bucket -spec: - forProvider: - region: us-east-2 - providerConfigRef: - name: admin-keys -``` diff --git a/content/v1.13/software/upgrade.md b/content/v1.13/software/upgrade.md deleted file mode 100644 index 345d817a6..000000000 --- a/content/v1.13/software/upgrade.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: Upgrade Crossplane -weight: 200 -draft: true ---- - -Install, Uninstall, Upgrade diff --git a/content/v1.14/getting-started/install-crossplane-include.md b/content/v1.14/getting-started/install-crossplane-include.md index 0d88a6cb8..ee71baa4d 100644 --- a/content/v1.14/getting-started/install-crossplane-include.md +++ b/content/v1.14/getting-started/install-crossplane-include.md @@ -5,7 +5,7 @@ searchExclude: true ## Install Crossplane -Crossplane installs into an existing Kubernetes cluster. +Crossplane installs into an existing Kubernetes cluster. {{< hint type="tip" >}} If you don't have a Kubernetes cluster create one locally with [Kind](https://kind.sigs.k8s.io/). @@ -930,7 +930,7 @@ spec: serviceAccountName: crossplane hostNetwork: false initContainers: - - image: "crossplane/crossplane:v1.13.0" + - image: "crossplane/crossplane:v1.14.0" args: - core - init @@ -978,7 +978,7 @@ spec: - name: "WEBHOOK_SERVICE_PORT" value: "9443" containers: - - image: "crossplane/crossplane:v1.13.0" + - image: "crossplane/crossplane:v1.14.0" args: - core - start @@ -1086,7 +1086,7 @@ spec: {} serviceAccountName: rbac-manager initContainers: - - image: "crossplane/crossplane:v1.13.0" + - image: "crossplane/crossplane:v1.14.0" args: - rbac - init @@ -1116,7 +1116,7 @@ spec: containerName: crossplane-init resource: limits.memory containers: - - image: "crossplane/crossplane:v1.13.0" + - image: "crossplane/crossplane:v1.14.0" args: - rbac - start @@ -1180,7 +1180,7 @@ crossplane-d4cd8d784-ldcgb 1/1 Running 0 54s crossplane-rbac-manager-84769b574-6mw6f 1/1 Running 0 54s ``` -Installing Crossplane creates new Kubernetes API end-points. +Installing Crossplane creates new Kubernetes API end-points. Look at the new API end-points with `kubectl api-resources | grep crossplane`. ```shell {label="grep",copy-lines="1"} diff --git a/content/v1.14/guides/import-existing-resources.md b/content/v1.14/guides/import-existing-resources.md index 6df790c95..88b36e231 100644 --- a/content/v1.14/guides/import-existing-resources.md +++ b/content/v1.14/guides/import-existing-resources.md @@ -5,7 +5,7 @@ weight: 200 If you have resources that are already provisioned in a Provider, you can import them as managed resources and let Crossplane manage them. -A managed resource's [`managementPolicies`]({{}}) +A managed resource's [`managementPolicies`]({{}}) field enables importing external resources into Crossplane. Crossplane can import resources either [manually]({{}}) @@ -14,17 +14,17 @@ or [automatically]({{}}). ## Import resources manually Crossplane can discover and import existing Provider resources by matching the -`crossplane.io/external-name` annotation in a managed resource. +`crossplane.io/external-name` annotation in a managed resource. To import an existing external resource in a Provider, create a new managed resource with the `crossplane.io/external-name` annotation. Set the annotation value to the name of the resource in the Provider. -For example, to import an existing GCP Network named +For example, to import an existing GCP Network named {{}}my-existing-network{{}}, -create a new managed resource and use the +create a new managed resource and use the {{}}my-existing-network{{}} in the -annotation. +annotation. ```yaml {label="annotation",copy-lines="none"} apiVersion: compute.gcp.crossplane.io/v1beta1 @@ -34,14 +34,14 @@ metadata: crossplane.io/external-name: my-existing-network ``` -The {{}}metadata.name{{}} -field can be anything you want. For example, -{{}}imported-network{{}}. +The {{}}metadata.name{{}} +field can be anything you want. For example, +{{}}imported-network{{}}. {{< hint "note" >}} -This name is the +This name is the name of the Kubernetes object. It's not related to the resource name inside the -Provider. +Provider. {{< /hint >}} ```yaml {label="name",copy-lines="none"} @@ -53,15 +53,15 @@ metadata: crossplane.io/external-name: my-existing-network ``` -Leave the -{{}}spec.forProvider{{}} field empty. -Crossplane imports the settings and automatically applies them to the managed -resource. +Leave the +{{}}spec.forProvider{{}} field empty. +Crossplane imports the settings and automatically applies them to the managed +resource. {{< hint "important" >}} -If the managed resource has _required_ fields in the +If the managed resource has _required_ fields in the {{}}spec.forProvider{{}} you must add it to -the `forProvider` field. +the `forProvider` field. The values of those fields must match what's inside the Provider or Crossplane overwrites the existing values. @@ -82,17 +82,17 @@ spec: Crossplane now controls and manages this imported resource. Any changes to the managed resource `spec` changes the external resource. -## Import resources automatically +## Import resources automatically -Automatically import external resources with an `Observe` [management policy]({{}}). +Automatically import external resources with an `Observe` [management policy]({{}}). Crossplane imports observe only resources but never changes or deletes the resources. {{}} -The managed resource `managementPolicies` option is a beta feature. +The managed resource `managementPolicies` option is a beta feature. -The Provider determines support for management policies. +The Provider determines support for management policies. Refer to the Provider's documentation to see if the Provider supports management policies. {{< /hint >}} @@ -101,15 +101,15 @@ management policies. ### Apply the Observe management policy -Create a new managed resource matching the -{{}}apiVersion{{}} and +Create a new managed resource matching the +{{}}apiVersion{{}} and {{}}kind{{}} of the resource to import and add -{{}}managementPolicies: ["Observe"]{{}} to the +{{}}managementPolicies: ["Observe"]{{}} to the {{}}spec{{}} For example, to import a GCP SQL DatabaseInstance, create a new resource with -the {{}}managementPolicies: ["Observe"]{{}} +the {{}}managementPolicies: ["Observe"]{{}} set. ```yaml {label="oo-policy",copy-lines="none"} apiVersion: sql.gcp.upbound.io/v1beta1 @@ -119,14 +119,14 @@ spec: ``` ### Add the external-name annotation -Add the {{}}crossplane.io/external-name{{}} +Add the {{}}crossplane.io/external-name{{}} annotation for the resource. This name must match the name inside the Provider. -For example, for a GCP database named +For example, for a GCP database named {{}}my-external-database{{}}, apply -the -{{}}crossplane.io/external-name{{}} -annotation with the value +the +{{}}crossplane.io/external-name{{}} +annotation with the value {{}}my-external-database{{}}. ```yaml {label="oo-ex-name",copy-lines="none"} @@ -140,10 +140,10 @@ spec: ``` ### Create a Kubernetes object name -Create a {{}}name{{}} to use for the -Kubernetes object. +Create a {{}}name{{}} to use for the +Kubernetes object. -For example, name the Kubernetes object +For example, name the Kubernetes object {{}}my-imported-database{{}}. ```yaml {label="oo-name",copy-lines="none"} @@ -159,11 +159,11 @@ spec: ### Identify a specific external resource If more than one resource inside the Provider shares the same name, identify the -specific resource with a unique -{{}}spec.forProvider{{}} field. +specific resource with a unique +{{}}spec.forProvider{{}} field. -For example, only import the GCP SQL database in the -{{}}us-central1{{}} region. +For example, only import the GCP SQL database in the +{{}}us-central1{{}} region. ```yaml {label="oo-region"} apiVersion: sql.gcp.upbound.io/v1beta1 @@ -181,7 +181,7 @@ spec: ### Apply the managed resource Apply the new managed resource. Crossplane syncs the status of the external -resource in the cloud with the newly created managed resource. +resource in the cloud with the newly created managed resource. ### View the discovered resource Crossplane discovers the managed resource and populates the @@ -229,13 +229,13 @@ status: ``` ## Control imported ObserveOnly resources - + -Crossplane can take active control of observe only imported resources by +Crossplane can take active control of observe only imported resources by changing the `managementPolicies` after import. Change the {{}}managementPolicies{{}} field -of the managed resource to +of the managed resource to {{}}["*"]{{}}. Copy any required parameter values from @@ -281,5 +281,5 @@ status: type: Synced ``` -Crossplane now fully manages the imported resource. Crossplane applies any -changes to the managed resource in the Provider's external resource. \ No newline at end of file +Crossplane now fully manages the imported resource. Crossplane applies any +changes to the managed resource in the Provider's external resource. \ No newline at end of file diff --git a/content/v1.15/guides/import-existing-resources.md b/content/v1.15/guides/import-existing-resources.md index 6df790c95..922eaf98c 100644 --- a/content/v1.15/guides/import-existing-resources.md +++ b/content/v1.15/guides/import-existing-resources.md @@ -5,7 +5,7 @@ weight: 200 If you have resources that are already provisioned in a Provider, you can import them as managed resources and let Crossplane manage them. -A managed resource's [`managementPolicies`]({{}}) +A managed resource's [`managementPolicies`]({{}}) field enables importing external resources into Crossplane. Crossplane can import resources either [manually]({{}}) @@ -14,17 +14,17 @@ or [automatically]({{}}). ## Import resources manually Crossplane can discover and import existing Provider resources by matching the -`crossplane.io/external-name` annotation in a managed resource. +`crossplane.io/external-name` annotation in a managed resource. To import an existing external resource in a Provider, create a new managed resource with the `crossplane.io/external-name` annotation. Set the annotation value to the name of the resource in the Provider. -For example, to import an existing GCP Network named +For example, to import an existing GCP Network named {{}}my-existing-network{{}}, -create a new managed resource and use the +create a new managed resource and use the {{}}my-existing-network{{}} in the -annotation. +annotation. ```yaml {label="annotation",copy-lines="none"} apiVersion: compute.gcp.crossplane.io/v1beta1 @@ -34,14 +34,14 @@ metadata: crossplane.io/external-name: my-existing-network ``` -The {{}}metadata.name{{}} -field can be anything you want. For example, -{{}}imported-network{{}}. +The {{}}metadata.name{{}} +field can be anything you want. For example, +{{}}imported-network{{}}. {{< hint "note" >}} -This name is the +This name is the name of the Kubernetes object. It's not related to the resource name inside the -Provider. +Provider. {{< /hint >}} ```yaml {label="name",copy-lines="none"} @@ -53,15 +53,15 @@ metadata: crossplane.io/external-name: my-existing-network ``` -Leave the -{{}}spec.forProvider{{}} field empty. -Crossplane imports the settings and automatically applies them to the managed -resource. +Leave the +{{}}spec.forProvider{{}} field empty. +Crossplane imports the settings and automatically applies them to the managed +resource. {{< hint "important" >}} -If the managed resource has _required_ fields in the +If the managed resource has _required_ fields in the {{}}spec.forProvider{{}} you must add it to -the `forProvider` field. +the `forProvider` field. The values of those fields must match what's inside the Provider or Crossplane overwrites the existing values. @@ -82,17 +82,17 @@ spec: Crossplane now controls and manages this imported resource. Any changes to the managed resource `spec` changes the external resource. -## Import resources automatically +## Import resources automatically -Automatically import external resources with an `Observe` [management policy]({{}}). +Automatically import external resources with an `Observe` [management policy]({{}}). Crossplane imports observe only resources but never changes or deletes the resources. {{}} -The managed resource `managementPolicies` option is a beta feature. +The managed resource `managementPolicies` option is a beta feature. -The Provider determines support for management policies. +The Provider determines support for management policies. Refer to the Provider's documentation to see if the Provider supports management policies. {{< /hint >}} @@ -101,15 +101,15 @@ management policies. ### Apply the Observe management policy -Create a new managed resource matching the -{{}}apiVersion{{}} and +Create a new managed resource matching the +{{}}apiVersion{{}} and {{}}kind{{}} of the resource to import and add -{{}}managementPolicies: ["Observe"]{{}} to the +{{}}managementPolicies: ["Observe"]{{}} to the {{}}spec{{}} For example, to import a GCP SQL DatabaseInstance, create a new resource with -the {{}}managementPolicies: ["Observe"]{{}} +the {{}}managementPolicies: ["Observe"]{{}} set. ```yaml {label="oo-policy",copy-lines="none"} apiVersion: sql.gcp.upbound.io/v1beta1 @@ -119,14 +119,14 @@ spec: ``` ### Add the external-name annotation -Add the {{}}crossplane.io/external-name{{}} +Add the {{}}crossplane.io/external-name{{}} annotation for the resource. This name must match the name inside the Provider. -For example, for a GCP database named +For example, for a GCP database named {{}}my-external-database{{}}, apply -the -{{}}crossplane.io/external-name{{}} -annotation with the value +the +{{}}crossplane.io/external-name{{}} +annotation with the value {{}}my-external-database{{}}. ```yaml {label="oo-ex-name",copy-lines="none"} @@ -140,10 +140,10 @@ spec: ``` ### Create a Kubernetes object name -Create a {{}}name{{}} to use for the -Kubernetes object. +Create a {{}}name{{}} to use for the +Kubernetes object. -For example, name the Kubernetes object +For example, name the Kubernetes object {{}}my-imported-database{{}}. ```yaml {label="oo-name",copy-lines="none"} @@ -159,11 +159,11 @@ spec: ### Identify a specific external resource If more than one resource inside the Provider shares the same name, identify the -specific resource with a unique -{{}}spec.forProvider{{}} field. +specific resource with a unique +{{}}spec.forProvider{{}} field. -For example, only import the GCP SQL database in the -{{}}us-central1{{}} region. +For example, only import the GCP SQL database in the +{{}}us-central1{{}} region. ```yaml {label="oo-region"} apiVersion: sql.gcp.upbound.io/v1beta1 @@ -181,7 +181,7 @@ spec: ### Apply the managed resource Apply the new managed resource. Crossplane syncs the status of the external -resource in the cloud with the newly created managed resource. +resource in the cloud with the newly created managed resource. ### View the discovered resource Crossplane discovers the managed resource and populates the @@ -229,13 +229,13 @@ status: ``` ## Control imported ObserveOnly resources - + -Crossplane can take active control of observe only imported resources by +Crossplane can take active control of observe only imported resources by changing the `managementPolicies` after import. Change the {{}}managementPolicies{{}} field -of the managed resource to +of the managed resource to {{}}["*"]{{}}. Copy any required parameter values from @@ -281,5 +281,5 @@ status: type: Synced ``` -Crossplane now fully manages the imported resource. Crossplane applies any -changes to the managed resource in the Provider's external resource. \ No newline at end of file +Crossplane now fully manages the imported resource. Crossplane applies any +changes to the managed resource in the Provider's external resource. \ No newline at end of file diff --git a/content/v1.13/_index.md b/content/v1.16/_index.md similarity index 81% rename from content/v1.13/_index.md rename to content/v1.16/_index.md index 530364b6a..79fef6bcc 100644 --- a/content/v1.13/_index.md +++ b/content/v1.16/_index.md @@ -2,20 +2,20 @@ title: "Overview" weight: -1 cascade: - version: "1.13" + version: "1.16" --- {{< img src="/media/banner.png" alt="Crossplane Popsicle Truck" size="large" >}}
-Crossplane is an open source Kubernetes extension that transforms your Kubernetes -cluster into a **universal control plane**. +Crossplane is an open source Kubernetes extension that transforms your Kubernetes +cluster into a **universal control plane**. Crossplane lets you manage anything, anywhere, all through standard Kubernetes -APIs. Crossplane can even let you -[order a pizza](https://blog.crossplane.io/providers-101-ordering-pizza-with-kubernetes-and-crossplane/) -directly from Kubernetes. If it has an API, Crossplane can connect to it. +APIs. Crossplane can even let you +[order a pizza](https://blog.crossplane.io/providers-101-ordering-pizza-with-kubernetes-and-crossplane/) +directly from Kubernetes. If it has an API, Crossplane can connect to it. With Crossplane, platform teams can create new abstractions and custom APIs with the full power of Kubernetes policies, namespaces, role based access @@ -28,21 +28,21 @@ developers. A single API call can create multiple resources, in multiple clouds and use Kubernetes as the control plane for everything. {{< hint "tip" >}} -**What's a control plane?** +**What's a control plane?** Control planes create and manage the lifecycle of resources. Control planes constantly _check_ that the intended resources exist, _report_ when the intended -state doesn't match reality and _act_ to make things right. +state doesn't match reality and _act_ to make things right. Crossplane extends the Kubernetes control plane to be a **universal control -plane** to check, report and act on any resource, anywhere. +plane** to check, report and act on any resource, anywhere. {{< /hint >}} # Get started * [Install Crossplane]({{}}) in your Kubernetes cluster -* Learn more about how Crossplane works in the +* Learn more about how Crossplane works in the [Crossplane introduction]({{}}) * Join the [Crossplane Slack](https://slack.crossplane.io/) and start a conversation with a community of over 7,000 operators. diff --git a/content/v1.16/api/_index.md b/content/v1.16/api/_index.md new file mode 100644 index 000000000..6075e613f --- /dev/null +++ b/content/v1.16/api/_index.md @@ -0,0 +1,13 @@ +--- +title: API Reference +weight: 400 +description: "API details for Crossplane's core types" +cascade: + product: crds +--- + +The Crossplane API describes the types and parameters for the core Crossplane +components. + +For details on the components read the [Concepts]({{}}) +section. \ No newline at end of file diff --git a/content/v1.16/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml b/content/v1.16/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml new file mode 100644 index 000000000..99c507489 --- /dev/null +++ b/content/v1.16/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml @@ -0,0 +1,563 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: compositeresourcedefinitions.apiextensions.crossplane.io +spec: + group: apiextensions.crossplane.io + names: + categories: + - crossplane + kind: CompositeResourceDefinition + listKind: CompositeResourceDefinitionList + plural: compositeresourcedefinitions + shortNames: + - xrd + - xrds + singular: compositeresourcedefinition + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Established')].status + name: ESTABLISHED + type: string + - jsonPath: .status.conditions[?(@.type=='Offered')].status + name: OFFERED + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1 + schema: + openAPIV3Schema: + description: |- + A CompositeResourceDefinition defines the schema for a new custom Kubernetes + API. + + + Read the Crossplane documentation for + [more information about CustomResourceDefinitions](https://docs.crossplane.io/latest/concepts/composite-resource-definitions). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CompositeResourceDefinitionSpec specifies the desired state + of the definition. + properties: + claimNames: + description: |- + ClaimNames specifies the names of an optional composite resource claim. + When claim names are specified Crossplane will create a namespaced + 'composite resource claim' CRD that corresponds to the defined composite + resource. This composite resource claim acts as a namespaced proxy for + the composite resource; creating, updating, or deleting the claim will + create, update, or delete a corresponding composite resource. You may add + claim names to an existing CompositeResourceDefinition, but they cannot + be changed or removed once they have been set. + properties: + categories: + description: |- + categories is a list of grouped resources this custom resource belongs to (e.g. 'all'). + This is published in API discovery documents, and used by clients to support invocations like + `kubectl get all`. + items: + type: string + type: array + kind: + description: |- + kind is the serialized kind of the resource. It is normally CamelCase and singular. + Custom resource instances will use this value as the `kind` attribute in API calls. + type: string + listKind: + description: listKind is the serialized kind of the list for this + resource. Defaults to "`kind`List". + type: string + plural: + description: |- + plural is the plural name of the resource to serve. + The custom resources are served under `/apis///.../`. + Must match the name of the CustomResourceDefinition (in the form `.`). + Must be all lowercase. + type: string + shortNames: + description: |- + shortNames are short names for the resource, exposed in API discovery documents, + and used by clients to support invocations like `kubectl get `. + It must be all lowercase. + items: + type: string + type: array + singular: + description: singular is the singular name of the resource. It + must be all lowercase. Defaults to lowercased `kind`. + type: string + required: + - kind + - plural + type: object + connectionSecretKeys: + description: |- + ConnectionSecretKeys is the list of keys that will be exposed to the end + user of the defined kind. + If the list is empty, all keys will be published. + items: + type: string + type: array + conversion: + description: Conversion defines all conversion settings for the defined + Composite resource. + properties: + strategy: + description: |- + strategy specifies how custom resources are converted between versions. Allowed values are: + - `"None"`: The converter only change the apiVersion and would not touch any other field in the custom resource. + - `"Webhook"`: API Server will call to an external webhook to do the conversion. Additional information + is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set. + type: string + webhook: + description: webhook describes how to call the conversion webhook. + Required when `strategy` is set to `"Webhook"`. + properties: + clientConfig: + description: clientConfig is the instructions for how to call + the webhook if strategy is `Webhook`. + properties: + caBundle: + description: |- + caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. + If unspecified, system trust roots on the apiserver are used. + format: byte + type: string + service: + description: |- + service is a reference to the service for this webhook. Either + service or url must be specified. + + + If the webhook is running within the cluster, then you should use `service`. + properties: + name: + description: |- + name is the name of the service. + Required + type: string + namespace: + description: |- + namespace is the namespace of the service. + Required + type: string + path: + description: path is an optional URL path at which + the webhook will be contacted. + type: string + port: + description: |- + port is an optional service port at which the webhook will be contacted. + `port` should be a valid port number (1-65535, inclusive). + Defaults to 443 for backward compatibility. + format: int32 + type: integer + required: + - name + - namespace + type: object + url: + description: |- + url gives the location of the webhook, in standard URL form + (`scheme://host:port/path`). Exactly one of `url` or `service` + must be specified. + + + The `host` should not refer to a service running in the cluster; use + the `service` field instead. The host might be resolved via external + DNS in some apiservers (e.g., `kube-apiserver` cannot resolve + in-cluster DNS as that would be a layering violation). `host` may + also be an IP address. + + + Please note that using `localhost` or `127.0.0.1` as a `host` is + risky unless you take great care to run this webhook on all hosts + which run an apiserver which might need to make calls to this + webhook. Such installs are likely to be non-portable, i.e., not easy + to turn up in a new cluster. + + + The scheme must be "https"; the URL must begin with "https://". + + + A path is optional, and if present may be any string permissible in + a URL. You may use the path to pass an arbitrary string to the + webhook, for example, a cluster identifier. + + + Attempting to use a user or basic auth e.g. "user:password@" is not + allowed. Fragments ("#...") and query parameters ("?...") are not + allowed, either. + type: string + type: object + conversionReviewVersions: + description: |- + conversionReviewVersions is an ordered list of preferred `ConversionReview` + versions the Webhook expects. The API server will use the first version in + the list which it supports. If none of the versions specified in this list + are supported by API server, conversion will fail for the custom resource. + If a persisted Webhook configuration specifies allowed versions and does not + include any versions known to the API Server, calls to the webhook will fail. + items: + type: string + type: array + required: + - conversionReviewVersions + type: object + required: + - strategy + type: object + defaultCompositeDeletePolicy: + default: Background + description: |- + DefaultCompositeDeletePolicy is the policy used when deleting the Composite + that is associated with the Claim if no policy has been specified. + enum: + - Background + - Foreground + type: string + defaultCompositionRef: + description: |- + DefaultCompositionRef refers to the Composition resource that will be used + in case no composition selector is given. + properties: + name: + description: Name of the Composition. + type: string + required: + - name + type: object + defaultCompositionUpdatePolicy: + default: Automatic + description: |- + DefaultCompositionUpdatePolicy is the policy used when updating composites after a new + Composition Revision has been created if no policy has been specified on the composite. + enum: + - Automatic + - Manual + type: string + enforcedCompositionRef: + description: |- + EnforcedCompositionRef refers to the Composition resource that will be used + by all composite instances whose schema is defined by this definition. + properties: + name: + description: Name of the Composition. + type: string + required: + - name + type: object + group: + description: |- + Group specifies the API group of the defined composite resource. + Composite resources are served under `/apis//...`. Must match the + name of the XRD (in the form `.`). + type: string + metadata: + description: Metadata specifies the desired metadata for the defined + composite resource and claim CRD's. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + and services. + These labels are added to the composite resource and claim CRD's in addition + to any labels defined by `CompositionResourceDefinition` `metadata.labels`. + type: object + type: object + names: + description: |- + Names specifies the resource and kind names of the defined composite + resource. + properties: + categories: + description: |- + categories is a list of grouped resources this custom resource belongs to (e.g. 'all'). + This is published in API discovery documents, and used by clients to support invocations like + `kubectl get all`. + items: + type: string + type: array + kind: + description: |- + kind is the serialized kind of the resource. It is normally CamelCase and singular. + Custom resource instances will use this value as the `kind` attribute in API calls. + type: string + listKind: + description: listKind is the serialized kind of the list for this + resource. Defaults to "`kind`List". + type: string + plural: + description: |- + plural is the plural name of the resource to serve. + The custom resources are served under `/apis///.../`. + Must match the name of the CustomResourceDefinition (in the form `.`). + Must be all lowercase. + type: string + shortNames: + description: |- + shortNames are short names for the resource, exposed in API discovery documents, + and used by clients to support invocations like `kubectl get `. + It must be all lowercase. + items: + type: string + type: array + singular: + description: singular is the singular name of the resource. It + must be all lowercase. Defaults to lowercased `kind`. + type: string + required: + - kind + - plural + type: object + versions: + description: |- + Versions is the list of all API versions of the defined composite + resource. Version names are used to compute the order in which served + versions are listed in API discovery. If the version string is + "kube-like", it will sort above non "kube-like" version strings, which + are ordered lexicographically. "Kube-like" versions start with a "v", + then are followed by a number (the major version), then optionally the + string "alpha" or "beta" and another number (the minor version). These + are sorted first by GA > beta > alpha (where GA is a version with no + suffix such as beta or alpha), and then by comparing major version, then + minor version. An example sorted list of versions: v10, v2, v1, v11beta2, + v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10. + items: + description: CompositeResourceDefinitionVersion describes a version + of an XR. + properties: + additionalPrinterColumns: + description: |- + AdditionalPrinterColumns specifies additional columns returned in Table + output. If no columns are specified, a single column displaying the age + of the custom resource is used. See the following link for details: + https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables + items: + description: CustomResourceColumnDefinition specifies a column + for server side printing. + properties: + description: + description: description is a human readable description + of this column. + type: string + format: + description: |- + format is an optional OpenAPI type definition for this column. The 'name' format is applied + to the primary identifier column to assist in clients identifying column is the resource name. + See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details. + type: string + jsonPath: + description: |- + jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against + each custom resource to produce the value for this column. + type: string + name: + description: name is a human readable name for the column. + type: string + priority: + description: |- + priority is an integer defining the relative importance of this column compared to others. Lower + numbers are considered higher priority. Columns that may be omitted in limited space scenarios + should be given a priority greater than 0. + format: int32 + type: integer + type: + description: |- + type is an OpenAPI type definition for this column. + See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details. + type: string + required: + - jsonPath + - name + - type + type: object + type: array + deprecated: + description: |- + The deprecated field specifies that this version is deprecated and should + not be used. + type: boolean + deprecationWarning: + description: |- + DeprecationWarning specifies the message that should be shown to the user + when using this version. + maxLength: 256 + type: string + name: + description: |- + Name of this version, e.g. β€œv1”, β€œv2beta1”, etc. Composite resources are + served under this version at `/apis///...` if `served` is + true. + type: string + referenceable: + description: |- + Referenceable specifies that this version may be referenced by a + Composition in order to configure which resources an XR may be composed + of. Exactly one version must be marked as referenceable; all Compositions + must target only the referenceable version. The referenceable version + must be served. It's mapped to the CRD's `spec.versions[*].storage` field. + type: boolean + schema: + description: |- + Schema describes the schema used for validation, pruning, and defaulting + of this version of the defined composite resource. Fields required by all + composite resources will be injected into this schema automatically, and + will override equivalently named fields in this schema. Omitting this + schema results in a schema that contains only the fields required by all + composite resources. + properties: + openAPIV3Schema: + description: |- + OpenAPIV3Schema is the OpenAPI v3 schema to use for validation and + pruning. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: + description: Served specifies that this version should be served + via REST APIs. + type: boolean + required: + - name + - referenceable + - served + type: object + type: array + required: + - group + - names + - versions + type: object + status: + description: CompositeResourceDefinitionStatus shows the observed state + of the definition. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controllers: + description: |- + Controllers represents the status of the controllers that power this + composite resource definition. + properties: + compositeResourceClaimType: + description: |- + The CompositeResourceClaimTypeRef is the type of composite resource claim + that Crossplane is currently reconciling for this definition. Its version + will eventually become consistent with the definition's referenceable + version. Note that clients may interact with any served type; this is + simply the type that Crossplane interacts with. + properties: + apiVersion: + description: APIVersion of the type. + type: string + kind: + description: Kind of the type. + type: string + required: + - apiVersion + - kind + type: object + compositeResourceType: + description: |- + The CompositeResourceTypeRef is the type of composite resource that + Crossplane is currently reconciling for this definition. Its version will + eventually become consistent with the definition's referenceable version. + Note that clients may interact with any served type; this is simply the + type that Crossplane interacts with. + properties: + apiVersion: + description: APIVersion of the type. + type: string + kind: + description: Kind of the type. + type: string + required: + - apiVersion + - kind + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/content/v1.16/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml b/content/v1.16/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml new file mode 100644 index 000000000..3c4b7db94 --- /dev/null +++ b/content/v1.16/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml @@ -0,0 +1,3285 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: compositionrevisions.apiextensions.crossplane.io +spec: + group: apiextensions.crossplane.io + names: + categories: + - crossplane + kind: CompositionRevision + listKind: CompositionRevisionList + plural: compositionrevisions + shortNames: + - comprev + singular: compositionrevision + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.revision + name: REVISION + type: string + - jsonPath: .spec.compositeTypeRef.kind + name: XR-KIND + type: string + - jsonPath: .spec.compositeTypeRef.apiVersion + name: XR-APIVERSION + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1 + schema: + openAPIV3Schema: + description: |- + A CompositionRevision represents a revision of a Composition. Crossplane + creates new revisions when there are changes to the Composition. + + + Crossplane creates and manages CompositionRevisions. Don't directly edit + CompositionRevisions. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + CompositionRevisionSpec specifies the desired state of the composition + revision. + properties: + compositeTypeRef: + description: |- + CompositeTypeRef specifies the type of composite resource that this + composition is compatible with. + properties: + apiVersion: + description: APIVersion of the type. + type: string + kind: + description: Kind of the type. + type: string + required: + - apiVersion + - kind + type: object + environment: + description: |- + Environment configures the environment in which resources are rendered. + + + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + properties: + defaultData: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: |- + DefaultData statically defines the initial state of the environment. + It has the same schema-less structure as the data field in + environment configs. + It is overwritten by the selected environment configs. + type: object + environmentConfigs: + description: |- + EnvironmentConfigs selects a list of `EnvironmentConfig`s. The resolved + resources are stored in the composite resource at + `spec.environmentConfigRefs` and is only updated if it is null. + + + The list of references is used to compute an in-memory environment at + compose time. The data of all object is merged in the order they are + listed, meaning the values of EnvironmentConfigs with a larger index take + priority over ones with smaller indices. + + + The computed environment can be accessed in a composition using + `FromEnvironmentFieldPath` and `CombineFromEnvironment` patches. + items: + description: EnvironmentSource selects a EnvironmentConfig resource. + properties: + ref: + description: |- + Ref is a named reference to a single EnvironmentConfig. + Either Ref or Selector is required. + properties: + name: + description: The name of the object. + type: string + required: + - name + type: object + selector: + description: Selector selects EnvironmentConfig(s) via labels. + properties: + matchLabels: + description: MatchLabels ensures an object with matching + labels is selected. + items: + description: |- + An EnvironmentSourceSelectorLabelMatcher acts like a k8s label selector but + can draw the label value from a different path. + properties: + fromFieldPathPolicy: + default: Required + description: |- + FromFieldPathPolicy specifies the policy for the valueFromFieldPath. + The default is Required, meaning that an error will be returned if the + field is not found in the composite resource. + Optional means that if the field is not found in the composite resource, + that label pair will just be skipped. N.B. other specified label + matchers will still be used to retrieve the desired + environment config, if any. + enum: + - Optional + - Required + type: string + key: + description: Key of the label to match. + type: string + type: + default: FromCompositeFieldPath + description: Type specifies where the value for + a label comes from. + enum: + - FromCompositeFieldPath + - Value + type: string + value: + description: Value specifies a literal label value. + type: string + valueFromFieldPath: + description: ValueFromFieldPath specifies the + field path to look for the label value. + type: string + required: + - key + type: object + type: array + maxMatch: + description: MaxMatch specifies the number of extracted + EnvironmentConfigs in Multiple mode, extracts all + if nil. + format: int64 + type: integer + minMatch: + description: MinMatch specifies the required minimum + of extracted EnvironmentConfigs in Multiple mode. + format: int64 + type: integer + mode: + default: Single + description: 'Mode specifies retrieval strategy: "Single" + or "Multiple".' + enum: + - Single + - Multiple + type: string + sortByFieldPath: + default: metadata.name + description: SortByFieldPath is the path to the field + based on which list of EnvironmentConfigs is alphabetically + sorted. + type: string + type: object + type: + default: Reference + description: |- + Type specifies the way the EnvironmentConfig is selected. + Default is `Reference` + enum: + - Reference + - Selector + type: string + type: object + type: array + patches: + description: |- + Patches is a list of environment patches that are executed before a + composition's resources are composed. + items: + description: EnvironmentPatch is a patch for a Composition environment. + properties: + combine: + description: |- + Combine is the patch configuration for a CombineFromComposite or + CombineToComposite patch. + properties: + strategy: + description: |- + Strategy defines the strategy to use to combine the input variable values. + Currently only string is supported. + enum: + - string + type: string + string: + description: |- + String declares that input variables should be combined into a single + string, using the relevant settings for formatting purposes. + properties: + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + required: + - fmt + type: object + variables: + description: |- + Variables are the list of variables whose values will be retrieved and + combined. + items: + description: |- + A CombineVariable defines the source of a value that is combined with + others to form and patch an output value. Currently, this only supports + retrieving values from a field path. + properties: + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the source whose value is + to be used as input. + type: string + required: + - fromFieldPath + type: object + minItems: 1 + type: array + required: + - strategy + - variables + type: object + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the resource whose value is + to be used as input. Required when type is FromCompositeFieldPath or + ToCompositeFieldPath. + type: string + policy: + description: Policy configures the specifics of patching + behaviour. + properties: + fromFieldPath: + description: |- + FromFieldPath specifies how to patch from a field path. The default is + 'Optional', which means the patch will be a no-op if the specified + fromFieldPath does not exist. Use 'Required' if the patch should fail if + the specified path does not exist. + enum: + - Optional + - Required + type: string + mergeOptions: + description: MergeOptions Specifies merge options on + a field path. + properties: + appendSlice: + description: Specifies that already existing elements + in a merged slice should be preserved + type: boolean + keepMapValues: + description: Specifies that already existing values + in a merged map should be preserved + type: boolean + type: object + type: object + toFieldPath: + description: |- + ToFieldPath is the path of the field on the resource whose value will + be changed with the result of transforms. Leave empty if you'd like to + propagate to the same path as fromFieldPath. + type: string + transforms: + description: |- + Transforms are the list of functions that are used as a FIFO pipe for the + input to be transformed. + items: + description: |- + Transform is a unit of process whose input is transformed into an output with + the supplied configuration. + properties: + convert: + description: Convert is used to cast the input into + the given output type. + properties: + format: + description: |- + The expected input format. + + + * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). + Only used during `string -> float64` conversions. + * `json` - parses the input as a JSON string. + Only used during `string -> object` or `string -> list` conversions. + + + If this property is null, the default conversion is applied. + enum: + - none + - quantity + - json + type: string + toType: + description: ToType is the type of the output + of this transform. + enum: + - string + - int + - int64 + - bool + - float64 + - object + - array + type: string + required: + - toType + type: object + map: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: Map uses the input as a key in the given + map and returns the value. + type: object + match: + description: Match is a more complex version of Map + that matches a list of patterns. + properties: + fallbackTo: + default: Value + description: Determines to what value the transform + should fallback if no pattern matches. + enum: + - Value + - Input + type: string + fallbackValue: + description: |- + The fallback value that should be returned by the transform if now pattern + matches. + x-kubernetes-preserve-unknown-fields: true + patterns: + description: |- + The patterns that should be tested against the input string. + Patterns are tested in order. The value of the first match is used as + result of this transform. + items: + description: |- + MatchTransformPattern is a transform that returns the value that matches a + pattern. + properties: + literal: + description: |- + Literal exactly matches the input string (case sensitive). + Is required if `type` is `literal`. + type: string + regexp: + description: |- + Regexp to match against the input string. + Is required if `type` is `regexp`. + type: string + result: + description: The value that is used as result + of the transform if the pattern matches. + x-kubernetes-preserve-unknown-fields: true + type: + default: literal + description: |- + Type specifies how the pattern matches the input. + + + * `literal` - the pattern value has to exactly match (case sensitive) the + input string. This is the default. + + + * `regexp` - the pattern treated as a regular expression against + which the input string is tested. Crossplane will throw an error if the + key is not a valid regexp. + enum: + - literal + - regexp + type: string + required: + - result + - type + type: object + type: array + type: object + math: + description: |- + Math is used to transform the input via mathematical operations such as + multiplication. + properties: + clampMax: + description: ClampMax makes sure that the value + is not bigger than the given value. + format: int64 + type: integer + clampMin: + description: ClampMin makes sure that the value + is not smaller than the given value. + format: int64 + type: integer + multiply: + description: Multiply the value. + format: int64 + type: integer + type: + default: Multiply + description: Type of the math transform to be + run. + enum: + - Multiply + - ClampMin + - ClampMax + type: string + type: object + string: + description: |- + String is used to transform the input into a string or a different kind + of string. Note that the input does not necessarily need to be a string. + properties: + convert: + description: |- + Optional conversion method to be specified. + `ToUpper` and `ToLower` change the letter case of the input string. + `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. + `ToJson` converts any input value into its raw JSON representation. + `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input + converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. + enum: + - ToUpper + - ToLower + - ToBase64 + - FromBase64 + - ToJson + - ToSha1 + - ToSha256 + - ToSha512 + - ToAdler32 + type: string + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + join: + description: Join defines parameters to join a + slice of values to a string. + properties: + separator: + description: |- + Separator defines the character that should separate the values from each + other in the joined string. + type: string + required: + - separator + type: object + regexp: + description: Extract a match from the input using + a regular expression. + properties: + group: + description: Group number to match. 0 (the + default) matches the entire expression. + type: integer + match: + description: |- + Match string. May optionally include submatches, aka capture groups. + See https://pkg.go.dev/regexp/ for details. + type: string + required: + - match + type: object + trim: + description: Trim the prefix or suffix from the + input + type: string + type: + default: Format + description: Type of the string transform to be + run. + enum: + - Format + - Convert + - TrimPrefix + - TrimSuffix + - Regexp + - Join + type: string + type: object + type: + description: Type of the transform to be run. + enum: + - map + - match + - math + - string + - convert + type: string + required: + - type + type: object + type: array + type: + default: FromCompositeFieldPath + description: |- + Type sets the patching behaviour to be used. Each patch type may require + its own fields to be set on the Patch object. + enum: + - FromCompositeFieldPath + - ToCompositeFieldPath + - CombineFromComposite + - CombineToComposite + type: string + type: object + type: array + policy: + description: |- + Policy represents the Resolve and Resolution policies which apply to + all EnvironmentSourceReferences in EnvironmentConfigs list. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + mode: + default: Resources + description: |- + Mode controls what type or "mode" of Composition will be used. + + + "Resources" (the default) indicates that a Composition uses what is + commonly referred to as "Patch & Transform" or P&T composition. This mode + of Composition uses an array of resources, each a template for a composed + resource. + + + "Pipeline" indicates that a Composition specifies a pipeline + of Composition Functions, each of which is responsible for producing + composed resources that Crossplane should create or update. THE PIPELINE + MODE IS A BETA FEATURE. It is not honored if the relevant Crossplane + feature flag is disabled. + enum: + - Resources + - Pipeline + type: string + patchSets: + description: |- + PatchSets define a named set of patches that may be included by any + resource in this Composition. PatchSets cannot themselves refer to other + PatchSets. + + + PatchSets are only used by the "Resources" mode of Composition. They + are ignored by other modes. + items: + description: |- + A PatchSet is a set of patches that can be reused from all resources within + a Composition. + properties: + name: + description: Name of this PatchSet. + type: string + patches: + description: Patches will be applied as an overlay to the base + resource. + items: + description: |- + Patch objects are applied between composite and composed resources. Their + behaviour depends on the Type selected. The default Type, + FromCompositeFieldPath, copies a value from the composite resource to + the composed resource, applying any defined transformers. + properties: + combine: + description: |- + Combine is the patch configuration for a CombineFromComposite, + CombineFromEnvironment, CombineToComposite or CombineToEnvironment patch. + properties: + strategy: + description: |- + Strategy defines the strategy to use to combine the input variable values. + Currently only string is supported. + enum: + - string + type: string + string: + description: |- + String declares that input variables should be combined into a single + string, using the relevant settings for formatting purposes. + properties: + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + required: + - fmt + type: object + variables: + description: |- + Variables are the list of variables whose values will be retrieved and + combined. + items: + description: |- + A CombineVariable defines the source of a value that is combined with + others to form and patch an output value. Currently, this only supports + retrieving values from a field path. + properties: + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the source whose value is + to be used as input. + type: string + required: + - fromFieldPath + type: object + minItems: 1 + type: array + required: + - strategy + - variables + type: object + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the resource whose value is + to be used as input. Required when type is FromCompositeFieldPath, + FromEnvironmentFieldPath, ToCompositeFieldPath, ToEnvironmentFieldPath. + type: string + patchSetName: + description: PatchSetName to include patches from. Required + when type is PatchSet. + type: string + policy: + description: Policy configures the specifics of patching + behaviour. + properties: + fromFieldPath: + description: |- + FromFieldPath specifies how to patch from a field path. The default is + 'Optional', which means the patch will be a no-op if the specified + fromFieldPath does not exist. Use 'Required' if the patch should fail if + the specified path does not exist. + enum: + - Optional + - Required + type: string + mergeOptions: + description: MergeOptions Specifies merge options + on a field path. + properties: + appendSlice: + description: Specifies that already existing elements + in a merged slice should be preserved + type: boolean + keepMapValues: + description: Specifies that already existing values + in a merged map should be preserved + type: boolean + type: object + type: object + toFieldPath: + description: |- + ToFieldPath is the path of the field on the resource whose value will + be changed with the result of transforms. Leave empty if you'd like to + propagate to the same path as fromFieldPath. + type: string + transforms: + description: |- + Transforms are the list of functions that are used as a FIFO pipe for the + input to be transformed. + items: + description: |- + Transform is a unit of process whose input is transformed into an output with + the supplied configuration. + properties: + convert: + description: Convert is used to cast the input into + the given output type. + properties: + format: + description: |- + The expected input format. + + + * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). + Only used during `string -> float64` conversions. + * `json` - parses the input as a JSON string. + Only used during `string -> object` or `string -> list` conversions. + + + If this property is null, the default conversion is applied. + enum: + - none + - quantity + - json + type: string + toType: + description: ToType is the type of the output + of this transform. + enum: + - string + - int + - int64 + - bool + - float64 + - object + - array + type: string + required: + - toType + type: object + map: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: Map uses the input as a key in the + given map and returns the value. + type: object + match: + description: Match is a more complex version of + Map that matches a list of patterns. + properties: + fallbackTo: + default: Value + description: Determines to what value the transform + should fallback if no pattern matches. + enum: + - Value + - Input + type: string + fallbackValue: + description: |- + The fallback value that should be returned by the transform if now pattern + matches. + x-kubernetes-preserve-unknown-fields: true + patterns: + description: |- + The patterns that should be tested against the input string. + Patterns are tested in order. The value of the first match is used as + result of this transform. + items: + description: |- + MatchTransformPattern is a transform that returns the value that matches a + pattern. + properties: + literal: + description: |- + Literal exactly matches the input string (case sensitive). + Is required if `type` is `literal`. + type: string + regexp: + description: |- + Regexp to match against the input string. + Is required if `type` is `regexp`. + type: string + result: + description: The value that is used as + result of the transform if the pattern + matches. + x-kubernetes-preserve-unknown-fields: true + type: + default: literal + description: |- + Type specifies how the pattern matches the input. + + + * `literal` - the pattern value has to exactly match (case sensitive) the + input string. This is the default. + + + * `regexp` - the pattern treated as a regular expression against + which the input string is tested. Crossplane will throw an error if the + key is not a valid regexp. + enum: + - literal + - regexp + type: string + required: + - result + - type + type: object + type: array + type: object + math: + description: |- + Math is used to transform the input via mathematical operations such as + multiplication. + properties: + clampMax: + description: ClampMax makes sure that the value + is not bigger than the given value. + format: int64 + type: integer + clampMin: + description: ClampMin makes sure that the value + is not smaller than the given value. + format: int64 + type: integer + multiply: + description: Multiply the value. + format: int64 + type: integer + type: + default: Multiply + description: Type of the math transform to be + run. + enum: + - Multiply + - ClampMin + - ClampMax + type: string + type: object + string: + description: |- + String is used to transform the input into a string or a different kind + of string. Note that the input does not necessarily need to be a string. + properties: + convert: + description: |- + Optional conversion method to be specified. + `ToUpper` and `ToLower` change the letter case of the input string. + `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. + `ToJson` converts any input value into its raw JSON representation. + `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input + converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. + enum: + - ToUpper + - ToLower + - ToBase64 + - FromBase64 + - ToJson + - ToSha1 + - ToSha256 + - ToSha512 + - ToAdler32 + type: string + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + join: + description: Join defines parameters to join + a slice of values to a string. + properties: + separator: + description: |- + Separator defines the character that should separate the values from each + other in the joined string. + type: string + required: + - separator + type: object + regexp: + description: Extract a match from the input + using a regular expression. + properties: + group: + description: Group number to match. 0 (the + default) matches the entire expression. + type: integer + match: + description: |- + Match string. May optionally include submatches, aka capture groups. + See https://pkg.go.dev/regexp/ for details. + type: string + required: + - match + type: object + trim: + description: Trim the prefix or suffix from + the input + type: string + type: + default: Format + description: Type of the string transform to + be run. + enum: + - Format + - Convert + - TrimPrefix + - TrimSuffix + - Regexp + - Join + type: string + type: object + type: + description: Type of the transform to be run. + enum: + - map + - match + - math + - string + - convert + type: string + required: + - type + type: object + type: array + type: + default: FromCompositeFieldPath + description: |- + Type sets the patching behaviour to be used. Each patch type may require + its own fields to be set on the Patch object. + enum: + - FromCompositeFieldPath + - FromEnvironmentFieldPath + - PatchSet + - ToCompositeFieldPath + - ToEnvironmentFieldPath + - CombineFromEnvironment + - CombineFromComposite + - CombineToComposite + - CombineToEnvironment + type: string + type: object + type: array + required: + - name + - patches + type: object + type: array + pipeline: + description: |- + Pipeline is a list of composition function steps that will be used when a + composite resource referring to this composition is created. One of + resources and pipeline must be specified - you cannot specify both. + + + The Pipeline is only used by the "Pipeline" mode of Composition. It is + ignored by other modes. + + + THIS IS A BETA FIELD. It is not honored if the relevant Crossplane + feature flag is disabled. + items: + description: A PipelineStep in a Composition Function pipeline. + properties: + credentials: + description: Credentials are optional credentials that the Composition + Function needs. + items: + description: |- + FunctionCredentials are optional credentials that a Composition Function + needs to run. + properties: + name: + description: Name of this set of credentials. + type: string + secretRef: + description: |- + A SecretRef is a reference to a secret containing credentials that should + be supplied to the function. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + source: + description: Source of the function credentials. + enum: + - None + - Secret + type: string + required: + - name + - source + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + functionRef: + description: |- + FunctionRef is a reference to the Composition Function this step should + execute. + properties: + name: + description: Name of the referenced Function. + type: string + required: + - name + type: object + input: + description: |- + Input is an optional, arbitrary Kubernetes resource (i.e. a resource + with an apiVersion and kind) that will be passed to the Composition + Function as the 'input' of its RunFunctionRequest. + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + step: + description: Step name. Must be unique within its Pipeline. + type: string + required: + - functionRef + - step + type: object + type: array + publishConnectionDetailsWithStoreConfigRef: + default: + name: default + description: |- + PublishConnectionDetailsWithStoreConfig specifies the secret store config + with which the connection details of composite resources dynamically + provisioned using this composition will be published. + + + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + properties: + name: + description: Name of the referenced StoreConfig. + type: string + required: + - name + type: object + resources: + description: |- + Resources is a list of resource templates that will be used when a + composite resource referring to this composition is created. + + + Resources are only used by the "Resources" mode of Composition. They are + ignored by other modes. + items: + description: |- + ComposedTemplate is used to provide information about how the composed resource + should be processed. + properties: + base: + description: Base is the target resource that the patches will + be applied on. + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + connectionDetails: + description: |- + ConnectionDetails lists the propagation secret keys from this target + resource to the composition instance connection secret. + items: + description: |- + ConnectionDetail includes the information about the propagation of the connection + information from one secret to another. + properties: + fromConnectionSecretKey: + description: |- + FromConnectionSecretKey is the key that will be used to fetch the value + from the composed resource's connection secret. + type: string + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the composed resource whose + value to be used as input. Name must be specified if the type is + FromFieldPath. + type: string + name: + description: |- + Name of the connection secret key that will be propagated to the + connection secret of the composition instance. Leave empty if you'd like + to use the same key name. + type: string + type: + description: |- + Type sets the connection detail fetching behaviour to be used. Each + connection detail type may require its own fields to be set on the + ConnectionDetail object. If the type is omitted Crossplane will attempt + to infer it based on which other fields were specified. If multiple + fields are specified the order of precedence is: + 1. FromValue + 2. FromConnectionSecretKey + 3. FromFieldPath + enum: + - FromConnectionSecretKey + - FromFieldPath + - FromValue + type: string + value: + description: |- + Value that will be propagated to the connection secret of the composite + resource. May be set to inject a fixed, non-sensitive connection secret + value, for example a well-known port. + type: string + type: object + type: array + name: + description: |- + A Name uniquely identifies this entry within its Composition's resources + array. Names are optional but *strongly* recommended. When all entries in + the resources array are named entries may added, deleted, and reordered + as long as their names do not change. When entries are not named the + length and order of the resources array should be treated as immutable. + Either all or no entries must be named. + type: string + patches: + description: Patches will be applied as overlay to the base + resource. + items: + description: |- + Patch objects are applied between composite and composed resources. Their + behaviour depends on the Type selected. The default Type, + FromCompositeFieldPath, copies a value from the composite resource to + the composed resource, applying any defined transformers. + properties: + combine: + description: |- + Combine is the patch configuration for a CombineFromComposite, + CombineFromEnvironment, CombineToComposite or CombineToEnvironment patch. + properties: + strategy: + description: |- + Strategy defines the strategy to use to combine the input variable values. + Currently only string is supported. + enum: + - string + type: string + string: + description: |- + String declares that input variables should be combined into a single + string, using the relevant settings for formatting purposes. + properties: + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + required: + - fmt + type: object + variables: + description: |- + Variables are the list of variables whose values will be retrieved and + combined. + items: + description: |- + A CombineVariable defines the source of a value that is combined with + others to form and patch an output value. Currently, this only supports + retrieving values from a field path. + properties: + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the source whose value is + to be used as input. + type: string + required: + - fromFieldPath + type: object + minItems: 1 + type: array + required: + - strategy + - variables + type: object + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the resource whose value is + to be used as input. Required when type is FromCompositeFieldPath, + FromEnvironmentFieldPath, ToCompositeFieldPath, ToEnvironmentFieldPath. + type: string + patchSetName: + description: PatchSetName to include patches from. Required + when type is PatchSet. + type: string + policy: + description: Policy configures the specifics of patching + behaviour. + properties: + fromFieldPath: + description: |- + FromFieldPath specifies how to patch from a field path. The default is + 'Optional', which means the patch will be a no-op if the specified + fromFieldPath does not exist. Use 'Required' if the patch should fail if + the specified path does not exist. + enum: + - Optional + - Required + type: string + mergeOptions: + description: MergeOptions Specifies merge options + on a field path. + properties: + appendSlice: + description: Specifies that already existing elements + in a merged slice should be preserved + type: boolean + keepMapValues: + description: Specifies that already existing values + in a merged map should be preserved + type: boolean + type: object + type: object + toFieldPath: + description: |- + ToFieldPath is the path of the field on the resource whose value will + be changed with the result of transforms. Leave empty if you'd like to + propagate to the same path as fromFieldPath. + type: string + transforms: + description: |- + Transforms are the list of functions that are used as a FIFO pipe for the + input to be transformed. + items: + description: |- + Transform is a unit of process whose input is transformed into an output with + the supplied configuration. + properties: + convert: + description: Convert is used to cast the input into + the given output type. + properties: + format: + description: |- + The expected input format. + + + * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). + Only used during `string -> float64` conversions. + * `json` - parses the input as a JSON string. + Only used during `string -> object` or `string -> list` conversions. + + + If this property is null, the default conversion is applied. + enum: + - none + - quantity + - json + type: string + toType: + description: ToType is the type of the output + of this transform. + enum: + - string + - int + - int64 + - bool + - float64 + - object + - array + type: string + required: + - toType + type: object + map: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: Map uses the input as a key in the + given map and returns the value. + type: object + match: + description: Match is a more complex version of + Map that matches a list of patterns. + properties: + fallbackTo: + default: Value + description: Determines to what value the transform + should fallback if no pattern matches. + enum: + - Value + - Input + type: string + fallbackValue: + description: |- + The fallback value that should be returned by the transform if now pattern + matches. + x-kubernetes-preserve-unknown-fields: true + patterns: + description: |- + The patterns that should be tested against the input string. + Patterns are tested in order. The value of the first match is used as + result of this transform. + items: + description: |- + MatchTransformPattern is a transform that returns the value that matches a + pattern. + properties: + literal: + description: |- + Literal exactly matches the input string (case sensitive). + Is required if `type` is `literal`. + type: string + regexp: + description: |- + Regexp to match against the input string. + Is required if `type` is `regexp`. + type: string + result: + description: The value that is used as + result of the transform if the pattern + matches. + x-kubernetes-preserve-unknown-fields: true + type: + default: literal + description: |- + Type specifies how the pattern matches the input. + + + * `literal` - the pattern value has to exactly match (case sensitive) the + input string. This is the default. + + + * `regexp` - the pattern treated as a regular expression against + which the input string is tested. Crossplane will throw an error if the + key is not a valid regexp. + enum: + - literal + - regexp + type: string + required: + - result + - type + type: object + type: array + type: object + math: + description: |- + Math is used to transform the input via mathematical operations such as + multiplication. + properties: + clampMax: + description: ClampMax makes sure that the value + is not bigger than the given value. + format: int64 + type: integer + clampMin: + description: ClampMin makes sure that the value + is not smaller than the given value. + format: int64 + type: integer + multiply: + description: Multiply the value. + format: int64 + type: integer + type: + default: Multiply + description: Type of the math transform to be + run. + enum: + - Multiply + - ClampMin + - ClampMax + type: string + type: object + string: + description: |- + String is used to transform the input into a string or a different kind + of string. Note that the input does not necessarily need to be a string. + properties: + convert: + description: |- + Optional conversion method to be specified. + `ToUpper` and `ToLower` change the letter case of the input string. + `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. + `ToJson` converts any input value into its raw JSON representation. + `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input + converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. + enum: + - ToUpper + - ToLower + - ToBase64 + - FromBase64 + - ToJson + - ToSha1 + - ToSha256 + - ToSha512 + - ToAdler32 + type: string + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + join: + description: Join defines parameters to join + a slice of values to a string. + properties: + separator: + description: |- + Separator defines the character that should separate the values from each + other in the joined string. + type: string + required: + - separator + type: object + regexp: + description: Extract a match from the input + using a regular expression. + properties: + group: + description: Group number to match. 0 (the + default) matches the entire expression. + type: integer + match: + description: |- + Match string. May optionally include submatches, aka capture groups. + See https://pkg.go.dev/regexp/ for details. + type: string + required: + - match + type: object + trim: + description: Trim the prefix or suffix from + the input + type: string + type: + default: Format + description: Type of the string transform to + be run. + enum: + - Format + - Convert + - TrimPrefix + - TrimSuffix + - Regexp + - Join + type: string + type: object + type: + description: Type of the transform to be run. + enum: + - map + - match + - math + - string + - convert + type: string + required: + - type + type: object + type: array + type: + default: FromCompositeFieldPath + description: |- + Type sets the patching behaviour to be used. Each patch type may require + its own fields to be set on the Patch object. + enum: + - FromCompositeFieldPath + - FromEnvironmentFieldPath + - PatchSet + - ToCompositeFieldPath + - ToEnvironmentFieldPath + - CombineFromEnvironment + - CombineFromComposite + - CombineToComposite + - CombineToEnvironment + type: string + type: object + type: array + readinessChecks: + default: + - matchCondition: + status: "True" + type: Ready + type: MatchCondition + description: |- + ReadinessChecks allows users to define custom readiness checks. All checks + have to return true in order for resource to be considered ready. The + default readiness check is to have the "Ready" condition to be "True". + items: + description: |- + ReadinessCheck is used to indicate how to tell whether a resource is ready + for consumption. + properties: + fieldPath: + description: FieldPath shows the path of the field whose + value will be used. + type: string + matchCondition: + description: MatchCondition specifies the condition you'd + like to match if you're using "MatchCondition" type. + properties: + status: + default: "True" + description: Status is the status of the condition + you'd like to match. + type: string + type: + default: Ready + description: Type indicates the type of condition + you'd like to use. + type: string + required: + - status + - type + type: object + matchInteger: + description: MatchInt is the value you'd like to match + if you're using "MatchInt" type. + format: int64 + type: integer + matchString: + description: MatchString is the value you'd like to match + if you're using "MatchString" type. + type: string + type: + description: Type indicates the type of probe you'd like + to use. + enum: + - MatchString + - MatchInteger + - NonEmpty + - MatchCondition + - MatchTrue + - MatchFalse + - None + type: string + required: + - type + type: object + type: array + required: + - base + type: object + type: array + revision: + description: Revision number. Newer revisions have larger numbers. + format: int64 + type: integer + writeConnectionSecretsToNamespace: + description: |- + WriteConnectionSecretsToNamespace specifies the namespace in which the + connection secrets of composite resource dynamically provisioned using + this composition will be created. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsWithStoreConfigRef. Currently, both could be + set independently and connection details would be published to both + without affecting each other as long as related fields at MR level + specified. + type: string + required: + - compositeTypeRef + - revision + type: object + status: + description: |- + CompositionRevisionStatus shows the observed state of the composition + revision. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.revision + name: REVISION + type: string + - jsonPath: .spec.compositeTypeRef.kind + name: XR-KIND + type: string + - jsonPath: .spec.compositeTypeRef.apiVersion + name: XR-APIVERSION + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + A CompositionRevision represents a revision of a Composition. Crossplane + creates new revisions when there are changes to the Composition. + + + Crossplane creates and manages CompositionRevisions. Don't directly edit + CompositionRevisions. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + CompositionRevisionSpec specifies the desired state of the composition + revision. + properties: + compositeTypeRef: + description: |- + CompositeTypeRef specifies the type of composite resource that this + composition is compatible with. + properties: + apiVersion: + description: APIVersion of the type. + type: string + kind: + description: Kind of the type. + type: string + required: + - apiVersion + - kind + type: object + environment: + description: |- + Environment configures the environment in which resources are rendered. + + + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + properties: + defaultData: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: |- + DefaultData statically defines the initial state of the environment. + It has the same schema-less structure as the data field in + environment configs. + It is overwritten by the selected environment configs. + type: object + environmentConfigs: + description: |- + EnvironmentConfigs selects a list of `EnvironmentConfig`s. The resolved + resources are stored in the composite resource at + `spec.environmentConfigRefs` and is only updated if it is null. + + + The list of references is used to compute an in-memory environment at + compose time. The data of all object is merged in the order they are + listed, meaning the values of EnvironmentConfigs with a larger index take + priority over ones with smaller indices. + + + The computed environment can be accessed in a composition using + `FromEnvironmentFieldPath` and `CombineFromEnvironment` patches. + items: + description: EnvironmentSource selects a EnvironmentConfig resource. + properties: + ref: + description: |- + Ref is a named reference to a single EnvironmentConfig. + Either Ref or Selector is required. + properties: + name: + description: The name of the object. + type: string + required: + - name + type: object + selector: + description: Selector selects EnvironmentConfig(s) via labels. + properties: + matchLabels: + description: MatchLabels ensures an object with matching + labels is selected. + items: + description: |- + An EnvironmentSourceSelectorLabelMatcher acts like a k8s label selector but + can draw the label value from a different path. + properties: + fromFieldPathPolicy: + default: Required + description: |- + FromFieldPathPolicy specifies the policy for the valueFromFieldPath. + The default is Required, meaning that an error will be returned if the + field is not found in the composite resource. + Optional means that if the field is not found in the composite resource, + that label pair will just be skipped. N.B. other specified label + matchers will still be used to retrieve the desired + environment config, if any. + enum: + - Optional + - Required + type: string + key: + description: Key of the label to match. + type: string + type: + default: FromCompositeFieldPath + description: Type specifies where the value for + a label comes from. + enum: + - FromCompositeFieldPath + - Value + type: string + value: + description: Value specifies a literal label value. + type: string + valueFromFieldPath: + description: ValueFromFieldPath specifies the + field path to look for the label value. + type: string + required: + - key + type: object + type: array + maxMatch: + description: MaxMatch specifies the number of extracted + EnvironmentConfigs in Multiple mode, extracts all + if nil. + format: int64 + type: integer + minMatch: + description: MinMatch specifies the required minimum + of extracted EnvironmentConfigs in Multiple mode. + format: int64 + type: integer + mode: + default: Single + description: 'Mode specifies retrieval strategy: "Single" + or "Multiple".' + enum: + - Single + - Multiple + type: string + sortByFieldPath: + default: metadata.name + description: SortByFieldPath is the path to the field + based on which list of EnvironmentConfigs is alphabetically + sorted. + type: string + type: object + type: + default: Reference + description: |- + Type specifies the way the EnvironmentConfig is selected. + Default is `Reference` + enum: + - Reference + - Selector + type: string + type: object + type: array + patches: + description: |- + Patches is a list of environment patches that are executed before a + composition's resources are composed. + items: + description: EnvironmentPatch is a patch for a Composition environment. + properties: + combine: + description: |- + Combine is the patch configuration for a CombineFromComposite or + CombineToComposite patch. + properties: + strategy: + description: |- + Strategy defines the strategy to use to combine the input variable values. + Currently only string is supported. + enum: + - string + type: string + string: + description: |- + String declares that input variables should be combined into a single + string, using the relevant settings for formatting purposes. + properties: + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + required: + - fmt + type: object + variables: + description: |- + Variables are the list of variables whose values will be retrieved and + combined. + items: + description: |- + A CombineVariable defines the source of a value that is combined with + others to form and patch an output value. Currently, this only supports + retrieving values from a field path. + properties: + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the source whose value is + to be used as input. + type: string + required: + - fromFieldPath + type: object + minItems: 1 + type: array + required: + - strategy + - variables + type: object + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the resource whose value is + to be used as input. Required when type is FromCompositeFieldPath or + ToCompositeFieldPath. + type: string + policy: + description: Policy configures the specifics of patching + behaviour. + properties: + fromFieldPath: + description: |- + FromFieldPath specifies how to patch from a field path. The default is + 'Optional', which means the patch will be a no-op if the specified + fromFieldPath does not exist. Use 'Required' if the patch should fail if + the specified path does not exist. + enum: + - Optional + - Required + type: string + mergeOptions: + description: MergeOptions Specifies merge options on + a field path. + properties: + appendSlice: + description: Specifies that already existing elements + in a merged slice should be preserved + type: boolean + keepMapValues: + description: Specifies that already existing values + in a merged map should be preserved + type: boolean + type: object + type: object + toFieldPath: + description: |- + ToFieldPath is the path of the field on the resource whose value will + be changed with the result of transforms. Leave empty if you'd like to + propagate to the same path as fromFieldPath. + type: string + transforms: + description: |- + Transforms are the list of functions that are used as a FIFO pipe for the + input to be transformed. + items: + description: |- + Transform is a unit of process whose input is transformed into an output with + the supplied configuration. + properties: + convert: + description: Convert is used to cast the input into + the given output type. + properties: + format: + description: |- + The expected input format. + + + * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). + Only used during `string -> float64` conversions. + * `json` - parses the input as a JSON string. + Only used during `string -> object` or `string -> list` conversions. + + + If this property is null, the default conversion is applied. + enum: + - none + - quantity + - json + type: string + toType: + description: ToType is the type of the output + of this transform. + enum: + - string + - int + - int64 + - bool + - float64 + - object + - array + type: string + required: + - toType + type: object + map: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: Map uses the input as a key in the given + map and returns the value. + type: object + match: + description: Match is a more complex version of Map + that matches a list of patterns. + properties: + fallbackTo: + default: Value + description: Determines to what value the transform + should fallback if no pattern matches. + enum: + - Value + - Input + type: string + fallbackValue: + description: |- + The fallback value that should be returned by the transform if now pattern + matches. + x-kubernetes-preserve-unknown-fields: true + patterns: + description: |- + The patterns that should be tested against the input string. + Patterns are tested in order. The value of the first match is used as + result of this transform. + items: + description: |- + MatchTransformPattern is a transform that returns the value that matches a + pattern. + properties: + literal: + description: |- + Literal exactly matches the input string (case sensitive). + Is required if `type` is `literal`. + type: string + regexp: + description: |- + Regexp to match against the input string. + Is required if `type` is `regexp`. + type: string + result: + description: The value that is used as result + of the transform if the pattern matches. + x-kubernetes-preserve-unknown-fields: true + type: + default: literal + description: |- + Type specifies how the pattern matches the input. + + + * `literal` - the pattern value has to exactly match (case sensitive) the + input string. This is the default. + + + * `regexp` - the pattern treated as a regular expression against + which the input string is tested. Crossplane will throw an error if the + key is not a valid regexp. + enum: + - literal + - regexp + type: string + required: + - result + - type + type: object + type: array + type: object + math: + description: |- + Math is used to transform the input via mathematical operations such as + multiplication. + properties: + clampMax: + description: ClampMax makes sure that the value + is not bigger than the given value. + format: int64 + type: integer + clampMin: + description: ClampMin makes sure that the value + is not smaller than the given value. + format: int64 + type: integer + multiply: + description: Multiply the value. + format: int64 + type: integer + type: + default: Multiply + description: Type of the math transform to be + run. + enum: + - Multiply + - ClampMin + - ClampMax + type: string + type: object + string: + description: |- + String is used to transform the input into a string or a different kind + of string. Note that the input does not necessarily need to be a string. + properties: + convert: + description: |- + Optional conversion method to be specified. + `ToUpper` and `ToLower` change the letter case of the input string. + `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. + `ToJson` converts any input value into its raw JSON representation. + `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input + converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. + enum: + - ToUpper + - ToLower + - ToBase64 + - FromBase64 + - ToJson + - ToSha1 + - ToSha256 + - ToSha512 + - ToAdler32 + type: string + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + join: + description: Join defines parameters to join a + slice of values to a string. + properties: + separator: + description: |- + Separator defines the character that should separate the values from each + other in the joined string. + type: string + required: + - separator + type: object + regexp: + description: Extract a match from the input using + a regular expression. + properties: + group: + description: Group number to match. 0 (the + default) matches the entire expression. + type: integer + match: + description: |- + Match string. May optionally include submatches, aka capture groups. + See https://pkg.go.dev/regexp/ for details. + type: string + required: + - match + type: object + trim: + description: Trim the prefix or suffix from the + input + type: string + type: + default: Format + description: Type of the string transform to be + run. + enum: + - Format + - Convert + - TrimPrefix + - TrimSuffix + - Regexp + - Join + type: string + type: object + type: + description: Type of the transform to be run. + enum: + - map + - match + - math + - string + - convert + type: string + required: + - type + type: object + type: array + type: + default: FromCompositeFieldPath + description: |- + Type sets the patching behaviour to be used. Each patch type may require + its own fields to be set on the Patch object. + enum: + - FromCompositeFieldPath + - ToCompositeFieldPath + - CombineFromComposite + - CombineToComposite + type: string + type: object + type: array + policy: + description: |- + Policy represents the Resolve and Resolution policies which apply to + all EnvironmentSourceReferences in EnvironmentConfigs list. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + mode: + default: Resources + description: |- + Mode controls what type or "mode" of Composition will be used. + + + "Resources" (the default) indicates that a Composition uses what is + commonly referred to as "Patch & Transform" or P&T composition. This mode + of Composition uses an array of resources, each a template for a composed + resource. + + + "Pipeline" indicates that a Composition specifies a pipeline + of Composition Functions, each of which is responsible for producing + composed resources that Crossplane should create or update. THE PIPELINE + MODE IS A BETA FEATURE. It is not honored if the relevant Crossplane + feature flag is disabled. + enum: + - Resources + - Pipeline + type: string + patchSets: + description: |- + PatchSets define a named set of patches that may be included by any + resource in this Composition. PatchSets cannot themselves refer to other + PatchSets. + + + PatchSets are only used by the "Resources" mode of Composition. They + are ignored by other modes. + items: + description: |- + A PatchSet is a set of patches that can be reused from all resources within + a Composition. + properties: + name: + description: Name of this PatchSet. + type: string + patches: + description: Patches will be applied as an overlay to the base + resource. + items: + description: |- + Patch objects are applied between composite and composed resources. Their + behaviour depends on the Type selected. The default Type, + FromCompositeFieldPath, copies a value from the composite resource to + the composed resource, applying any defined transformers. + properties: + combine: + description: |- + Combine is the patch configuration for a CombineFromComposite, + CombineFromEnvironment, CombineToComposite or CombineToEnvironment patch. + properties: + strategy: + description: |- + Strategy defines the strategy to use to combine the input variable values. + Currently only string is supported. + enum: + - string + type: string + string: + description: |- + String declares that input variables should be combined into a single + string, using the relevant settings for formatting purposes. + properties: + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + required: + - fmt + type: object + variables: + description: |- + Variables are the list of variables whose values will be retrieved and + combined. + items: + description: |- + A CombineVariable defines the source of a value that is combined with + others to form and patch an output value. Currently, this only supports + retrieving values from a field path. + properties: + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the source whose value is + to be used as input. + type: string + required: + - fromFieldPath + type: object + minItems: 1 + type: array + required: + - strategy + - variables + type: object + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the resource whose value is + to be used as input. Required when type is FromCompositeFieldPath, + FromEnvironmentFieldPath, ToCompositeFieldPath, ToEnvironmentFieldPath. + type: string + patchSetName: + description: PatchSetName to include patches from. Required + when type is PatchSet. + type: string + policy: + description: Policy configures the specifics of patching + behaviour. + properties: + fromFieldPath: + description: |- + FromFieldPath specifies how to patch from a field path. The default is + 'Optional', which means the patch will be a no-op if the specified + fromFieldPath does not exist. Use 'Required' if the patch should fail if + the specified path does not exist. + enum: + - Optional + - Required + type: string + mergeOptions: + description: MergeOptions Specifies merge options + on a field path. + properties: + appendSlice: + description: Specifies that already existing elements + in a merged slice should be preserved + type: boolean + keepMapValues: + description: Specifies that already existing values + in a merged map should be preserved + type: boolean + type: object + type: object + toFieldPath: + description: |- + ToFieldPath is the path of the field on the resource whose value will + be changed with the result of transforms. Leave empty if you'd like to + propagate to the same path as fromFieldPath. + type: string + transforms: + description: |- + Transforms are the list of functions that are used as a FIFO pipe for the + input to be transformed. + items: + description: |- + Transform is a unit of process whose input is transformed into an output with + the supplied configuration. + properties: + convert: + description: Convert is used to cast the input into + the given output type. + properties: + format: + description: |- + The expected input format. + + + * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). + Only used during `string -> float64` conversions. + * `json` - parses the input as a JSON string. + Only used during `string -> object` or `string -> list` conversions. + + + If this property is null, the default conversion is applied. + enum: + - none + - quantity + - json + type: string + toType: + description: ToType is the type of the output + of this transform. + enum: + - string + - int + - int64 + - bool + - float64 + - object + - array + type: string + required: + - toType + type: object + map: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: Map uses the input as a key in the + given map and returns the value. + type: object + match: + description: Match is a more complex version of + Map that matches a list of patterns. + properties: + fallbackTo: + default: Value + description: Determines to what value the transform + should fallback if no pattern matches. + enum: + - Value + - Input + type: string + fallbackValue: + description: |- + The fallback value that should be returned by the transform if now pattern + matches. + x-kubernetes-preserve-unknown-fields: true + patterns: + description: |- + The patterns that should be tested against the input string. + Patterns are tested in order. The value of the first match is used as + result of this transform. + items: + description: |- + MatchTransformPattern is a transform that returns the value that matches a + pattern. + properties: + literal: + description: |- + Literal exactly matches the input string (case sensitive). + Is required if `type` is `literal`. + type: string + regexp: + description: |- + Regexp to match against the input string. + Is required if `type` is `regexp`. + type: string + result: + description: The value that is used as + result of the transform if the pattern + matches. + x-kubernetes-preserve-unknown-fields: true + type: + default: literal + description: |- + Type specifies how the pattern matches the input. + + + * `literal` - the pattern value has to exactly match (case sensitive) the + input string. This is the default. + + + * `regexp` - the pattern treated as a regular expression against + which the input string is tested. Crossplane will throw an error if the + key is not a valid regexp. + enum: + - literal + - regexp + type: string + required: + - result + - type + type: object + type: array + type: object + math: + description: |- + Math is used to transform the input via mathematical operations such as + multiplication. + properties: + clampMax: + description: ClampMax makes sure that the value + is not bigger than the given value. + format: int64 + type: integer + clampMin: + description: ClampMin makes sure that the value + is not smaller than the given value. + format: int64 + type: integer + multiply: + description: Multiply the value. + format: int64 + type: integer + type: + default: Multiply + description: Type of the math transform to be + run. + enum: + - Multiply + - ClampMin + - ClampMax + type: string + type: object + string: + description: |- + String is used to transform the input into a string or a different kind + of string. Note that the input does not necessarily need to be a string. + properties: + convert: + description: |- + Optional conversion method to be specified. + `ToUpper` and `ToLower` change the letter case of the input string. + `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. + `ToJson` converts any input value into its raw JSON representation. + `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input + converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. + enum: + - ToUpper + - ToLower + - ToBase64 + - FromBase64 + - ToJson + - ToSha1 + - ToSha256 + - ToSha512 + - ToAdler32 + type: string + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + join: + description: Join defines parameters to join + a slice of values to a string. + properties: + separator: + description: |- + Separator defines the character that should separate the values from each + other in the joined string. + type: string + required: + - separator + type: object + regexp: + description: Extract a match from the input + using a regular expression. + properties: + group: + description: Group number to match. 0 (the + default) matches the entire expression. + type: integer + match: + description: |- + Match string. May optionally include submatches, aka capture groups. + See https://pkg.go.dev/regexp/ for details. + type: string + required: + - match + type: object + trim: + description: Trim the prefix or suffix from + the input + type: string + type: + default: Format + description: Type of the string transform to + be run. + enum: + - Format + - Convert + - TrimPrefix + - TrimSuffix + - Regexp + - Join + type: string + type: object + type: + description: Type of the transform to be run. + enum: + - map + - match + - math + - string + - convert + type: string + required: + - type + type: object + type: array + type: + default: FromCompositeFieldPath + description: |- + Type sets the patching behaviour to be used. Each patch type may require + its own fields to be set on the Patch object. + enum: + - FromCompositeFieldPath + - FromEnvironmentFieldPath + - PatchSet + - ToCompositeFieldPath + - ToEnvironmentFieldPath + - CombineFromEnvironment + - CombineFromComposite + - CombineToComposite + - CombineToEnvironment + type: string + type: object + type: array + required: + - name + - patches + type: object + type: array + pipeline: + description: |- + Pipeline is a list of composition function steps that will be used when a + composite resource referring to this composition is created. One of + resources and pipeline must be specified - you cannot specify both. + + + The Pipeline is only used by the "Pipeline" mode of Composition. It is + ignored by other modes. + + + THIS IS A BETA FIELD. It is not honored if the relevant Crossplane + feature flag is disabled. + items: + description: A PipelineStep in a Composition Function pipeline. + properties: + credentials: + description: Credentials are optional credentials that the Composition + Function needs. + items: + description: |- + FunctionCredentials are optional credentials that a Composition Function + needs to run. + properties: + name: + description: Name of this set of credentials. + type: string + secretRef: + description: |- + A SecretRef is a reference to a secret containing credentials that should + be supplied to the function. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + source: + description: Source of the function credentials. + enum: + - None + - Secret + type: string + required: + - name + - source + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + functionRef: + description: |- + FunctionRef is a reference to the Composition Function this step should + execute. + properties: + name: + description: Name of the referenced Function. + type: string + required: + - name + type: object + input: + description: |- + Input is an optional, arbitrary Kubernetes resource (i.e. a resource + with an apiVersion and kind) that will be passed to the Composition + Function as the 'input' of its RunFunctionRequest. + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + step: + description: Step name. Must be unique within its Pipeline. + type: string + required: + - functionRef + - step + type: object + type: array + publishConnectionDetailsWithStoreConfigRef: + default: + name: default + description: |- + PublishConnectionDetailsWithStoreConfig specifies the secret store config + with which the connection details of composite resources dynamically + provisioned using this composition will be published. + + + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + properties: + name: + description: Name of the referenced StoreConfig. + type: string + required: + - name + type: object + resources: + description: |- + Resources is a list of resource templates that will be used when a + composite resource referring to this composition is created. + + + Resources are only used by the "Resources" mode of Composition. They are + ignored by other modes. + items: + description: |- + ComposedTemplate is used to provide information about how the composed resource + should be processed. + properties: + base: + description: Base is the target resource that the patches will + be applied on. + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + connectionDetails: + description: |- + ConnectionDetails lists the propagation secret keys from this target + resource to the composition instance connection secret. + items: + description: |- + ConnectionDetail includes the information about the propagation of the connection + information from one secret to another. + properties: + fromConnectionSecretKey: + description: |- + FromConnectionSecretKey is the key that will be used to fetch the value + from the composed resource's connection secret. + type: string + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the composed resource whose + value to be used as input. Name must be specified if the type is + FromFieldPath. + type: string + name: + description: |- + Name of the connection secret key that will be propagated to the + connection secret of the composition instance. Leave empty if you'd like + to use the same key name. + type: string + type: + description: |- + Type sets the connection detail fetching behaviour to be used. Each + connection detail type may require its own fields to be set on the + ConnectionDetail object. If the type is omitted Crossplane will attempt + to infer it based on which other fields were specified. If multiple + fields are specified the order of precedence is: + 1. FromValue + 2. FromConnectionSecretKey + 3. FromFieldPath + enum: + - FromConnectionSecretKey + - FromFieldPath + - FromValue + type: string + value: + description: |- + Value that will be propagated to the connection secret of the composite + resource. May be set to inject a fixed, non-sensitive connection secret + value, for example a well-known port. + type: string + type: object + type: array + name: + description: |- + A Name uniquely identifies this entry within its Composition's resources + array. Names are optional but *strongly* recommended. When all entries in + the resources array are named entries may added, deleted, and reordered + as long as their names do not change. When entries are not named the + length and order of the resources array should be treated as immutable. + Either all or no entries must be named. + type: string + patches: + description: Patches will be applied as overlay to the base + resource. + items: + description: |- + Patch objects are applied between composite and composed resources. Their + behaviour depends on the Type selected. The default Type, + FromCompositeFieldPath, copies a value from the composite resource to + the composed resource, applying any defined transformers. + properties: + combine: + description: |- + Combine is the patch configuration for a CombineFromComposite, + CombineFromEnvironment, CombineToComposite or CombineToEnvironment patch. + properties: + strategy: + description: |- + Strategy defines the strategy to use to combine the input variable values. + Currently only string is supported. + enum: + - string + type: string + string: + description: |- + String declares that input variables should be combined into a single + string, using the relevant settings for formatting purposes. + properties: + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + required: + - fmt + type: object + variables: + description: |- + Variables are the list of variables whose values will be retrieved and + combined. + items: + description: |- + A CombineVariable defines the source of a value that is combined with + others to form and patch an output value. Currently, this only supports + retrieving values from a field path. + properties: + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the source whose value is + to be used as input. + type: string + required: + - fromFieldPath + type: object + minItems: 1 + type: array + required: + - strategy + - variables + type: object + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the resource whose value is + to be used as input. Required when type is FromCompositeFieldPath, + FromEnvironmentFieldPath, ToCompositeFieldPath, ToEnvironmentFieldPath. + type: string + patchSetName: + description: PatchSetName to include patches from. Required + when type is PatchSet. + type: string + policy: + description: Policy configures the specifics of patching + behaviour. + properties: + fromFieldPath: + description: |- + FromFieldPath specifies how to patch from a field path. The default is + 'Optional', which means the patch will be a no-op if the specified + fromFieldPath does not exist. Use 'Required' if the patch should fail if + the specified path does not exist. + enum: + - Optional + - Required + type: string + mergeOptions: + description: MergeOptions Specifies merge options + on a field path. + properties: + appendSlice: + description: Specifies that already existing elements + in a merged slice should be preserved + type: boolean + keepMapValues: + description: Specifies that already existing values + in a merged map should be preserved + type: boolean + type: object + type: object + toFieldPath: + description: |- + ToFieldPath is the path of the field on the resource whose value will + be changed with the result of transforms. Leave empty if you'd like to + propagate to the same path as fromFieldPath. + type: string + transforms: + description: |- + Transforms are the list of functions that are used as a FIFO pipe for the + input to be transformed. + items: + description: |- + Transform is a unit of process whose input is transformed into an output with + the supplied configuration. + properties: + convert: + description: Convert is used to cast the input into + the given output type. + properties: + format: + description: |- + The expected input format. + + + * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). + Only used during `string -> float64` conversions. + * `json` - parses the input as a JSON string. + Only used during `string -> object` or `string -> list` conversions. + + + If this property is null, the default conversion is applied. + enum: + - none + - quantity + - json + type: string + toType: + description: ToType is the type of the output + of this transform. + enum: + - string + - int + - int64 + - bool + - float64 + - object + - array + type: string + required: + - toType + type: object + map: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: Map uses the input as a key in the + given map and returns the value. + type: object + match: + description: Match is a more complex version of + Map that matches a list of patterns. + properties: + fallbackTo: + default: Value + description: Determines to what value the transform + should fallback if no pattern matches. + enum: + - Value + - Input + type: string + fallbackValue: + description: |- + The fallback value that should be returned by the transform if now pattern + matches. + x-kubernetes-preserve-unknown-fields: true + patterns: + description: |- + The patterns that should be tested against the input string. + Patterns are tested in order. The value of the first match is used as + result of this transform. + items: + description: |- + MatchTransformPattern is a transform that returns the value that matches a + pattern. + properties: + literal: + description: |- + Literal exactly matches the input string (case sensitive). + Is required if `type` is `literal`. + type: string + regexp: + description: |- + Regexp to match against the input string. + Is required if `type` is `regexp`. + type: string + result: + description: The value that is used as + result of the transform if the pattern + matches. + x-kubernetes-preserve-unknown-fields: true + type: + default: literal + description: |- + Type specifies how the pattern matches the input. + + + * `literal` - the pattern value has to exactly match (case sensitive) the + input string. This is the default. + + + * `regexp` - the pattern treated as a regular expression against + which the input string is tested. Crossplane will throw an error if the + key is not a valid regexp. + enum: + - literal + - regexp + type: string + required: + - result + - type + type: object + type: array + type: object + math: + description: |- + Math is used to transform the input via mathematical operations such as + multiplication. + properties: + clampMax: + description: ClampMax makes sure that the value + is not bigger than the given value. + format: int64 + type: integer + clampMin: + description: ClampMin makes sure that the value + is not smaller than the given value. + format: int64 + type: integer + multiply: + description: Multiply the value. + format: int64 + type: integer + type: + default: Multiply + description: Type of the math transform to be + run. + enum: + - Multiply + - ClampMin + - ClampMax + type: string + type: object + string: + description: |- + String is used to transform the input into a string or a different kind + of string. Note that the input does not necessarily need to be a string. + properties: + convert: + description: |- + Optional conversion method to be specified. + `ToUpper` and `ToLower` change the letter case of the input string. + `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. + `ToJson` converts any input value into its raw JSON representation. + `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input + converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. + enum: + - ToUpper + - ToLower + - ToBase64 + - FromBase64 + - ToJson + - ToSha1 + - ToSha256 + - ToSha512 + - ToAdler32 + type: string + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + join: + description: Join defines parameters to join + a slice of values to a string. + properties: + separator: + description: |- + Separator defines the character that should separate the values from each + other in the joined string. + type: string + required: + - separator + type: object + regexp: + description: Extract a match from the input + using a regular expression. + properties: + group: + description: Group number to match. 0 (the + default) matches the entire expression. + type: integer + match: + description: |- + Match string. May optionally include submatches, aka capture groups. + See https://pkg.go.dev/regexp/ for details. + type: string + required: + - match + type: object + trim: + description: Trim the prefix or suffix from + the input + type: string + type: + default: Format + description: Type of the string transform to + be run. + enum: + - Format + - Convert + - TrimPrefix + - TrimSuffix + - Regexp + - Join + type: string + type: object + type: + description: Type of the transform to be run. + enum: + - map + - match + - math + - string + - convert + type: string + required: + - type + type: object + type: array + type: + default: FromCompositeFieldPath + description: |- + Type sets the patching behaviour to be used. Each patch type may require + its own fields to be set on the Patch object. + enum: + - FromCompositeFieldPath + - FromEnvironmentFieldPath + - PatchSet + - ToCompositeFieldPath + - ToEnvironmentFieldPath + - CombineFromEnvironment + - CombineFromComposite + - CombineToComposite + - CombineToEnvironment + type: string + type: object + type: array + readinessChecks: + default: + - matchCondition: + status: "True" + type: Ready + type: MatchCondition + description: |- + ReadinessChecks allows users to define custom readiness checks. All checks + have to return true in order for resource to be considered ready. The + default readiness check is to have the "Ready" condition to be "True". + items: + description: |- + ReadinessCheck is used to indicate how to tell whether a resource is ready + for consumption. + properties: + fieldPath: + description: FieldPath shows the path of the field whose + value will be used. + type: string + matchCondition: + description: MatchCondition specifies the condition you'd + like to match if you're using "MatchCondition" type. + properties: + status: + default: "True" + description: Status is the status of the condition + you'd like to match. + type: string + type: + default: Ready + description: Type indicates the type of condition + you'd like to use. + type: string + required: + - status + - type + type: object + matchInteger: + description: MatchInt is the value you'd like to match + if you're using "MatchInt" type. + format: int64 + type: integer + matchString: + description: MatchString is the value you'd like to match + if you're using "MatchString" type. + type: string + type: + description: Type indicates the type of probe you'd like + to use. + enum: + - MatchString + - MatchInteger + - NonEmpty + - MatchCondition + - MatchTrue + - MatchFalse + - None + type: string + required: + - type + type: object + type: array + required: + - base + type: object + type: array + revision: + description: Revision number. Newer revisions have larger numbers. + format: int64 + type: integer + writeConnectionSecretsToNamespace: + description: |- + WriteConnectionSecretsToNamespace specifies the namespace in which the + connection secrets of composite resource dynamically provisioned using + this composition will be created. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsWithStoreConfigRef. Currently, both could be + set independently and connection details would be published to both + without affecting each other as long as related fields at MR level + specified. + type: string + required: + - compositeTypeRef + - revision + type: object + status: + description: |- + CompositionRevisionStatus shows the observed state of the composition + revision. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: false + subresources: + status: {} diff --git a/content/v1.16/api/crds/apiextensions.crossplane.io_compositions.yaml b/content/v1.16/api/crds/apiextensions.crossplane.io_compositions.yaml new file mode 100644 index 000000000..61e6d4c66 --- /dev/null +++ b/content/v1.16/api/crds/apiextensions.crossplane.io_compositions.yaml @@ -0,0 +1,1592 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: compositions.apiextensions.crossplane.io +spec: + group: apiextensions.crossplane.io + names: + categories: + - crossplane + kind: Composition + listKind: CompositionList + plural: compositions + shortNames: + - comp + singular: composition + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.compositeTypeRef.kind + name: XR-KIND + type: string + - jsonPath: .spec.compositeTypeRef.apiVersion + name: XR-APIVERSION + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1 + schema: + openAPIV3Schema: + description: |- + A Composition defines a collection of managed resources or functions that + Crossplane uses to create and manage new composite resources. + + + Read the Crossplane documentation for + [more information about Compositions](https://docs.crossplane.io/latest/concepts/compositions). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CompositionSpec specifies desired state of a composition. + properties: + compositeTypeRef: + description: |- + CompositeTypeRef specifies the type of composite resource that this + composition is compatible with. + properties: + apiVersion: + description: APIVersion of the type. + type: string + kind: + description: Kind of the type. + type: string + required: + - apiVersion + - kind + type: object + environment: + description: |- + Environment configures the environment in which resources are rendered. + + + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + properties: + defaultData: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: |- + DefaultData statically defines the initial state of the environment. + It has the same schema-less structure as the data field in + environment configs. + It is overwritten by the selected environment configs. + type: object + environmentConfigs: + description: |- + EnvironmentConfigs selects a list of `EnvironmentConfig`s. The resolved + resources are stored in the composite resource at + `spec.environmentConfigRefs` and is only updated if it is null. + + + The list of references is used to compute an in-memory environment at + compose time. The data of all object is merged in the order they are + listed, meaning the values of EnvironmentConfigs with a larger index take + priority over ones with smaller indices. + + + The computed environment can be accessed in a composition using + `FromEnvironmentFieldPath` and `CombineFromEnvironment` patches. + items: + description: EnvironmentSource selects a EnvironmentConfig resource. + properties: + ref: + description: |- + Ref is a named reference to a single EnvironmentConfig. + Either Ref or Selector is required. + properties: + name: + description: The name of the object. + type: string + required: + - name + type: object + selector: + description: Selector selects EnvironmentConfig(s) via labels. + properties: + matchLabels: + description: MatchLabels ensures an object with matching + labels is selected. + items: + description: |- + An EnvironmentSourceSelectorLabelMatcher acts like a k8s label selector but + can draw the label value from a different path. + properties: + fromFieldPathPolicy: + default: Required + description: |- + FromFieldPathPolicy specifies the policy for the valueFromFieldPath. + The default is Required, meaning that an error will be returned if the + field is not found in the composite resource. + Optional means that if the field is not found in the composite resource, + that label pair will just be skipped. N.B. other specified label + matchers will still be used to retrieve the desired + environment config, if any. + enum: + - Optional + - Required + type: string + key: + description: Key of the label to match. + type: string + type: + default: FromCompositeFieldPath + description: Type specifies where the value for + a label comes from. + enum: + - FromCompositeFieldPath + - Value + type: string + value: + description: Value specifies a literal label value. + type: string + valueFromFieldPath: + description: ValueFromFieldPath specifies the + field path to look for the label value. + type: string + required: + - key + type: object + type: array + maxMatch: + description: MaxMatch specifies the number of extracted + EnvironmentConfigs in Multiple mode, extracts all + if nil. + format: int64 + type: integer + minMatch: + description: MinMatch specifies the required minimum + of extracted EnvironmentConfigs in Multiple mode. + format: int64 + type: integer + mode: + default: Single + description: 'Mode specifies retrieval strategy: "Single" + or "Multiple".' + enum: + - Single + - Multiple + type: string + sortByFieldPath: + default: metadata.name + description: SortByFieldPath is the path to the field + based on which list of EnvironmentConfigs is alphabetically + sorted. + type: string + type: object + type: + default: Reference + description: |- + Type specifies the way the EnvironmentConfig is selected. + Default is `Reference` + enum: + - Reference + - Selector + type: string + type: object + type: array + patches: + description: |- + Patches is a list of environment patches that are executed before a + composition's resources are composed. + items: + description: EnvironmentPatch is a patch for a Composition environment. + properties: + combine: + description: |- + Combine is the patch configuration for a CombineFromComposite or + CombineToComposite patch. + properties: + strategy: + description: |- + Strategy defines the strategy to use to combine the input variable values. + Currently only string is supported. + enum: + - string + type: string + string: + description: |- + String declares that input variables should be combined into a single + string, using the relevant settings for formatting purposes. + properties: + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + required: + - fmt + type: object + variables: + description: |- + Variables are the list of variables whose values will be retrieved and + combined. + items: + description: |- + A CombineVariable defines the source of a value that is combined with + others to form and patch an output value. Currently, this only supports + retrieving values from a field path. + properties: + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the source whose value is + to be used as input. + type: string + required: + - fromFieldPath + type: object + minItems: 1 + type: array + required: + - strategy + - variables + type: object + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the resource whose value is + to be used as input. Required when type is FromCompositeFieldPath or + ToCompositeFieldPath. + type: string + policy: + description: Policy configures the specifics of patching + behaviour. + properties: + fromFieldPath: + description: |- + FromFieldPath specifies how to patch from a field path. The default is + 'Optional', which means the patch will be a no-op if the specified + fromFieldPath does not exist. Use 'Required' if the patch should fail if + the specified path does not exist. + enum: + - Optional + - Required + type: string + mergeOptions: + description: MergeOptions Specifies merge options on + a field path. + properties: + appendSlice: + description: Specifies that already existing elements + in a merged slice should be preserved + type: boolean + keepMapValues: + description: Specifies that already existing values + in a merged map should be preserved + type: boolean + type: object + type: object + toFieldPath: + description: |- + ToFieldPath is the path of the field on the resource whose value will + be changed with the result of transforms. Leave empty if you'd like to + propagate to the same path as fromFieldPath. + type: string + transforms: + description: |- + Transforms are the list of functions that are used as a FIFO pipe for the + input to be transformed. + items: + description: |- + Transform is a unit of process whose input is transformed into an output with + the supplied configuration. + properties: + convert: + description: Convert is used to cast the input into + the given output type. + properties: + format: + description: |- + The expected input format. + + + * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). + Only used during `string -> float64` conversions. + * `json` - parses the input as a JSON string. + Only used during `string -> object` or `string -> list` conversions. + + + If this property is null, the default conversion is applied. + enum: + - none + - quantity + - json + type: string + toType: + description: ToType is the type of the output + of this transform. + enum: + - string + - int + - int64 + - bool + - float64 + - object + - array + type: string + required: + - toType + type: object + map: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: Map uses the input as a key in the given + map and returns the value. + type: object + match: + description: Match is a more complex version of Map + that matches a list of patterns. + properties: + fallbackTo: + default: Value + description: Determines to what value the transform + should fallback if no pattern matches. + enum: + - Value + - Input + type: string + fallbackValue: + description: |- + The fallback value that should be returned by the transform if now pattern + matches. + x-kubernetes-preserve-unknown-fields: true + patterns: + description: |- + The patterns that should be tested against the input string. + Patterns are tested in order. The value of the first match is used as + result of this transform. + items: + description: |- + MatchTransformPattern is a transform that returns the value that matches a + pattern. + properties: + literal: + description: |- + Literal exactly matches the input string (case sensitive). + Is required if `type` is `literal`. + type: string + regexp: + description: |- + Regexp to match against the input string. + Is required if `type` is `regexp`. + type: string + result: + description: The value that is used as result + of the transform if the pattern matches. + x-kubernetes-preserve-unknown-fields: true + type: + default: literal + description: |- + Type specifies how the pattern matches the input. + + + * `literal` - the pattern value has to exactly match (case sensitive) the + input string. This is the default. + + + * `regexp` - the pattern treated as a regular expression against + which the input string is tested. Crossplane will throw an error if the + key is not a valid regexp. + enum: + - literal + - regexp + type: string + required: + - result + - type + type: object + type: array + type: object + math: + description: |- + Math is used to transform the input via mathematical operations such as + multiplication. + properties: + clampMax: + description: ClampMax makes sure that the value + is not bigger than the given value. + format: int64 + type: integer + clampMin: + description: ClampMin makes sure that the value + is not smaller than the given value. + format: int64 + type: integer + multiply: + description: Multiply the value. + format: int64 + type: integer + type: + default: Multiply + description: Type of the math transform to be + run. + enum: + - Multiply + - ClampMin + - ClampMax + type: string + type: object + string: + description: |- + String is used to transform the input into a string or a different kind + of string. Note that the input does not necessarily need to be a string. + properties: + convert: + description: |- + Optional conversion method to be specified. + `ToUpper` and `ToLower` change the letter case of the input string. + `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. + `ToJson` converts any input value into its raw JSON representation. + `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input + converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. + enum: + - ToUpper + - ToLower + - ToBase64 + - FromBase64 + - ToJson + - ToSha1 + - ToSha256 + - ToSha512 + - ToAdler32 + type: string + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + join: + description: Join defines parameters to join a + slice of values to a string. + properties: + separator: + description: |- + Separator defines the character that should separate the values from each + other in the joined string. + type: string + required: + - separator + type: object + regexp: + description: Extract a match from the input using + a regular expression. + properties: + group: + description: Group number to match. 0 (the + default) matches the entire expression. + type: integer + match: + description: |- + Match string. May optionally include submatches, aka capture groups. + See https://pkg.go.dev/regexp/ for details. + type: string + required: + - match + type: object + trim: + description: Trim the prefix or suffix from the + input + type: string + type: + default: Format + description: Type of the string transform to be + run. + enum: + - Format + - Convert + - TrimPrefix + - TrimSuffix + - Regexp + - Join + type: string + type: object + type: + description: Type of the transform to be run. + enum: + - map + - match + - math + - string + - convert + type: string + required: + - type + type: object + type: array + type: + default: FromCompositeFieldPath + description: |- + Type sets the patching behaviour to be used. Each patch type may require + its own fields to be set on the Patch object. + enum: + - FromCompositeFieldPath + - ToCompositeFieldPath + - CombineFromComposite + - CombineToComposite + type: string + type: object + type: array + policy: + description: |- + Policy represents the Resolve and Resolution policies which apply to + all EnvironmentSourceReferences in EnvironmentConfigs list. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + mode: + default: Resources + description: |- + Mode controls what type or "mode" of Composition will be used. + + + "Resources" (the default) indicates that a Composition uses what is + commonly referred to as "Patch & Transform" or P&T composition. This mode + of Composition uses an array of resources, each a template for a composed + resource. + + + "Pipeline" indicates that a Composition specifies a pipeline + of Composition Functions, each of which is responsible for producing + composed resources that Crossplane should create or update. THE PIPELINE + MODE IS A BETA FEATURE. It is not honored if the relevant Crossplane + feature flag is disabled. + enum: + - Resources + - Pipeline + type: string + patchSets: + description: |- + PatchSets define a named set of patches that may be included by any + resource in this Composition. PatchSets cannot themselves refer to other + PatchSets. + + + PatchSets are only used by the "Resources" mode of Composition. They + are ignored by other modes. + items: + description: |- + A PatchSet is a set of patches that can be reused from all resources within + a Composition. + properties: + name: + description: Name of this PatchSet. + type: string + patches: + description: Patches will be applied as an overlay to the base + resource. + items: + description: |- + Patch objects are applied between composite and composed resources. Their + behaviour depends on the Type selected. The default Type, + FromCompositeFieldPath, copies a value from the composite resource to + the composed resource, applying any defined transformers. + properties: + combine: + description: |- + Combine is the patch configuration for a CombineFromComposite, + CombineFromEnvironment, CombineToComposite or CombineToEnvironment patch. + properties: + strategy: + description: |- + Strategy defines the strategy to use to combine the input variable values. + Currently only string is supported. + enum: + - string + type: string + string: + description: |- + String declares that input variables should be combined into a single + string, using the relevant settings for formatting purposes. + properties: + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + required: + - fmt + type: object + variables: + description: |- + Variables are the list of variables whose values will be retrieved and + combined. + items: + description: |- + A CombineVariable defines the source of a value that is combined with + others to form and patch an output value. Currently, this only supports + retrieving values from a field path. + properties: + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the source whose value is + to be used as input. + type: string + required: + - fromFieldPath + type: object + minItems: 1 + type: array + required: + - strategy + - variables + type: object + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the resource whose value is + to be used as input. Required when type is FromCompositeFieldPath, + FromEnvironmentFieldPath, ToCompositeFieldPath, ToEnvironmentFieldPath. + type: string + patchSetName: + description: PatchSetName to include patches from. Required + when type is PatchSet. + type: string + policy: + description: Policy configures the specifics of patching + behaviour. + properties: + fromFieldPath: + description: |- + FromFieldPath specifies how to patch from a field path. The default is + 'Optional', which means the patch will be a no-op if the specified + fromFieldPath does not exist. Use 'Required' if the patch should fail if + the specified path does not exist. + enum: + - Optional + - Required + type: string + mergeOptions: + description: MergeOptions Specifies merge options + on a field path. + properties: + appendSlice: + description: Specifies that already existing elements + in a merged slice should be preserved + type: boolean + keepMapValues: + description: Specifies that already existing values + in a merged map should be preserved + type: boolean + type: object + type: object + toFieldPath: + description: |- + ToFieldPath is the path of the field on the resource whose value will + be changed with the result of transforms. Leave empty if you'd like to + propagate to the same path as fromFieldPath. + type: string + transforms: + description: |- + Transforms are the list of functions that are used as a FIFO pipe for the + input to be transformed. + items: + description: |- + Transform is a unit of process whose input is transformed into an output with + the supplied configuration. + properties: + convert: + description: Convert is used to cast the input into + the given output type. + properties: + format: + description: |- + The expected input format. + + + * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). + Only used during `string -> float64` conversions. + * `json` - parses the input as a JSON string. + Only used during `string -> object` or `string -> list` conversions. + + + If this property is null, the default conversion is applied. + enum: + - none + - quantity + - json + type: string + toType: + description: ToType is the type of the output + of this transform. + enum: + - string + - int + - int64 + - bool + - float64 + - object + - array + type: string + required: + - toType + type: object + map: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: Map uses the input as a key in the + given map and returns the value. + type: object + match: + description: Match is a more complex version of + Map that matches a list of patterns. + properties: + fallbackTo: + default: Value + description: Determines to what value the transform + should fallback if no pattern matches. + enum: + - Value + - Input + type: string + fallbackValue: + description: |- + The fallback value that should be returned by the transform if now pattern + matches. + x-kubernetes-preserve-unknown-fields: true + patterns: + description: |- + The patterns that should be tested against the input string. + Patterns are tested in order. The value of the first match is used as + result of this transform. + items: + description: |- + MatchTransformPattern is a transform that returns the value that matches a + pattern. + properties: + literal: + description: |- + Literal exactly matches the input string (case sensitive). + Is required if `type` is `literal`. + type: string + regexp: + description: |- + Regexp to match against the input string. + Is required if `type` is `regexp`. + type: string + result: + description: The value that is used as + result of the transform if the pattern + matches. + x-kubernetes-preserve-unknown-fields: true + type: + default: literal + description: |- + Type specifies how the pattern matches the input. + + + * `literal` - the pattern value has to exactly match (case sensitive) the + input string. This is the default. + + + * `regexp` - the pattern treated as a regular expression against + which the input string is tested. Crossplane will throw an error if the + key is not a valid regexp. + enum: + - literal + - regexp + type: string + required: + - result + - type + type: object + type: array + type: object + math: + description: |- + Math is used to transform the input via mathematical operations such as + multiplication. + properties: + clampMax: + description: ClampMax makes sure that the value + is not bigger than the given value. + format: int64 + type: integer + clampMin: + description: ClampMin makes sure that the value + is not smaller than the given value. + format: int64 + type: integer + multiply: + description: Multiply the value. + format: int64 + type: integer + type: + default: Multiply + description: Type of the math transform to be + run. + enum: + - Multiply + - ClampMin + - ClampMax + type: string + type: object + string: + description: |- + String is used to transform the input into a string or a different kind + of string. Note that the input does not necessarily need to be a string. + properties: + convert: + description: |- + Optional conversion method to be specified. + `ToUpper` and `ToLower` change the letter case of the input string. + `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. + `ToJson` converts any input value into its raw JSON representation. + `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input + converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. + enum: + - ToUpper + - ToLower + - ToBase64 + - FromBase64 + - ToJson + - ToSha1 + - ToSha256 + - ToSha512 + - ToAdler32 + type: string + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + join: + description: Join defines parameters to join + a slice of values to a string. + properties: + separator: + description: |- + Separator defines the character that should separate the values from each + other in the joined string. + type: string + required: + - separator + type: object + regexp: + description: Extract a match from the input + using a regular expression. + properties: + group: + description: Group number to match. 0 (the + default) matches the entire expression. + type: integer + match: + description: |- + Match string. May optionally include submatches, aka capture groups. + See https://pkg.go.dev/regexp/ for details. + type: string + required: + - match + type: object + trim: + description: Trim the prefix or suffix from + the input + type: string + type: + default: Format + description: Type of the string transform to + be run. + enum: + - Format + - Convert + - TrimPrefix + - TrimSuffix + - Regexp + - Join + type: string + type: object + type: + description: Type of the transform to be run. + enum: + - map + - match + - math + - string + - convert + type: string + required: + - type + type: object + type: array + type: + default: FromCompositeFieldPath + description: |- + Type sets the patching behaviour to be used. Each patch type may require + its own fields to be set on the Patch object. + enum: + - FromCompositeFieldPath + - FromEnvironmentFieldPath + - PatchSet + - ToCompositeFieldPath + - ToEnvironmentFieldPath + - CombineFromEnvironment + - CombineFromComposite + - CombineToComposite + - CombineToEnvironment + type: string + type: object + type: array + required: + - name + - patches + type: object + type: array + pipeline: + description: |- + Pipeline is a list of composition function steps that will be used when a + composite resource referring to this composition is created. One of + resources and pipeline must be specified - you cannot specify both. + + + The Pipeline is only used by the "Pipeline" mode of Composition. It is + ignored by other modes. + + + THIS IS A BETA FIELD. It is not honored if the relevant Crossplane + feature flag is disabled. + items: + description: A PipelineStep in a Composition Function pipeline. + properties: + credentials: + description: Credentials are optional credentials that the Composition + Function needs. + items: + description: |- + FunctionCredentials are optional credentials that a Composition Function + needs to run. + properties: + name: + description: Name of this set of credentials. + type: string + secretRef: + description: |- + A SecretRef is a reference to a secret containing credentials that should + be supplied to the function. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + source: + description: Source of the function credentials. + enum: + - None + - Secret + type: string + required: + - name + - source + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + functionRef: + description: |- + FunctionRef is a reference to the Composition Function this step should + execute. + properties: + name: + description: Name of the referenced Function. + type: string + required: + - name + type: object + input: + description: |- + Input is an optional, arbitrary Kubernetes resource (i.e. a resource + with an apiVersion and kind) that will be passed to the Composition + Function as the 'input' of its RunFunctionRequest. + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + step: + description: Step name. Must be unique within its Pipeline. + type: string + required: + - functionRef + - step + type: object + type: array + x-kubernetes-list-map-keys: + - step + x-kubernetes-list-type: map + publishConnectionDetailsWithStoreConfigRef: + default: + name: default + description: |- + PublishConnectionDetailsWithStoreConfig specifies the secret store config + with which the connection details of composite resources dynamically + provisioned using this composition will be published. + + + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + properties: + name: + description: Name of the referenced StoreConfig. + type: string + required: + - name + type: object + resources: + description: |- + Resources is a list of resource templates that will be used when a + composite resource referring to this composition is created. + + + Resources are only used by the "Resources" mode of Composition. They are + ignored by other modes. + items: + description: |- + ComposedTemplate is used to provide information about how the composed resource + should be processed. + properties: + base: + description: Base is the target resource that the patches will + be applied on. + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + connectionDetails: + description: |- + ConnectionDetails lists the propagation secret keys from this target + resource to the composition instance connection secret. + items: + description: |- + ConnectionDetail includes the information about the propagation of the connection + information from one secret to another. + properties: + fromConnectionSecretKey: + description: |- + FromConnectionSecretKey is the key that will be used to fetch the value + from the composed resource's connection secret. + type: string + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the composed resource whose + value to be used as input. Name must be specified if the type is + FromFieldPath. + type: string + name: + description: |- + Name of the connection secret key that will be propagated to the + connection secret of the composition instance. Leave empty if you'd like + to use the same key name. + type: string + type: + description: |- + Type sets the connection detail fetching behaviour to be used. Each + connection detail type may require its own fields to be set on the + ConnectionDetail object. If the type is omitted Crossplane will attempt + to infer it based on which other fields were specified. If multiple + fields are specified the order of precedence is: + 1. FromValue + 2. FromConnectionSecretKey + 3. FromFieldPath + enum: + - FromConnectionSecretKey + - FromFieldPath + - FromValue + type: string + value: + description: |- + Value that will be propagated to the connection secret of the composite + resource. May be set to inject a fixed, non-sensitive connection secret + value, for example a well-known port. + type: string + type: object + type: array + name: + description: |- + A Name uniquely identifies this entry within its Composition's resources + array. Names are optional but *strongly* recommended. When all entries in + the resources array are named entries may added, deleted, and reordered + as long as their names do not change. When entries are not named the + length and order of the resources array should be treated as immutable. + Either all or no entries must be named. + type: string + patches: + description: Patches will be applied as overlay to the base + resource. + items: + description: |- + Patch objects are applied between composite and composed resources. Their + behaviour depends on the Type selected. The default Type, + FromCompositeFieldPath, copies a value from the composite resource to + the composed resource, applying any defined transformers. + properties: + combine: + description: |- + Combine is the patch configuration for a CombineFromComposite, + CombineFromEnvironment, CombineToComposite or CombineToEnvironment patch. + properties: + strategy: + description: |- + Strategy defines the strategy to use to combine the input variable values. + Currently only string is supported. + enum: + - string + type: string + string: + description: |- + String declares that input variables should be combined into a single + string, using the relevant settings for formatting purposes. + properties: + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + required: + - fmt + type: object + variables: + description: |- + Variables are the list of variables whose values will be retrieved and + combined. + items: + description: |- + A CombineVariable defines the source of a value that is combined with + others to form and patch an output value. Currently, this only supports + retrieving values from a field path. + properties: + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the source whose value is + to be used as input. + type: string + required: + - fromFieldPath + type: object + minItems: 1 + type: array + required: + - strategy + - variables + type: object + fromFieldPath: + description: |- + FromFieldPath is the path of the field on the resource whose value is + to be used as input. Required when type is FromCompositeFieldPath, + FromEnvironmentFieldPath, ToCompositeFieldPath, ToEnvironmentFieldPath. + type: string + patchSetName: + description: PatchSetName to include patches from. Required + when type is PatchSet. + type: string + policy: + description: Policy configures the specifics of patching + behaviour. + properties: + fromFieldPath: + description: |- + FromFieldPath specifies how to patch from a field path. The default is + 'Optional', which means the patch will be a no-op if the specified + fromFieldPath does not exist. Use 'Required' if the patch should fail if + the specified path does not exist. + enum: + - Optional + - Required + type: string + mergeOptions: + description: MergeOptions Specifies merge options + on a field path. + properties: + appendSlice: + description: Specifies that already existing elements + in a merged slice should be preserved + type: boolean + keepMapValues: + description: Specifies that already existing values + in a merged map should be preserved + type: boolean + type: object + type: object + toFieldPath: + description: |- + ToFieldPath is the path of the field on the resource whose value will + be changed with the result of transforms. Leave empty if you'd like to + propagate to the same path as fromFieldPath. + type: string + transforms: + description: |- + Transforms are the list of functions that are used as a FIFO pipe for the + input to be transformed. + items: + description: |- + Transform is a unit of process whose input is transformed into an output with + the supplied configuration. + properties: + convert: + description: Convert is used to cast the input into + the given output type. + properties: + format: + description: |- + The expected input format. + + + * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). + Only used during `string -> float64` conversions. + * `json` - parses the input as a JSON string. + Only used during `string -> object` or `string -> list` conversions. + + + If this property is null, the default conversion is applied. + enum: + - none + - quantity + - json + type: string + toType: + description: ToType is the type of the output + of this transform. + enum: + - string + - int + - int64 + - bool + - float64 + - object + - array + type: string + required: + - toType + type: object + map: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: Map uses the input as a key in the + given map and returns the value. + type: object + match: + description: Match is a more complex version of + Map that matches a list of patterns. + properties: + fallbackTo: + default: Value + description: Determines to what value the transform + should fallback if no pattern matches. + enum: + - Value + - Input + type: string + fallbackValue: + description: |- + The fallback value that should be returned by the transform if now pattern + matches. + x-kubernetes-preserve-unknown-fields: true + patterns: + description: |- + The patterns that should be tested against the input string. + Patterns are tested in order. The value of the first match is used as + result of this transform. + items: + description: |- + MatchTransformPattern is a transform that returns the value that matches a + pattern. + properties: + literal: + description: |- + Literal exactly matches the input string (case sensitive). + Is required if `type` is `literal`. + type: string + regexp: + description: |- + Regexp to match against the input string. + Is required if `type` is `regexp`. + type: string + result: + description: The value that is used as + result of the transform if the pattern + matches. + x-kubernetes-preserve-unknown-fields: true + type: + default: literal + description: |- + Type specifies how the pattern matches the input. + + + * `literal` - the pattern value has to exactly match (case sensitive) the + input string. This is the default. + + + * `regexp` - the pattern treated as a regular expression against + which the input string is tested. Crossplane will throw an error if the + key is not a valid regexp. + enum: + - literal + - regexp + type: string + required: + - result + - type + type: object + type: array + type: object + math: + description: |- + Math is used to transform the input via mathematical operations such as + multiplication. + properties: + clampMax: + description: ClampMax makes sure that the value + is not bigger than the given value. + format: int64 + type: integer + clampMin: + description: ClampMin makes sure that the value + is not smaller than the given value. + format: int64 + type: integer + multiply: + description: Multiply the value. + format: int64 + type: integer + type: + default: Multiply + description: Type of the math transform to be + run. + enum: + - Multiply + - ClampMin + - ClampMax + type: string + type: object + string: + description: |- + String is used to transform the input into a string or a different kind + of string. Note that the input does not necessarily need to be a string. + properties: + convert: + description: |- + Optional conversion method to be specified. + `ToUpper` and `ToLower` change the letter case of the input string. + `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. + `ToJson` converts any input value into its raw JSON representation. + `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input + converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. + enum: + - ToUpper + - ToLower + - ToBase64 + - FromBase64 + - ToJson + - ToSha1 + - ToSha256 + - ToSha512 + - ToAdler32 + type: string + fmt: + description: |- + Format the input using a Go format string. See + https://golang.org/pkg/fmt/ for details. + type: string + join: + description: Join defines parameters to join + a slice of values to a string. + properties: + separator: + description: |- + Separator defines the character that should separate the values from each + other in the joined string. + type: string + required: + - separator + type: object + regexp: + description: Extract a match from the input + using a regular expression. + properties: + group: + description: Group number to match. 0 (the + default) matches the entire expression. + type: integer + match: + description: |- + Match string. May optionally include submatches, aka capture groups. + See https://pkg.go.dev/regexp/ for details. + type: string + required: + - match + type: object + trim: + description: Trim the prefix or suffix from + the input + type: string + type: + default: Format + description: Type of the string transform to + be run. + enum: + - Format + - Convert + - TrimPrefix + - TrimSuffix + - Regexp + - Join + type: string + type: object + type: + description: Type of the transform to be run. + enum: + - map + - match + - math + - string + - convert + type: string + required: + - type + type: object + type: array + type: + default: FromCompositeFieldPath + description: |- + Type sets the patching behaviour to be used. Each patch type may require + its own fields to be set on the Patch object. + enum: + - FromCompositeFieldPath + - FromEnvironmentFieldPath + - PatchSet + - ToCompositeFieldPath + - ToEnvironmentFieldPath + - CombineFromEnvironment + - CombineFromComposite + - CombineToComposite + - CombineToEnvironment + type: string + type: object + type: array + readinessChecks: + default: + - matchCondition: + status: "True" + type: Ready + type: MatchCondition + description: |- + ReadinessChecks allows users to define custom readiness checks. All checks + have to return true in order for resource to be considered ready. The + default readiness check is to have the "Ready" condition to be "True". + items: + description: |- + ReadinessCheck is used to indicate how to tell whether a resource is ready + for consumption. + properties: + fieldPath: + description: FieldPath shows the path of the field whose + value will be used. + type: string + matchCondition: + description: MatchCondition specifies the condition you'd + like to match if you're using "MatchCondition" type. + properties: + status: + default: "True" + description: Status is the status of the condition + you'd like to match. + type: string + type: + default: Ready + description: Type indicates the type of condition + you'd like to use. + type: string + required: + - status + - type + type: object + matchInteger: + description: MatchInt is the value you'd like to match + if you're using "MatchInt" type. + format: int64 + type: integer + matchString: + description: MatchString is the value you'd like to match + if you're using "MatchString" type. + type: string + type: + description: Type indicates the type of probe you'd like + to use. + enum: + - MatchString + - MatchInteger + - NonEmpty + - MatchCondition + - MatchTrue + - MatchFalse + - None + type: string + required: + - type + type: object + type: array + required: + - base + type: object + type: array + writeConnectionSecretsToNamespace: + description: |- + WriteConnectionSecretsToNamespace specifies the namespace in which the + connection secrets of composite resource dynamically provisioned using + this composition will be created. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsWithStoreConfigRef. Currently, both could be + set independently and connection details would be published to both + without affecting each other as long as related fields at MR level + specified. + type: string + required: + - compositeTypeRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/content/v1.16/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml b/content/v1.16/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml new file mode 100644 index 000000000..1d80d90b2 --- /dev/null +++ b/content/v1.16/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml @@ -0,0 +1,62 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: environmentconfigs.apiextensions.crossplane.io +spec: + group: apiextensions.crossplane.io + names: + categories: + - crossplane + kind: EnvironmentConfig + listKind: EnvironmentConfigList + plural: environmentconfigs + shortNames: + - envcfg + singular: environmentconfig + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + An EnvironmentConfig contains user-defined unstructured values for + use in a Composition. + + + Read the Crossplane documentation for + [more information about EnvironmentConfigs](https://docs.crossplane.io/latest/concepts/environment-configs). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + data: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: |- + The data of this EnvironmentConfig. + This may contain any kind of structure that can be serialized into JSON. + type: object + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/content/v1.16/api/crds/apiextensions.crossplane.io_usages.yaml b/content/v1.16/api/crds/apiextensions.crossplane.io_usages.yaml new file mode 100644 index 000000000..cc8f7e557 --- /dev/null +++ b/content/v1.16/api/crds/apiextensions.crossplane.io_usages.yaml @@ -0,0 +1,216 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: usages.apiextensions.crossplane.io +spec: + group: apiextensions.crossplane.io + names: + categories: + - crossplane + kind: Usage + listKind: UsageList + plural: usages + singular: usage + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.annotations.crossplane\.io/usage-details + name: DETAILS + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + A Usage defines a deletion blocking relationship between two resources. + + + Usages prevent accidental deletion of a single resource or deletion of + resources with dependent resources. + + + Read the Crossplane documentation for + [more information about Compositions](https://docs.crossplane.io/latest/concepts/usages). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: UsageSpec defines the desired state of Usage. + properties: + by: + description: By is the resource that is "using the other resource". + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + resourceRef: + description: Reference to the resource. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + resourceSelector: + description: |- + Selector to the resource. + This field will be ignored if ResourceRef is set. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + type: object + type: object + x-kubernetes-validations: + - message: either a resource reference or a resource selector should + be set. + rule: has(self.resourceRef) || has(self.resourceSelector) + of: + description: Of is the resource that is "being used". + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + resourceRef: + description: Reference to the resource. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + resourceSelector: + description: |- + Selector to the resource. + This field will be ignored if ResourceRef is set. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + type: object + type: object + x-kubernetes-validations: + - message: either a resource reference or a resource selector should + be set. + rule: has(self.resourceRef) || has(self.resourceSelector) + reason: + description: Reason is the reason for blocking deletion of the resource. + type: string + replayDeletion: + description: ReplayDeletion will trigger a deletion on the used resource + during the deletion of the usage itself, if it was attempted to + be deleted at least once. + type: boolean + required: + - of + type: object + x-kubernetes-validations: + - message: either "spec.by" or "spec.reason" must be specified. + rule: has(self.by) || has(self.reason) + status: + description: UsageStatus defines the observed state of Usage. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/content/v1.16/api/crds/pkg.crossplane.io_configurationrevisions.yaml b/content/v1.16/api/crds/pkg.crossplane.io_configurationrevisions.yaml new file mode 100644 index 000000000..7fb52c93e --- /dev/null +++ b/content/v1.16/api/crds/pkg.crossplane.io_configurationrevisions.yaml @@ -0,0 +1,281 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: configurationrevisions.pkg.crossplane.io +spec: + group: pkg.crossplane.io + names: + categories: + - crossplane + - pkgrev + kind: ConfigurationRevision + listKind: ConfigurationRevisionList + plural: configurationrevisions + singular: configurationrevision + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Healthy')].status + name: HEALTHY + type: string + - jsonPath: .spec.revision + name: REVISION + type: string + - jsonPath: .spec.image + name: IMAGE + type: string + - jsonPath: .spec.desiredState + name: STATE + type: string + - jsonPath: .status.foundDependencies + name: DEP-FOUND + type: string + - jsonPath: .status.installedDependencies + name: DEP-INSTALLED + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1 + schema: + openAPIV3Schema: + description: |- + A ConfigurationRevision represents a revision of a Configuration. Crossplane + creates new revisions when there are changes to a Configuration. + + + Crossplane creates and manages ConfigurationRevision. Don't directly edit + ConfigurationRevisions. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PackageRevisionSpec specifies the desired state of a PackageRevision. + properties: + commonLabels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + desiredState: + description: DesiredState of the PackageRevision. Can be either Active + or Inactive. + type: string + ignoreCrossplaneConstraints: + default: false + description: |- + IgnoreCrossplaneConstraints indicates to the package manager whether to + honor Crossplane version constrains specified by the package. + Default is false. + type: boolean + image: + description: Package image used by install Pod to extract package + contents. + type: string + packagePullPolicy: + default: IfNotPresent + description: |- + PackagePullPolicy defines the pull policy for the package. It is also + applied to any images pulled for the package, such as a provider's + controller image. + Default is IfNotPresent. + type: string + packagePullSecrets: + description: |- + PackagePullSecrets are named secrets in the same namespace that can be + used to fetch packages from private registries. They are also applied to + any images pulled for the package, such as a provider's controller image. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + revision: + description: |- + Revision number. Indicates when the revision will be garbage collected + based on the parent's RevisionHistoryLimit. + format: int64 + type: integer + skipDependencyResolution: + default: false + description: |- + SkipDependencyResolution indicates to the package manager whether to skip + resolving dependencies for a package. Setting this value to true may have + unintended consequences. + Default is false. + type: boolean + required: + - desiredState + - image + - revision + type: object + status: + description: PackageRevisionStatus represents the observed state of a + PackageRevision. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + foundDependencies: + description: Dependency information. + format: int64 + type: integer + installedDependencies: + format: int64 + type: integer + invalidDependencies: + format: int64 + type: integer + objectRefs: + description: References to objects owned by PackageRevision. + items: + description: |- + A TypedReference refers to an object by Name, Kind, and APIVersion. It is + commonly used to reference cluster-scoped objects or objects where the + namespace is already known. + properties: + apiVersion: + description: APIVersion of the referenced object. + type: string + kind: + description: Kind of the referenced object. + type: string + name: + description: Name of the referenced object. + type: string + uid: + description: UID of the referenced object. + type: string + required: + - apiVersion + - kind + - name + type: object + type: array + permissionRequests: + description: |- + PermissionRequests made by this package. The package declares that its + controller needs these permissions to run. The RBAC manager is + responsible for granting them. + items: + description: |- + PolicyRule holds information that describes a policy rule, but does not contain information + about who the rule applies to or which namespace the rule applies to. + properties: + apiGroups: + description: |- + APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of + the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. + items: + type: string + type: array + nonResourceURLs: + description: |- + NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path + Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. + Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. + items: + type: string + type: array + resourceNames: + description: ResourceNames is an optional white list of names + that the rule applies to. An empty set means that everything + is allowed. + items: + type: string + type: array + resources: + description: Resources is a list of resources this rule applies + to. '*' represents all resources. + items: + type: string + type: array + verbs: + description: Verbs is a list of Verbs that apply to ALL the + ResourceKinds contained in this rule. '*' represents all verbs. + items: + type: string + type: array + required: + - verbs + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/content/v1.16/api/crds/pkg.crossplane.io_configurations.yaml b/content/v1.16/api/crds/pkg.crossplane.io_configurations.yaml new file mode 100644 index 000000000..42022bdba --- /dev/null +++ b/content/v1.16/api/crds/pkg.crossplane.io_configurations.yaml @@ -0,0 +1,204 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: configurations.pkg.crossplane.io +spec: + group: pkg.crossplane.io + names: + categories: + - crossplane + - pkg + kind: Configuration + listKind: ConfigurationList + plural: configurations + singular: configuration + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Installed')].status + name: INSTALLED + type: string + - jsonPath: .status.conditions[?(@.type=='Healthy')].status + name: HEALTHY + type: string + - jsonPath: .spec.package + name: PACKAGE + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1 + schema: + openAPIV3Schema: + description: |- + A Configuration installs an OCI compatible Crossplane package, extending + Crossplane with support for new kinds of CompositeResourceDefinitions and + Compositions. + + + Read the Crossplane documentation for + [more information about Configuration packages](https://docs.crossplane.io/latest/concepts/packages). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ConfigurationSpec specifies details about a request to install a + configuration to Crossplane. + properties: + commonLabels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + ignoreCrossplaneConstraints: + default: false + description: |- + IgnoreCrossplaneConstraints indicates to the package manager whether to + honor Crossplane version constrains specified by the package. + Default is false. + type: boolean + package: + description: Package is the name of the package that is being requested. + type: string + packagePullPolicy: + default: IfNotPresent + description: |- + PackagePullPolicy defines the pull policy for the package. + Default is IfNotPresent. + type: string + packagePullSecrets: + description: |- + PackagePullSecrets are named secrets in the same namespace that can be used + to fetch packages from private registries. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + revisionActivationPolicy: + default: Automatic + description: |- + RevisionActivationPolicy specifies how the package controller should + update from one revision to the next. Options are Automatic or Manual. + Default is Automatic. + type: string + revisionHistoryLimit: + default: 1 + description: |- + RevisionHistoryLimit dictates how the package controller cleans up old + inactive package revisions. + Defaults to 1. Can be disabled by explicitly setting to 0. + format: int64 + type: integer + skipDependencyResolution: + default: false + description: |- + SkipDependencyResolution indicates to the package manager whether to skip + resolving dependencies for a package. Setting this value to true may have + unintended consequences. + Default is false. + type: boolean + required: + - package + type: object + status: + description: ConfigurationStatus represents the observed state of a Configuration. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentIdentifier: + description: |- + CurrentIdentifier is the most recent package source that was used to + produce a revision. The package manager uses this field to determine + whether to check for package updates for a given source when + packagePullPolicy is set to IfNotPresent. Manually removing this field + will cause the package manager to check that the current revision is + correct for the given package source. + type: string + currentRevision: + description: |- + CurrentRevision is the name of the current package revision. It will + reflect the most up to date revision, whether it has been activated or + not. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/content/v1.16/api/crds/pkg.crossplane.io_controllerconfigs.yaml b/content/v1.16/api/crds/pkg.crossplane.io_controllerconfigs.yaml new file mode 100644 index 000000000..3cee9ece8 --- /dev/null +++ b/content/v1.16/api/crds/pkg.crossplane.io_controllerconfigs.yaml @@ -0,0 +1,3466 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: controllerconfigs.pkg.crossplane.io +spec: + group: pkg.crossplane.io + names: + kind: ControllerConfig + listKind: ControllerConfigList + plural: controllerconfigs + singular: controllerconfig + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + deprecated: true + deprecationWarning: ControllerConfig.pkg.crossplane.io/v1alpha1 is deprecated. + Use DeploymentRuntimeConfig from pkg.crossplane.io/v1beta1 instead. + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + A ControllerConfig applies settings to controllers like Provider pods. + Deprecated: Use the + [DeploymentRuntimeConfig](https://docs.crossplane.io/latest/concepts/providers#runtime-configuration) + instead. + + + Read the + [Package Runtime Configuration](https://github.com/crossplane/crossplane/blob/11bbe13ea3604928cc4e24e8d0d18f3f5f7e847c/design/one-pager-package-runtime-config.md) + design document for more details. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ControllerConfigSpec specifies the configuration for a packaged controller. + Values provided will override package manager defaults. Labels and + annotations are passed to both the controller Deployment and ServiceAccount. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + args: + description: |- + Arguments to the entrypoint. + The docker image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. + Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Docker image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. For example, + in the case of docker, only DockerConfig type secrets are honored. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + Setting ImagePullSecrets will replace any secrets that have been + propagated to a controller Deployment, typically via packagePullSecrets. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + metadata: + description: Metadata that will be added to the provider Pod. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http:https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and + categorize (scope and select) objects. This will only affect + labels on the pod, not the pod selector. Labels will be merged + with internal labels used by crossplane, and labels with a + crossplane.io key might be overwritten. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + type: object + nodeName: + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + podSecurityContext: + description: |- + PodSecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + ports: + description: List of container ports to expose on the container + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + replicas: + description: |- + Number of desired pods. This is a pointer to distinguish between explicit + zero and not specified. Defaults to 1. + Note: If more than 1 replica is set and leader election is not enabled then + controllers could conflict. Environment variable "LEADER_ELECTION" can be + used to enable leader election process. + format: int32 + type: integer + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/585-runtime-class/README.md + This is a beta feature as of Kubernetes v1.14. + type: string + securityContext: + description: |- + SecurityContext holds container-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + If specified, a ServiceAccount named this ServiceAccountName will be used for + the spec.serviceAccountName field in Pods to be created and for the subjects.name field + in a ClusterRoleBinding to be created. + If there is no ServiceAccount named this ServiceAccountName, a new ServiceAccount + will be created. + If there is a pre-existing ServiceAccount named this ServiceAccountName, the ServiceAccount + will be used. The annotations in the ControllerConfig will be copied to the ServiceAccount + and pre-existing annotations will be kept. + Regardless of whether there is a ServiceAccount created by Crossplane or is in place already, + the ServiceAccount will be deleted once the Provider and ControllerConfig are deleted. + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + volumeMounts: + description: |- + List of VolumeMounts to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/content/v1.16/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml b/content/v1.16/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml new file mode 100644 index 000000000..7b80a697f --- /dev/null +++ b/content/v1.16/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml @@ -0,0 +1,7993 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: deploymentruntimeconfigs.pkg.crossplane.io +spec: + group: pkg.crossplane.io + names: + categories: + - crossplane + kind: DeploymentRuntimeConfig + listKind: DeploymentRuntimeConfigList + plural: deploymentruntimeconfigs + singular: deploymentruntimeconfig + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + The DeploymentRuntimeConfig provides settings for the Kubernetes Deployment + of a Provider or composition function package. + + + Read the Crossplane documentation for + [more information about DeploymentRuntimeConfigs](https://docs.crossplane.io/latest/concepts/providers/#runtime-configuration). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + DeploymentRuntimeConfigSpec specifies the configuration for a packaged controller. + Values provided will override package manager defaults. Labels and + annotations are passed to both the controller Deployment and ServiceAccount. + properties: + deploymentTemplate: + description: DeploymentTemplate is the template for the Deployment + object. + properties: + metadata: + description: Metadata contains the configurable metadata fields + for the Deployment. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying objects. + More info: http:https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. Labels will be merged with internal labels + used by crossplane, and labels with a crossplane.io key might be + overwritten. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + name: + description: Name is the name of the object. + type: string + type: object + spec: + description: Spec contains the configurable spec fields for the + Deployment object. + properties: + minReadySeconds: + description: |- + Minimum number of seconds for which a newly created pod should be ready + without any of its container crashing, for it to be considered available. + Defaults to 0 (pod will be considered available as soon as it is ready) + format: int32 + type: integer + paused: + description: Indicates that the deployment is paused. + type: boolean + progressDeadlineSeconds: + description: |- + The maximum time in seconds for a deployment to make progress before it + is considered to be failed. The deployment controller will continue to + process failed deployments and a condition with a ProgressDeadlineExceeded + reason will be surfaced in the deployment status. Note that progress will + not be estimated during the time a deployment is paused. Defaults to 600s. + format: int32 + type: integer + replicas: + description: |- + Number of desired pods. This is a pointer to distinguish between explicit + zero and not specified. Defaults to 1. + format: int32 + type: integer + revisionHistoryLimit: + description: |- + The number of old ReplicaSets to retain to allow rollback. + This is a pointer to distinguish between explicit zero and not specified. + Defaults to 10. + format: int32 + type: integer + selector: + description: |- + Label selector for pods. Existing ReplicaSets whose pods are + selected by this will be the ones affected by this deployment. + It must match the pod template's labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + strategy: + description: The deployment strategy to use to replace existing + pods with new ones. + properties: + rollingUpdate: + description: |- + Rolling update config params. Present only if DeploymentStrategyType = + RollingUpdate. + --- + TODO: Update this to follow our convention for oneOf, whatever we decide it + to be. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be scheduled above the desired number of + pods. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up. + Defaults to 25%. + Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when + the rolling update starts, such that the total number of old and new pods do not exceed + 130% of desired pods. Once old pods have been killed, + new ReplicaSet can be scaled up further, ensuring that total number of pods running + at any time during the update is at most 130% of desired pods. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Absolute number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. + Defaults to 25%. + Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods + immediately when the rolling update starts. Once new pods are ready, old ReplicaSet + can be scaled down further, followed by scaling up the new ReplicaSet, ensuring + that the total number of pods available at all times during the update is at + least 70% of desired pods. + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Can be "Recreate" or + "RollingUpdate". Default is RollingUpdate. + type: string + type: object + template: + description: |- + Template describes the pods that will be created. + The only allowed template.spec.restartPolicy value is "Always". + properties: + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + activeDeadlineSeconds: + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + items: + description: A single application container that + you want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if + value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the + source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to + prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC + service. Number must be in the range + 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the + external port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC + service. Number must be in the range + 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the + container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level + label that applies to the container. + type: string + role: + description: Role is a SELinux role + label that applies to the container. + type: string + type: + description: Type is a SELinux type + label that applies to the container. + type: string + user: + description: User is a SELinux user + label that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName + is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC + service. Number must be in the range + 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name + of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name + of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS + resolver options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + ephemeralContainers: + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + + + To add an ephemeral container, use the ephemeralcontainers subresource of an existing + Pod. Ephemeral containers may not be removed or restarted. + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if + value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the + source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to + prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC + service. Number must be in the range + 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the + external port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC + service. Number must be in the range + 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the + container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. + type: string + securityContext: + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level + label that applies to the container. + type: string + role: + description: Role is a SELinux role + label that applies to the container. + type: string + type: + description: Type is a SELinux type + label that applies to the container. + type: string + user: + description: User is a SELinux user + label that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName + is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC + service. Number must be in the range + 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + targetContainerName: + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + + The container runtime must implement support for this feature. If the runtime does not + support namespace targeting then the result of setting this field is undefined. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name + of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name + of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork pods. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: |- + Use the host's ipc namespace. + Optional: Default to false. + type: boolean + hostNetwork: + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: |- + Use the host's pid namespace. + Optional: Default to false. + type: boolean + hostUsers: + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. Setting false is useful for + mitigating container breakout vulnerabilities even allowing users to run their + containers as root without actually having root privileges on the host. + This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. + type: boolean + hostname: + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. + The resourceRequirements of an init container are taken into account during scheduling + by finding the highest request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are applied to init containers + in a similar fashion. + Init containers cannot currently be added or removed. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + items: + description: A single application container that + you want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if + value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the + source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to + prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC + service. Number must be in the range + 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the + external port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC + service. Number must be in the range + 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the + container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level + label that applies to the container. + type: string + role: + description: Role is a SELinux role + label that applies to the container. + type: string + type: + description: Type is a SELinux type + label that applies to the container. + type: string + user: + description: User is a SELinux user + label that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName + is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC + service. Number must be in the range + 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name + of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name + of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + nodeName: + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + os: + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile + - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy + - spec.securityContext.sysctls + - spec.shareProcessNamespace + - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup + - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities + - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged + - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount + - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup + properties: + name: + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value + defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. + More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md + type: object + preemptionPolicy: + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching + type. + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim through a ClaimSource. + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find + the ResourceClaim. + properties: + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. The pod name and resource name, along with a + generated component, will be used to form a unique name for the + ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. + + + This field is immutable and no changes will be made to the + corresponding ResourceClaim by the control plane after creating the + ResourceClaim. + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class + type: string + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + + + This is a beta feature enabled by the PodSchedulingReadiness feature gate. + items: + description: PodSchedulingGate is associated to + a Pod to guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccount: + description: |- + DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. + type: string + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + setHostnameAsFQDN: + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. + If a pod does not have FQDN, this has no effect. + Default to false. + type: boolean + shareProcessNamespace: + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. + type: boolean + subdomain: + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + Defaults to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies + how to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in + a pod that may be accessed by any container in + the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the + data disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data + disk in the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of + secret that contains Azure Storage Account + Name and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as + the mounted root, rather than the full + Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward + API about the pod that should populate this + volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward + API volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a + field of the pod: only annotations, + labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label + query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target + lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC + target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this + field holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This + depends on the Flocker control service being + running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of + the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash + for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target + Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents + a PhotonController persistent disk attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one + resources secrets, configmaps, and downward + API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume + projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the + bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information + about the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the + key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify + whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to + create the file containing + the pod field + properties: + fieldRef: + description: 'Required: + Selects a field of the + pod: only annotations, + labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version + of the schema the + FieldPath is written + in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of + the field to select + in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: + Path is the relative + path name of the file + to be created. Must not + be absolute or contain + the ''..'' path. Must + be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for + volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format + of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the + key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes + nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address + of the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO + Storage Pool associated with the protection + domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes + nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: volumePath is the path that + identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + required: + - selector + - template + type: object + type: object + serviceAccountTemplate: + description: ServiceAccountTemplate is the template for the ServiceAccount + object. + properties: + metadata: + description: Metadata contains the configurable metadata fields + for the ServiceAccount. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying objects. + More info: http:https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. Labels will be merged with internal labels + used by crossplane, and labels with a crossplane.io key might be + overwritten. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + name: + description: Name is the name of the object. + type: string + type: object + type: object + serviceTemplate: + description: ServiceTemplate is the template for the Service object. + properties: + metadata: + description: Metadata contains the configurable metadata fields + for the Service. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying objects. + More info: http:https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. Labels will be merged with internal labels + used by crossplane, and labels with a crossplane.io key might be + overwritten. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + name: + description: Name is the name of the object. + type: string + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/content/v1.16/api/crds/pkg.crossplane.io_functionrevisions.yaml b/content/v1.16/api/crds/pkg.crossplane.io_functionrevisions.yaml new file mode 100644 index 000000000..7fb151816 --- /dev/null +++ b/content/v1.16/api/crds/pkg.crossplane.io_functionrevisions.yaml @@ -0,0 +1,329 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: functionrevisions.pkg.crossplane.io +spec: + group: pkg.crossplane.io + names: + categories: + - crossplane + - pkgrev + kind: FunctionRevision + listKind: FunctionRevisionList + plural: functionrevisions + singular: functionrevision + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Healthy')].status + name: HEALTHY + type: string + - jsonPath: .spec.revision + name: REVISION + type: string + - jsonPath: .spec.image + name: IMAGE + type: string + - jsonPath: .spec.desiredState + name: STATE + type: string + - jsonPath: .status.foundDependencies + name: DEP-FOUND + type: string + - jsonPath: .status.installedDependencies + name: DEP-INSTALLED + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + A FunctionRevision represents a revision of a Function. Crossplane + creates new revisions when there are changes to the Function. + + + Crossplane creates and manages FunctionRevisions. Don't directly edit + FunctionRevisions. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FunctionRevisionSpec specifies configuration for a FunctionRevision. + properties: + commonLabels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + controllerConfigRef: + description: |- + ControllerConfigRef references a ControllerConfig resource that will be + used to configure the packaged controller Deployment. + Deprecated: Use RuntimeConfigReference instead. + properties: + name: + description: Name of the ControllerConfig. + type: string + required: + - name + type: object + desiredState: + description: DesiredState of the PackageRevision. Can be either Active + or Inactive. + type: string + ignoreCrossplaneConstraints: + default: false + description: |- + IgnoreCrossplaneConstraints indicates to the package manager whether to + honor Crossplane version constrains specified by the package. + Default is false. + type: boolean + image: + description: Package image used by install Pod to extract package + contents. + type: string + packagePullPolicy: + default: IfNotPresent + description: |- + PackagePullPolicy defines the pull policy for the package. It is also + applied to any images pulled for the package, such as a provider's + controller image. + Default is IfNotPresent. + type: string + packagePullSecrets: + description: |- + PackagePullSecrets are named secrets in the same namespace that can be + used to fetch packages from private registries. They are also applied to + any images pulled for the package, such as a provider's controller image. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + revision: + description: |- + Revision number. Indicates when the revision will be garbage collected + based on the parent's RevisionHistoryLimit. + format: int64 + type: integer + runtimeConfigRef: + default: + name: default + description: |- + RuntimeConfigRef references a RuntimeConfig resource that will be used + to configure the package runtime. + properties: + apiVersion: + default: pkg.crossplane.io/v1beta1 + description: API version of the referent. + type: string + kind: + default: DeploymentRuntimeConfig + description: Kind of the referent. + type: string + name: + description: Name of the RuntimeConfig. + type: string + required: + - name + type: object + skipDependencyResolution: + default: false + description: |- + SkipDependencyResolution indicates to the package manager whether to skip + resolving dependencies for a package. Setting this value to true may have + unintended consequences. + Default is false. + type: boolean + tlsClientSecretName: + description: |- + TLSClientSecretName is the name of the TLS Secret that stores client + certificates of the Provider. + type: string + tlsServerSecretName: + description: |- + TLSServerSecretName is the name of the TLS Secret that stores server + certificates of the Provider. + type: string + required: + - desiredState + - image + - revision + type: object + status: + description: FunctionRevisionStatus represents the observed state of a + FunctionRevision. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + endpoint: + description: |- + Endpoint is the gRPC endpoint where Crossplane will send + RunFunctionRequests. + type: string + foundDependencies: + description: Dependency information. + format: int64 + type: integer + installedDependencies: + format: int64 + type: integer + invalidDependencies: + format: int64 + type: integer + objectRefs: + description: References to objects owned by PackageRevision. + items: + description: |- + A TypedReference refers to an object by Name, Kind, and APIVersion. It is + commonly used to reference cluster-scoped objects or objects where the + namespace is already known. + properties: + apiVersion: + description: APIVersion of the referenced object. + type: string + kind: + description: Kind of the referenced object. + type: string + name: + description: Name of the referenced object. + type: string + uid: + description: UID of the referenced object. + type: string + required: + - apiVersion + - kind + - name + type: object + type: array + permissionRequests: + description: |- + PermissionRequests made by this package. The package declares that its + controller needs these permissions to run. The RBAC manager is + responsible for granting them. + items: + description: |- + PolicyRule holds information that describes a policy rule, but does not contain information + about who the rule applies to or which namespace the rule applies to. + properties: + apiGroups: + description: |- + APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of + the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. + items: + type: string + type: array + nonResourceURLs: + description: |- + NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path + Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. + Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. + items: + type: string + type: array + resourceNames: + description: ResourceNames is an optional white list of names + that the rule applies to. An empty set means that everything + is allowed. + items: + type: string + type: array + resources: + description: Resources is a list of resources this rule applies + to. '*' represents all resources. + items: + type: string + type: array + verbs: + description: Verbs is a list of Verbs that apply to ALL the + ResourceKinds contained in this rule. '*' represents all verbs. + items: + type: string + type: array + required: + - verbs + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/content/v1.16/api/crds/pkg.crossplane.io_functions.yaml b/content/v1.16/api/crds/pkg.crossplane.io_functions.yaml new file mode 100644 index 000000000..7e5342cc6 --- /dev/null +++ b/content/v1.16/api/crds/pkg.crossplane.io_functions.yaml @@ -0,0 +1,234 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: functions.pkg.crossplane.io +spec: + group: pkg.crossplane.io + names: + categories: + - crossplane + - pkg + kind: Function + listKind: FunctionList + plural: functions + singular: function + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Installed')].status + name: INSTALLED + type: string + - jsonPath: .status.conditions[?(@.type=='Healthy')].status + name: HEALTHY + type: string + - jsonPath: .spec.package + name: PACKAGE + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + A Function installs an OCI compatible Crossplane package, extending + Crossplane with support for a new kind of composition function. + + + Read the Crossplane documentation for + [more information about Functions](https://docs.crossplane.io/latest/concepts/composition-functions). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FunctionSpec specifies the configuration of a Function. + properties: + commonLabels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + controllerConfigRef: + description: |- + ControllerConfigRef references a ControllerConfig resource that will be + used to configure the packaged controller Deployment. + Deprecated: Use RuntimeConfigReference instead. + properties: + name: + description: Name of the ControllerConfig. + type: string + required: + - name + type: object + ignoreCrossplaneConstraints: + default: false + description: |- + IgnoreCrossplaneConstraints indicates to the package manager whether to + honor Crossplane version constrains specified by the package. + Default is false. + type: boolean + package: + description: Package is the name of the package that is being requested. + type: string + packagePullPolicy: + default: IfNotPresent + description: |- + PackagePullPolicy defines the pull policy for the package. + Default is IfNotPresent. + type: string + packagePullSecrets: + description: |- + PackagePullSecrets are named secrets in the same namespace that can be used + to fetch packages from private registries. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + revisionActivationPolicy: + default: Automatic + description: |- + RevisionActivationPolicy specifies how the package controller should + update from one revision to the next. Options are Automatic or Manual. + Default is Automatic. + type: string + revisionHistoryLimit: + default: 1 + description: |- + RevisionHistoryLimit dictates how the package controller cleans up old + inactive package revisions. + Defaults to 1. Can be disabled by explicitly setting to 0. + format: int64 + type: integer + runtimeConfigRef: + default: + name: default + description: |- + RuntimeConfigRef references a RuntimeConfig resource that will be used + to configure the package runtime. + properties: + apiVersion: + default: pkg.crossplane.io/v1beta1 + description: API version of the referent. + type: string + kind: + default: DeploymentRuntimeConfig + description: Kind of the referent. + type: string + name: + description: Name of the RuntimeConfig. + type: string + required: + - name + type: object + skipDependencyResolution: + default: false + description: |- + SkipDependencyResolution indicates to the package manager whether to skip + resolving dependencies for a package. Setting this value to true may have + unintended consequences. + Default is false. + type: boolean + required: + - package + type: object + status: + description: FunctionStatus represents the observed state of a Function. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentIdentifier: + description: |- + CurrentIdentifier is the most recent package source that was used to + produce a revision. The package manager uses this field to determine + whether to check for package updates for a given source when + packagePullPolicy is set to IfNotPresent. Manually removing this field + will cause the package manager to check that the current revision is + correct for the given package source. + type: string + currentRevision: + description: |- + CurrentRevision is the name of the current package revision. It will + reflect the most up to date revision, whether it has been activated or + not. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/content/v1.16/api/crds/pkg.crossplane.io_locks.yaml b/content/v1.16/api/crds/pkg.crossplane.io_locks.yaml new file mode 100644 index 000000000..4daff56a3 --- /dev/null +++ b/content/v1.16/api/crds/pkg.crossplane.io_locks.yaml @@ -0,0 +1,99 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: locks.pkg.crossplane.io +spec: + group: pkg.crossplane.io + names: + kind: Lock + listKind: LockList + plural: locks + singular: lock + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Lock is the CRD type that tracks package dependencies. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + packages: + items: + description: LockPackage is a package that is in the lock. + properties: + dependencies: + description: |- + Dependencies are the list of dependencies of this package. The order of + the dependencies will dictate the order in which they are resolved. + items: + description: A Dependency is a dependency of a package in the + lock. + properties: + constraints: + description: |- + Constraints is a valid semver range, which will be used to select a valid + dependency version. + type: string + package: + description: Package is the OCI image name without a tag or + digest. + type: string + type: + description: Type is the type of package. Can be either Configuration + or Provider. + type: string + required: + - constraints + - package + - type + type: object + type: array + name: + description: Name corresponds to the name of the package revision + for this package. + type: string + source: + description: Source is the OCI image name without a tag or digest. + type: string + type: + description: Type is the type of package. Can be either Configuration + or Provider. + type: string + version: + description: Version is the tag or digest of the OCI image. + type: string + required: + - dependencies + - name + - source + - type + - version + type: object + type: array + type: object + served: true + storage: true + subresources: + status: {} diff --git a/content/v1.16/api/crds/pkg.crossplane.io_providerrevisions.yaml b/content/v1.16/api/crds/pkg.crossplane.io_providerrevisions.yaml new file mode 100644 index 000000000..961bfc454 --- /dev/null +++ b/content/v1.16/api/crds/pkg.crossplane.io_providerrevisions.yaml @@ -0,0 +1,324 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: providerrevisions.pkg.crossplane.io +spec: + group: pkg.crossplane.io + names: + categories: + - crossplane + - pkgrev + kind: ProviderRevision + listKind: ProviderRevisionList + plural: providerrevisions + singular: providerrevision + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Healthy')].status + name: HEALTHY + type: string + - jsonPath: .spec.revision + name: REVISION + type: string + - jsonPath: .spec.image + name: IMAGE + type: string + - jsonPath: .spec.desiredState + name: STATE + type: string + - jsonPath: .status.foundDependencies + name: DEP-FOUND + type: string + - jsonPath: .status.installedDependencies + name: DEP-INSTALLED + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1 + schema: + openAPIV3Schema: + description: |- + A ProviderRevision represents a revision of a Provider. Crossplane + creates new revisions when there are changes to a Provider. + + + Crossplane creates and manages ProviderRevisions. Don't directly edit + ProviderRevisions. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ProviderRevisionSpec specifies configuration for a ProviderRevision. + properties: + commonLabels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + controllerConfigRef: + description: |- + ControllerConfigRef references a ControllerConfig resource that will be + used to configure the packaged controller Deployment. + Deprecated: Use RuntimeConfigReference instead. + properties: + name: + description: Name of the ControllerConfig. + type: string + required: + - name + type: object + desiredState: + description: DesiredState of the PackageRevision. Can be either Active + or Inactive. + type: string + ignoreCrossplaneConstraints: + default: false + description: |- + IgnoreCrossplaneConstraints indicates to the package manager whether to + honor Crossplane version constrains specified by the package. + Default is false. + type: boolean + image: + description: Package image used by install Pod to extract package + contents. + type: string + packagePullPolicy: + default: IfNotPresent + description: |- + PackagePullPolicy defines the pull policy for the package. It is also + applied to any images pulled for the package, such as a provider's + controller image. + Default is IfNotPresent. + type: string + packagePullSecrets: + description: |- + PackagePullSecrets are named secrets in the same namespace that can be + used to fetch packages from private registries. They are also applied to + any images pulled for the package, such as a provider's controller image. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + revision: + description: |- + Revision number. Indicates when the revision will be garbage collected + based on the parent's RevisionHistoryLimit. + format: int64 + type: integer + runtimeConfigRef: + default: + name: default + description: |- + RuntimeConfigRef references a RuntimeConfig resource that will be used + to configure the package runtime. + properties: + apiVersion: + default: pkg.crossplane.io/v1beta1 + description: API version of the referent. + type: string + kind: + default: DeploymentRuntimeConfig + description: Kind of the referent. + type: string + name: + description: Name of the RuntimeConfig. + type: string + required: + - name + type: object + skipDependencyResolution: + default: false + description: |- + SkipDependencyResolution indicates to the package manager whether to skip + resolving dependencies for a package. Setting this value to true may have + unintended consequences. + Default is false. + type: boolean + tlsClientSecretName: + description: |- + TLSClientSecretName is the name of the TLS Secret that stores client + certificates of the Provider. + type: string + tlsServerSecretName: + description: |- + TLSServerSecretName is the name of the TLS Secret that stores server + certificates of the Provider. + type: string + required: + - desiredState + - image + - revision + type: object + status: + description: PackageRevisionStatus represents the observed state of a + PackageRevision. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + foundDependencies: + description: Dependency information. + format: int64 + type: integer + installedDependencies: + format: int64 + type: integer + invalidDependencies: + format: int64 + type: integer + objectRefs: + description: References to objects owned by PackageRevision. + items: + description: |- + A TypedReference refers to an object by Name, Kind, and APIVersion. It is + commonly used to reference cluster-scoped objects or objects where the + namespace is already known. + properties: + apiVersion: + description: APIVersion of the referenced object. + type: string + kind: + description: Kind of the referenced object. + type: string + name: + description: Name of the referenced object. + type: string + uid: + description: UID of the referenced object. + type: string + required: + - apiVersion + - kind + - name + type: object + type: array + permissionRequests: + description: |- + PermissionRequests made by this package. The package declares that its + controller needs these permissions to run. The RBAC manager is + responsible for granting them. + items: + description: |- + PolicyRule holds information that describes a policy rule, but does not contain information + about who the rule applies to or which namespace the rule applies to. + properties: + apiGroups: + description: |- + APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of + the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. + items: + type: string + type: array + nonResourceURLs: + description: |- + NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path + Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. + Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. + items: + type: string + type: array + resourceNames: + description: ResourceNames is an optional white list of names + that the rule applies to. An empty set means that everything + is allowed. + items: + type: string + type: array + resources: + description: Resources is a list of resources this rule applies + to. '*' represents all resources. + items: + type: string + type: array + verbs: + description: Verbs is a list of Verbs that apply to ALL the + ResourceKinds contained in this rule. '*' represents all verbs. + items: + type: string + type: array + required: + - verbs + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/content/v1.16/api/crds/pkg.crossplane.io_providers.yaml b/content/v1.16/api/crds/pkg.crossplane.io_providers.yaml new file mode 100644 index 000000000..717433f4f --- /dev/null +++ b/content/v1.16/api/crds/pkg.crossplane.io_providers.yaml @@ -0,0 +1,236 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: providers.pkg.crossplane.io +spec: + group: pkg.crossplane.io + names: + categories: + - crossplane + - pkg + kind: Provider + listKind: ProviderList + plural: providers + singular: provider + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Installed')].status + name: INSTALLED + type: string + - jsonPath: .status.conditions[?(@.type=='Healthy')].status + name: HEALTHY + type: string + - jsonPath: .spec.package + name: PACKAGE + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1 + schema: + openAPIV3Schema: + description: |- + A Provider installs an OCI compatible Crossplane package, extending + Crossplane with support for new kinds of managed resources. + + + Read the Crossplane documentation for + [more information about Providers](https://docs.crossplane.io/latest/concepts/providers). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ProviderSpec specifies details about a request to install a provider to + Crossplane. + properties: + commonLabels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + controllerConfigRef: + description: |- + ControllerConfigRef references a ControllerConfig resource that will be + used to configure the packaged controller Deployment. + Deprecated: Use RuntimeConfigReference instead. + properties: + name: + description: Name of the ControllerConfig. + type: string + required: + - name + type: object + ignoreCrossplaneConstraints: + default: false + description: |- + IgnoreCrossplaneConstraints indicates to the package manager whether to + honor Crossplane version constrains specified by the package. + Default is false. + type: boolean + package: + description: Package is the name of the package that is being requested. + type: string + packagePullPolicy: + default: IfNotPresent + description: |- + PackagePullPolicy defines the pull policy for the package. + Default is IfNotPresent. + type: string + packagePullSecrets: + description: |- + PackagePullSecrets are named secrets in the same namespace that can be used + to fetch packages from private registries. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + revisionActivationPolicy: + default: Automatic + description: |- + RevisionActivationPolicy specifies how the package controller should + update from one revision to the next. Options are Automatic or Manual. + Default is Automatic. + type: string + revisionHistoryLimit: + default: 1 + description: |- + RevisionHistoryLimit dictates how the package controller cleans up old + inactive package revisions. + Defaults to 1. Can be disabled by explicitly setting to 0. + format: int64 + type: integer + runtimeConfigRef: + default: + name: default + description: |- + RuntimeConfigRef references a RuntimeConfig resource that will be used + to configure the package runtime. + properties: + apiVersion: + default: pkg.crossplane.io/v1beta1 + description: API version of the referent. + type: string + kind: + default: DeploymentRuntimeConfig + description: Kind of the referent. + type: string + name: + description: Name of the RuntimeConfig. + type: string + required: + - name + type: object + skipDependencyResolution: + default: false + description: |- + SkipDependencyResolution indicates to the package manager whether to skip + resolving dependencies for a package. Setting this value to true may have + unintended consequences. + Default is false. + type: boolean + required: + - package + type: object + status: + description: ProviderStatus represents the observed state of a Provider. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentIdentifier: + description: |- + CurrentIdentifier is the most recent package source that was used to + produce a revision. The package manager uses this field to determine + whether to check for package updates for a given source when + packagePullPolicy is set to IfNotPresent. Manually removing this field + will cause the package manager to check that the current revision is + correct for the given package source. + type: string + currentRevision: + description: |- + CurrentRevision is the name of the current package revision. It will + reflect the most up to date revision, whether it has been activated or + not. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/content/v1.16/api/crds/secrets.crossplane.io_storeconfigs.yaml b/content/v1.16/api/crds/secrets.crossplane.io_storeconfigs.yaml new file mode 100644 index 000000000..989d5fcb4 --- /dev/null +++ b/content/v1.16/api/crds/secrets.crossplane.io_storeconfigs.yaml @@ -0,0 +1,171 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: storeconfigs.secrets.crossplane.io +spec: + group: secrets.crossplane.io + names: + categories: + - crossplane + - store + kind: StoreConfig + listKind: StoreConfigList + plural: storeconfigs + singular: storeconfig + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .spec.type + name: TYPE + type: string + - jsonPath: .spec.defaultScope + name: DEFAULT-SCOPE + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + A StoreConfig configures how Crossplane controllers should store connection + details in an external secret store. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: A StoreConfigSpec defines the desired state of a StoreConfig. + properties: + defaultScope: + description: |- + DefaultScope used for scoping secrets for "cluster-scoped" resources. + If store type is "Kubernetes", this would mean the default namespace to + store connection secrets for cluster scoped resources. + In case of "Vault", this would be used as the default parent path. + Typically, should be set as Crossplane installation namespace. + type: string + kubernetes: + description: |- + Kubernetes configures a Kubernetes secret store. + If the "type" is "Kubernetes" but no config provided, in cluster config + will be used. + properties: + auth: + description: Credentials used to connect to the Kubernetes API. + properties: + env: + description: |- + Env is a reference to an environment variable that contains credentials + that must be used to connect to the provider. + properties: + name: + description: Name is the name of an environment variable. + type: string + required: + - name + type: object + fs: + description: |- + Fs is a reference to a filesystem location that contains credentials that + must be used to connect to the provider. + properties: + path: + description: Path is a filesystem path. + type: string + required: + - path + type: object + secretRef: + description: |- + A SecretRef is a reference to a secret key that contains the credentials + that must be used to connect to the provider. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + source: + description: Source of the credentials. + enum: + - None + - Secret + - Environment + - Filesystem + type: string + required: + - source + type: object + required: + - auth + type: object + plugin: + description: Plugin configures External secret store as a plugin. + properties: + configRef: + description: ConfigRef contains store config reference info. + properties: + apiVersion: + description: APIVersion of the referenced config. + type: string + kind: + description: Kind of the referenced config. + type: string + name: + description: Name of the referenced config. + type: string + required: + - apiVersion + - kind + - name + type: object + endpoint: + description: Endpoint is the endpoint of the gRPC server. + type: string + type: object + type: + default: Kubernetes + description: |- + Type configures which secret store to be used. Only the configuration + block for this store will be used and others will be ignored if provided. + Default is Kubernetes. + enum: + - Kubernetes + - Vault + - Plugin + type: string + required: + - defaultScope + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} diff --git a/content/v1.16/cli/_index.md b/content/v1.16/cli/_index.md new file mode 100644 index 000000000..35d0e2b10 --- /dev/null +++ b/content/v1.16/cli/_index.md @@ -0,0 +1,64 @@ +--- +weight: 200 +title: CLI Reference +description: "Documentation for the Crossplane command-line interface" +--- + +The Crossplane CLI helps simplify some development and administration aspects of +Crossplane. + +The Crossplane CLI includes: +* tools to build, install, update and push Crossplane Packages +* standalone Composition Function testing and rendering without the need to access a Kubernetes cluster running Crossplane +* troubleshoot Crossplane Compositions, Composite Resources and Managed Resources + +## Installing the CLI + +The Crossplane CLI is a single standalone binary with no external dependencies. + +{{}} +Install the Crossplane CLI on a user's computer. + +Most Crossplane CLI commands are independent of Kubernetes and +don't require access to a Crossplane pod. +{{< /hint >}} + +To download the latest version for your CPU architecture with the Crossplane +install script. + +```shell +curl -sL "https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh" | sh +``` + +[The script](https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh) +detects your CPU architecture and downloads the latest stable release. + +{{}} + +If you don't want to run shell script you can manually download a binary from +the Crossplane releases repository at +https://releases.crossplane.io/stable/current/bin + +{{}} + +The CLI is named `crank` in the release repository. Download this file. + + +The `crossplane` binary is the Kubernetes Crossplane pod image. +{{< /hint >}} + +Move the binary to a location in your `$PATH`, for example `/usr/local/bin`. +{{< /expand >}} + +### Download other CLI versions + +Download different Crossplane CLI versions or different release branches with +the `XP_CHANNEL` and `XP_VERSION` environmental variables. + +By default the CLI installs from the `XP_CHANNEL` named `stable` and the +`XP_VERSION` of `current`, matching the most recent stable release. + +For example, to install CLI version `v1.14.0` add `XP_VERSION=v1.14.0` to the +download script curl command: + +`curl -sL "https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh" | XP_VERSION=v1.14.0 sh` \ No newline at end of file diff --git a/content/v1.16/cli/command-reference.md b/content/v1.16/cli/command-reference.md new file mode 100644 index 000000000..7979651f6 --- /dev/null +++ b/content/v1.16/cli/command-reference.md @@ -0,0 +1,1089 @@ +--- +weight: 50 +title: Command Reference +description: "Command reference for the Crossplane CLI" +--- + + + +The `crossplane` CLI provides utilities to make using Crossplane easier. + +Read the [Crossplane CLI overview]({{}}) page for information on +installing `crossplane`. + +## Global flags +The following flags are available for all commands. + +{{< table "table table-sm table-striped">}} +| Short flag | Long flag | Description | +|------------|-------------|------------------------------| +| `-h` | `--help` | Show context sensitive help. | +| `-v` | `--version` | Print version and exit. | +| | `--verbose` | Print verbose output. | +{{< /table >}} + +## xpkg + +The `crossplane xpkg` commands create, install and update Crossplane +[packages]({{}}) as well as enable authentication +and publishing of Crossplane packages to a Crossplane package registry. + +### xpkg build + +Using `crossplane xpkg build` provides automation and simplification to build +Crossplane packages. + +The Crossplane CLI combines a directory of YAML files and packages them as +an [OCI container image](https://opencontainers.org/). + +The CLI applies the required annotations and values to meet the +[Crossplane XPKG specification](https://github.com/crossplane/crossplane/blob/master/contributing/specifications/xpkg.md). + +The `crossplane` CLI supports building +[configuration]({{< ref "../concepts/packages" >}}), +[function]({{}}) and +[provider]({{}}) package types. + + +#### Flags +{{< table "table table-sm table-striped">}} +| Short flag | Long flag | Description | +| ------------ | ------------- | ------------------------------ | +| | `--embed-runtime-image-name=NAME` | The image name and tag of an image to include in the package. Only for provider and function packages. | +| | `--embed-runtime-image-tarball=PATH` | The filename of an image to include in the package. Only for provider and function packages. | +| `-e` | `--examples-root="./examples"` | The path to a directory of examples related to the package. | +| | `--ignore=PATH,...` | List of files and directories to ignore. | +| `-o` | `--package-file=PATH` | Directory and filename of the created package. | +| `-f` | `--package-root="."` | Directory to search for YAML files. | +{{< /table >}} + +The `crossplane xpkg build` command recursively looks in the directory set by +`--package-root` and attempts to combine any files ending in `.yml` or `.yaml` +into a package. + +All YAML files must be valid Kubernetes manifests with `apiVersion`, `kind`, +`metadata` and `spec` fields. + +#### Ignore files + +Use `--ignore` to provide a list of files and directories to ignore. + +For example, +`crossplane xpkg build --ignore="./test/*,kind-config.yaml"` + +#### Set the package name + +`crossplane` automatically names the new package a combination of the +`metadata.name` and a hash of the package contents and saves the contents +in the same location as `--package-root`. Define a specific location and +filename with `--package-file` or `-o`. + +For example, +`crossplane xpkg build -o /home/crossplane/example.xpkg`. + + +#### Include examples + +Include YAML files demonstrating how to use the package with `--examples-root`. + +[Upbound Marketplace](https://marketplace.upbound.io/) uses files included with +`--examples-root` as documentation for published packages. + +#### Include a runtime image + +Functions and Providers require YAML files describing their dependencies and +settings as well as a container image for their runtime. + +Using `--embed-runtime-image-name` runs a specified image and +includes the image inside the function or provider package. + +{{}} +Images referenced with `--embed-runtime-image-name` must be in the local Docker +cache. + +Use `docker pull` to download a missing image. +{{< /hint >}} + +The `--embed-runtime-image-tarball` flag includes a local OCI image tarball +inside the function or provider package. + + +### xpkg install + +Download and install packages into Crossplane with `crossplane xpkg install`. + +By default the `crossplane xpkg install` command uses the Kubernetes +configuration defined in `~/.kube/config`. + +Define a custom Kubernetes configuration file location with the environmental +variable `KUBECONFIG`. + +Specify the package kind, package file and optionally a name to give the package +inside Crossplane. + +`crossplane xpkg install []` + +The `` is either a `configuration`, `function` or `provider`. + +For example, to install version 0.42.0 of the +[AWS S3 provider](https://marketplace.upbound.io/providers/upbound/provider-aws-s3/v0.42.0): + +`crossplane xpkg install provider xpkg.upbound.io/upbound/provider-aws-s3:v0.42.0` + +#### Flags +{{< table "table table-sm table-striped">}} +| Short flag | Long flag | Description | +| ------------ | ------------- | ------------------------------ | +| | `--runtime-config=` | Install the package with a runtime configuration. | +| `-m` | `--manual-activation` | Set the `revisionActiviationPolicy` to `Manual`. | +| | `--package-pull-secrets=` | A comma-separated list of Kubernetes secrets to use for authenticating to the package registry. | +| `-r` | `--revision-history-limit=` | Set the `revisionHistoryLimit`. Defaults to `1`. | +| `-w` | `--wait=` | Number of seconds to wait for a package to install. | + +{{< /table >}} + +#### Wait for package install + +When installing a package the `crossplane xpkg install` command doesn't wait for +the package to download and install. View any download or installation problems +by inspecting the `configuration` with `kubectl describe configuration`. + +Use `--wait` to have the `crossplane xpkg install` command to wait for a +package to have the condition `HEALTHY` before continuing. The command +returns an error if the `wait` time expires before the package is `HEALTHY`. + +#### Require manual package activation + +Set the package to require +[manual activation]({{}}), +preventing an automatic upgrade of a package with `--manual-activation` + +#### Authenticate to a private registry + +To authenticate to a private package registry use `--package-pull-secrets` and +provide a list of Kubernetes Secret objects. + +{{}} +The secrets must be in the same namespace as the Crossplane pod. +{{< /hint >}} + +#### Customize the number of stored package versions + +By default Crossplane only stores a single inactive package in the local package +cache. + +Store more inactive copies of a package with `--revision-history-limit`. + +Read more about +[package revisions]({{< ref "../concepts/packages#configuration-revisions" >}}) +in the package documentation. + +### xpkg login + +Use `xpkg login` to authenticate to `xpkg.upbound.io`, the +[Upbound Marketplace](https://marketplace.upbound.io/) container registry. + +[Register with the Upbound Marketplace](https://accounts.upbound.io/register) +to push packages and create private repositories. + +#### Flags + +{{< table "table table-sm table-striped">}} +| Short flag | Long flag | Description | +| ------------ | ------------- | ------------------------------ | +| `-u` | `--username=` | Username to use for authentication. | +| `-p` | `--password=` | Password to use for authentication. | +| `-t` | `--token=` | User token string to use for authentication. | +| `-a` | `--account=` | Specify an Upbound organization during authentication. | +{{< /table >}} + + +#### Authentication options + +The `crossplane xpkg login` command can use a username and password or Upbound API token. + +By default, `crossplane xpkg login` without arguments, prompts for a username +and password. + +Provide a username and password with the `--username` and `--password` flags or +set the environmental variable `UP_USER` for a username or `UP_PASSWORD` for the +password. + +Use an Upbound user token instead of a username and password with `--token` or +the `UP_TOKEN` environmental variable. + +{{< hint "important" >}} +The `--token` or `UP_TOKEN` environmental variables take precedence over a +username and password. +{{< /hint >}} + +Using `-` as the input for `--password` or `--token` reads the input from stdin. +For example, `crossplane xpkg login --password -`. + +After logging in the Crossplane CLI creates a `profile` in +`.crossplane/config.json` to cache unprivileged account information. + +{{}} +The `session` field of `config.json` file is a session cookie identifier. + +The `session` value isn't used for authentication. This isn't a `token`. +{{< /hint >}} + +#### Authenticate with a registered Upbound organization + +Authenticate to a registered organization in the Upbound Marketplace with the +`--account` option, along with the username and password or token. + +For example, +`crossplane xpkg login --account=Upbound --username=my-user --password -`. + +### xpkg logout + +Use `crossplane xpkg logout` to invalidate the current `crossplane xpkg login` +session. + +{{< hint "note" >}} +Using `crossplane xpkg logout` removes the `session` from the +`~/.crossplane/config.json` file, but doesn't delete the configuration file. +{{< /hint >}} + +### xpkg push + +Push a Crossplane package file to a package registry. + +The Crossplane CLI pushes images to the +[Upbound Marketplace](https://marketplace.upbound.io/) at `xpkg.upbound.io` by +default. + +{{< hint "note" >}} +Pushing a package may require authentication with +[`crossplane xpkg login`](#xpkg-login) +{{< /hint >}} + +Specify the organization, package name and tag with +`crossplane xpkg push ` + +By default the command looks in the current directory for a single `.xpkg` file +to push. + +To push multiple files or to specify a specific `.xpkg` file use the `-f` flag. + +For example, to push a local package named `my-package` to +`crossplane-docs/my-package:v0.14.0` use: + +`crossplane xpkg push -f my-package.xpkg crossplane-docs/my-package:v0.14.0` + +To push to another package registry, like [DockerHub](https://hub.docker.com/) +provide the full URL along with the package name. + +For example, to push a local package named `my-package` to +DockerHub organization `crossplane-docs/my-package:v0.14.0` use: +`crossplane xpkg push -f my-package.xpkg index.docker.io/crossplane-docs/my-package:v0.14.0`. + + +#### Flags + +{{< table "table table-sm table-striped">}} +| Short flag | Long flag | Description | +| ------------ | ------------- | ------------------------------ | +| `-f` | `--package-files=PATH` | A comma-separated list of xpkg files to push. | +{{< /table >}} + +### xpkg update + +The `crossplane xpkg update` command downloads and updates an existing package. + +By default the `crossplane xpkg update` command uses the Kubernetes +configuration defined in `~/.kube/config`. + +Define a custom Kubernetes configuration file location with the environmental +variable `KUBECONFIG`. + +Specify the package kind, package file and optionally the name of the package +already installed in Crossplane. + +`crossplane xpkg update []` + +The package file must be an organization, image and tag on the `xpkg.upbound.io` +registry on [Upbound Marketplace](https://marketplace.upbound.io/). + +For example, to update to version 0.42.0 of the +[AWS S3 provider](https://marketplace.upbound.io/providers/upbound/provider-aws-s3/v0.42.0): + +`crossplane xpkg update provider xpkg.upbound.io/upbound/provider-aws-s3:v0.42.0` + + +## beta + +Crossplane `beta` commands are experimental. These commands may change the +flags, options or outputs in future releases. + +Crossplane maintainers may promote or remove commands under `beta` in future +releases. + + +### beta convert + +As Crossplane evolves, its APIs and resources may change. To help with the +migration to the new APIs and resources, the `crossplane beta convert` command +converts a Crossplane resource to a new version or kind. + +Use the `crossplane beta convert` command to convert an existing +[ControllerConfig]({{}}) +to a [DeploymentRuntimeConfig]({{}}) +or a Composition using [patch and transforms]({{}}) +to a +[Composition pipeline function]({{< ref "../concepts/compositions#use-composition-functions" >}}). + +Provide the `crossplane beta convert` command the conversion type, the input +file and optionally, an output file. By default the command writes the output to +standard out. + +For example, to convert a ControllerConfig to a DeploymentRuntimeConfig use +`crossplane beta convert deployment-runtime`. For example, + +`crossplane beta convert deployment-runtime controllerConfig.yaml -o deploymentConfig.yaml` + +To convert a Composition using patch and transforms to a pipeline function, use +`crossplane beta convert pipeline-composition`. + +Optionally, use the `-f` flag to provide the name of the function. +By default the function name is "function-patch-and-transform." + +`crossplane beta convert pipeline-composition oldComposition.yaml -o newComposition.yaml -f patchFunctionName` + + +#### Flags +{{< table "table table-sm table-striped">}} +| Short flag | Long flag | Description | +| ------------ | --------------- | ------------------------------ | +| `-o` | `--output-file` | The output YAML file to write. Outputs to stdout by default. | +| `-f` | `--function-name` | The name of the new function. Defaults to `function-patch-and-transform`. | + +{{< /table >}} + + +### beta render + +The `crossplane beta render` command previews the output of a +[composite resource]({{}}) after applying +any [composition functions]({{}}). + +{{< hint "important" >}} +The `crossplane beta render` command doesn't apply +[patch and transform composition patches]({{}}). + +The command only supports function "patch and transforms." +{{< /hint >}} + +The `crossplane beta render` command connects to the locally running Docker +Engine to pull and run composition functions. + +{{}} +Running `crossplane beta render` requires [Docker](https://www.docker.com/). +{{< /hint >}} + +Provide a composite resource, composition and composition function YAML +definition with the command to render the output locally. + +For example, +`crossplane beta render xr.yaml composition.yaml function.yaml` + +The output includes the original composite resource followed by the generated +managed resources. + +{{}} +```yaml +--- +apiVersion: nopexample.org/v1 +kind: XBucket +metadata: + name: test-xrender +status: + bucketRegion: us-east-2 +--- +apiVersion: s3.aws.upbound.io/v1beta1 +kind: Bucket +metadata: + annotations: + crossplane.io/composition-resource-name: my-bucket + generateName: test-xrender- + labels: + crossplane.io/composite: test-xrender + ownerReferences: + - apiVersion: nopexample.org/v1 + blockOwnerDeletion: true + controller: true + kind: XBucket + name: test-xrender + uid: "" +spec: + forProvider: + region: us-east-2 +``` +{{< /expand >}} + +#### Flags + +{{< table "table table-sm table-striped">}} +| Short flag | Long flag | Description | +| ------------ | ------------- | ------------------------------ | +| | `--context-files==,=` | A comma separated list of files to load for function "contexts." | +| | `--context-values==,=` | A comma separated list of key-value pairs to load for function "contexts." | +| `-r` | `--include-function-results` | Include the "results" or events from the function. | +| `-o` | `--observed-resources=` | +Provide artificial managed resource data to the function. +| +| `-x` | `--include-full-xr` | Include a copy of the input Composite Resource spec and metadata fields in the rendered output. | +| | `--timeout=` | Amount of time to wait for a function to finish. | +{{< /table >}} + +The `crossplane beta render` command relies on standard +[Docker environmental variables](https://docs.docker.com/engine/reference/commandline/cli/#environment-variables) +to connect to the local Docker engine and run composition functions. + + +#### Provide function context + +The `--context-files` and `--context-values` flags can provide data +to a function's `context`. +The context is JSON formatted data. + +#### Include function results + +If a function produces Kubernetes events with statuses use the +`--include-function-results` to print them along with the managed resource +outputs. + +#### Include the composite resource + +Composition functions can only change the `status` field of a composite +resource. By default, the `crossplane beta render` command only prints the +`status` field with `metadata.name`. + +Use `--include-full-xr` to print the full composite resource, +including the `spec` and `metadata` fields. + +#### Mock managed resources + +Provide mocked, or artificial data representing a managed resource with +`--observed-resources`. The `crossplane beta render` command treats the +provided inputs as if they were resources in a Crossplane cluster. + +A function can reference and manipulate the included resource as part of +running the function. + +The `observed-resources` may be a single YAML file with multiple resources or a +directory of YAML files representing multiple resources. + +Inside the YAML file include an +{{}}apiVersion{{}}, +{{}}kind{{}}, +{{}}metadata{{}} and +{{}}spec{{}}. + +```yaml {label="apiVersion"} +apiVersion: example.org/v1alpha1 +kind: ComposedResource +metadata: + name: test-render-b + annotations: + crossplane.io/composition-resource-name: resource-b +spec: + coolerField: "I'm cooler!" +``` + +The schema of the resource isn't validated and may contain any data. + +### beta top + +The command `crossplane beta top` shows CPU and memory usage of Crossplane +related pods. + +```shell +crossplane beta top +TYPE NAMESPACE NAME CPU(cores) MEMORY +crossplane default crossplane-f98f9ddfd-tnm46 4m 32Mi +crossplane default crossplane-rbac-manager-74ff459b88-94p8p 4m 14Mi +provider default provider-aws-s3-1f1a3fb08cbc-5c49d84447-sggrq 3m 108Mi +provider default upbound-provider-family-aws-48b3b5ccf964-76c9686b6-bgg65 2m 89Mi +``` + +{{}} +Using `crossplane beta top` requires the Kubernetes +[metrics server](https://github.com/kubernetes-sigs/metrics-server) enabled on +the cluster running Crossplane before using `crossplane beta top`. + +Follow the installation instructions on the +[metrics-server GitHub page](https://github.com/kubernetes-sigs/metrics-server#installation). +{{< /hint >}} + + + +#### Flags +{{< table "table table-sm table-striped">}} + + +| Short flag | Long flag | Description | +| ------------ | ------------- | ------------------------------ | +| `-n` | `--namespace` | The namespace where the Crossplane pod runs. Default is `crossplane-system`. | +| `-s` | `--summary` | Print a summary of all Crossplane pods along with the output. | +| | `--verbose` | Print verbose logging information with the output. | + +{{< /table >}} + +The Kubernetes metrics server may take some time to collect data for the +`crossplane beta top` command. Before the metrics server is ready, +running the `top` command may produce an error, for example, + +`crossplane: error: error adding metrics to pod, check if metrics-server is running or wait until metrics are available for the pod: the server is currently unable to handle the request (get pods.metrics.k8s.io crossplane-contrib-provider-helm-b4cc4c2c8db3-6d787f9686-qzmz2)` + + +### beta trace + +Use the `crossplane beta trace` command to display a visual relationship of +Crossplane objects. The `trace` command supports claims, compositions, +functions, managed resources or packages. + +The command requires a resource type and a resource name. + +`crossplane beta trace ` + +For example to view a resource named `my-claim` of type `example.crossplane.io`: +`crossplane beta trace example.crossplane.io my-claim` + +The command also accepts Kubernetes CLI style `/` input. +For example, +`crossplane beta trace example.crossplane.io/my-claim` + +By default the `crossplane beta trace` command uses the Kubernetes +configuration defined in `~/.kube/config`. + +Define a custom Kubernetes configuration file location with the environmental +variable `KUBECONFIG`. + +#### Flags +{{< table "table table-sm table-striped">}} + + +| Short flag | Long flag | Description | +| ------------ | ------------- | ------------------------------ | +| `-n` | `--namespace` | The namespace of the resource. | +| `-o` | `--output=` | Change the graph output with `wide`, `json`, or `dot` for a [Graphviz dot](https://graphviz.org/docs/layouts/dot/) output. | +| | `--show-connection-secrets` | Print any connection secret names. Doesn't print the secret values. | +| | `--show-package-dependencies ` | Show package dependencies. Options are `all` to show every dependency, `unique` to only print a package once or `none` to not print any dependencies. By default the `trace` command uses `--show-package-dependencies unique`. | +| | `--show-package-revisions ` | Print package revision versions. Options are `active`, showing only the active revisions, `all` showing all revisions or `none` to print not print any revisions. | +| | `--show-package-runtime-configs` | Print DeploymentRuntimeConfig dependencies. | + +{{< /table >}} + +#### Output options + +By default `crossplane beta trace` prints directly to the terminal, limiting the +"Ready" condition and "Status" messages to 64 characters. + +The following an example output a "cluster" claim from the AWS reference +platform, which includes multiple Compositions and composed resources: + +```shell {copy-lines="1"} +crossplane beta trace cluster.aws.platformref.upbound.io platform-ref-aws +NAME VERSION INSTALLED HEALTHY STATE STATUS +Configuration/platform-ref-aws v0.9.0 True True - HealthyPackageRevision +β”œβ”€ ConfigurationRevision/platform-ref-aws-9ad7b5db2899 v0.9.0 - True Active HealthyPackageRevision +β”œβ”€ Configuration/upbound-configuration-aws-network v0.7.0 True True - HealthyPackageRevision +β”‚ β”œβ”€ ConfigurationRevision/upbound-configuration-aws-network-97be9100cfe1 v0.7.0 - True Active HealthyPackageRevision +β”‚ β”œβ”€ Provider/upbound-provider-aws-ec2 v0.47.0 True True - HealthyPackageRevision +β”‚ β”‚ β”œβ”€ ProviderRevision/upbound-provider-aws-ec2-cfeb0cd0f1d2 v0.47.0 - True Active HealthyPackageRevision +β”‚ β”‚ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision +β”‚ β”‚ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision +β”‚ └─ Function/upbound-function-patch-and-transform v0.2.1 True True - HealthyPackageRevision +β”‚ └─ FunctionRevision/upbound-function-patch-and-transform-a2f88f8d8715 v0.2.1 - True Active HealthyPackageRevision +β”œβ”€ Configuration/upbound-configuration-aws-database v0.5.0 True True - HealthyPackageRevision +β”‚ β”œβ”€ ConfigurationRevision/upbound-configuration-aws-database-3112f0a765c5 v0.5.0 - True Active HealthyPackageRevision +β”‚ └─ Provider/upbound-provider-aws-rds v0.47.0 True True - HealthyPackageRevision +β”‚ └─ ProviderRevision/upbound-provider-aws-rds-58f96aa9fc4b v0.47.0 - True Active HealthyPackageRevision +β”œβ”€ Configuration/upbound-configuration-aws-eks v0.5.0 True True - HealthyPackageRevision +β”‚ β”œβ”€ ConfigurationRevision/upbound-configuration-aws-eks-83c9d65f4a47 v0.5.0 - True Active HealthyPackageRevision +β”‚ β”œβ”€ Provider/crossplane-contrib-provider-helm v0.16.0 True True - HealthyPackageRevision +β”‚ β”‚ └─ ProviderRevision/crossplane-contrib-provider-helm-b4cc4c2c8db3 v0.16.0 - True Active HealthyPackageRevision +β”‚ β”œβ”€ Provider/crossplane-contrib-provider-kubernetes v0.10.0 True True - HealthyPackageRevision +β”‚ β”‚ └─ ProviderRevision/crossplane-contrib-provider-kubernetes-63506a3443e0 v0.10.0 - True Active HealthyPackageRevision +β”‚ β”œβ”€ Provider/upbound-provider-aws-eks v0.47.0 True True - HealthyPackageRevision +β”‚ β”‚ └─ ProviderRevision/upbound-provider-aws-eks-641a096d79d8 v0.47.0 - True Active HealthyPackageRevision +β”‚ └─ Provider/upbound-provider-aws-iam v0.47.0 True True - HealthyPackageRevision +β”‚ └─ ProviderRevision/upbound-provider-aws-iam-438eac423037 v0.47.0 - True Active HealthyPackageRevision +β”œβ”€ Configuration/upbound-configuration-app v0.2.0 True True - HealthyPackageRevision +β”‚ └─ ConfigurationRevision/upbound-configuration-app-5d95726dba8c v0.2.0 - True Active HealthyPackageRevision +β”œβ”€ Configuration/upbound-configuration-observability-oss v0.2.0 True True - HealthyPackageRevision +β”‚ β”œβ”€ ConfigurationRevision/upbound-configuration-observability-oss-a51529457ad7 v0.2.0 - True Active HealthyPackageRevision +β”‚ └─ Provider/grafana-provider-grafana v0.8.0 True True - HealthyPackageRevision +β”‚ └─ ProviderRevision/grafana-provider-grafana-ac529c8ce1c6 v0.8.0 - True Active HealthyPackageRevision +└─ Configuration/upbound-configuration-gitops-flux v0.2.0 True True - HealthyPackageRevision + └─ ConfigurationRevision/upbound-configuration-gitops-flux-2e80ec62738d v0.2.0 - True Active HealthyPackageRevision +``` + +#### Wide outputs +Print the entire "Ready" or "Status" message if they're longer than +64 characters with `--output=wide`. + +For example, the output truncates the "Status" message that's too long. + +```shell {copy-lines="1" +crossplane trace cluster.aws.platformref.upbound.io platform-ref-aws +NAME SYNCED READY STATUS +Cluster/platform-ref-aws (default) True False Waiting: ...resource claim is waiting for composite resource to become Ready +``` + +Use `--output=wide` to see the full message. + +```shell {copy-lines="1" +crossplane trace cluster.aws.platformref.upbound.io platform-ref-aws --output=wide +NAME SYNCED READY STATUS +Cluster/platform-ref-aws (default) True False Waiting: Composite resource claim is waiting for composite resource to become Ready +``` + +#### Graphviz dot file output + +Use the `--output=dot` to print out a textual +[Graphviz dot](https://graphviz.org/docs/layouts/dot/) output. + +Save the output and export it or the output directly to Graphviz `dot` to +render an image. + +For example, to save the output as a `graph.png` file use +`dot -Tpng -o graph.png`. + +`crossplane beta trace cluster.aws.platformref.upbound.io platform-ref-aws -o dot | dot -Tpng -o graph.png` + +#### Print connection secrets + +Use `-s` to print any connection secret names along with the other resources. + +{{}} +The `crossplane beta trace` command doesn't print secret values. +{{< /hint >}} + +The output includes both the secret name along with the secret's namespace. + +```shell +crossplane beta trace configuration platform-ref-aws -s +NAME SYNCED READY STATUS +Cluster/platform-ref-aws (default) True True Available +└─ XCluster/platform-ref-aws-mlnwb True True Available + β”œβ”€ XNetwork/platform-ref-aws-mlnwb-6nvkx True True Available + β”‚ β”œβ”€ SecurityGroupRule/platform-ref-aws-mlnwb-szgxp True True Available + β”‚ └─ Secret/3f11c30b-dd94-4f5b-aff7-10fe4318ab1f (upbound-system) - - + β”œβ”€ XEKS/platform-ref-aws-mlnwb-fqjzz True True Available + β”‚ β”œβ”€ OpenIDConnectProvider/platform-ref-aws-mlnwb-h26xx True True Available + β”‚ └─ Secret/9666eccd-929c-4452-8658-c8c881aee137-eks (upbound-system) - - + β”œβ”€ XServices/platform-ref-aws-mlnwb-bgndx True True Available + β”‚ β”œβ”€ Release/platform-ref-aws-mlnwb-7hfkv True True Available + β”‚ └─ Secret/d0955929-892d-40c3-b0e0-a8cabda55895 (upbound-system) - - + └─ Secret/9666eccd-929c-4452-8658-c8c881aee137 (upbound-system) - - +``` + +#### Print package dependencies + +Use the `--show-package-dependencies` flag to include more information about +package dependencies. + +By default `crossplane beta trace` uses `--show-package-dependencies unique` to +include a required package only once in the output. + +Use `--show-package-dependencies all` to see every package requiring the same +dependency. + +```shell +crossplane beta trace configuration platform-ref-aws --show-package-dependencies all +NAME VERSION INSTALLED HEALTHY STATE STATUS +Configuration/platform-ref-aws v0.9.0 True True - HealthyPackageRevision +β”œβ”€ ConfigurationRevision/platform-ref-aws-9ad7b5db2899 v0.9.0 - True Active HealthyPackageRevision +β”œβ”€ Configuration/upbound-configuration-aws-network v0.7.0 True True - HealthyPackageRevision +β”‚ β”œβ”€ ConfigurationRevision/upbound-configuration-aws-network-97be9100cfe1 v0.7.0 - True Active HealthyPackageRevision +β”‚ β”œβ”€ Provider/upbound-provider-aws-ec2 v0.47.0 True True - HealthyPackageRevision +β”‚ β”‚ β”œβ”€ ProviderRevision/upbound-provider-aws-ec2-cfeb0cd0f1d2 v0.47.0 - True Active HealthyPackageRevision +β”‚ β”‚ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision +β”‚ β”‚ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision +β”‚ └─ Function/upbound-function-patch-and-transform v0.2.1 True True - HealthyPackageRevision +β”‚ └─ FunctionRevision/upbound-function-patch-and-transform-a2f88f8d8715 v0.2.1 - True Active HealthyPackageRevision +β”œβ”€ Configuration/upbound-configuration-aws-database v0.5.0 True True - HealthyPackageRevision +β”‚ β”œβ”€ ConfigurationRevision/upbound-configuration-aws-database-3112f0a765c5 v0.5.0 - True Active HealthyPackageRevision +β”‚ β”œβ”€ Provider/upbound-provider-aws-rds v0.47.0 True True - HealthyPackageRevision +β”‚ β”‚ β”œβ”€ ProviderRevision/upbound-provider-aws-rds-58f96aa9fc4b v0.47.0 - True Active HealthyPackageRevision +β”‚ β”‚ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision +β”‚ β”‚ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision +β”‚ └─ Configuration/upbound-configuration-aws-network v0.7.0 True True - HealthyPackageRevision +β”‚ β”œβ”€ ConfigurationRevision/upbound-configuration-aws-network-97be9100cfe1 v0.7.0 - True Active HealthyPackageRevision +β”‚ β”œβ”€ Provider/upbound-provider-aws-ec2 v0.47.0 True True - HealthyPackageRevision +β”‚ β”‚ β”œβ”€ ProviderRevision/upbound-provider-aws-ec2-cfeb0cd0f1d2 v0.47.0 - True Active HealthyPackageRevision +β”‚ β”‚ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision +β”‚ β”‚ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision +β”‚ └─ Function/upbound-function-patch-and-transform v0.2.1 True True - HealthyPackageRevision +β”‚ └─ FunctionRevision/upbound-function-patch-and-transform-a2f88f8d8715 v0.2.1 - True Active HealthyPackageRevision +β”œβ”€ Configuration/upbound-configuration-aws-eks v0.5.0 True True - HealthyPackageRevision +β”‚ β”œβ”€ ConfigurationRevision/upbound-configuration-aws-eks-83c9d65f4a47 v0.5.0 - True Active HealthyPackageRevision +β”‚ β”œβ”€ Configuration/upbound-configuration-aws-network v0.7.0 True True - HealthyPackageRevision +β”‚ β”‚ β”œβ”€ ConfigurationRevision/upbound-configuration-aws-network-97be9100cfe1 v0.7.0 - True Active HealthyPackageRevision +β”‚ β”‚ β”œβ”€ Provider/upbound-provider-aws-ec2 v0.47.0 True True - HealthyPackageRevision +β”‚ β”‚ β”‚ β”œβ”€ ProviderRevision/upbound-provider-aws-ec2-cfeb0cd0f1d2 v0.47.0 - True Active HealthyPackageRevision +β”‚ β”‚ β”‚ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision +β”‚ β”‚ β”‚ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision +β”‚ β”‚ └─ Function/upbound-function-patch-and-transform v0.2.1 True True - HealthyPackageRevision +β”‚ β”‚ └─ FunctionRevision/upbound-function-patch-and-transform-a2f88f8d8715 v0.2.1 - True Active HealthyPackageRevision +β”‚ β”œβ”€ Provider/crossplane-contrib-provider-helm v0.16.0 True True - HealthyPackageRevision +β”‚ β”‚ └─ ProviderRevision/crossplane-contrib-provider-helm-b4cc4c2c8db3 v0.16.0 - True Active HealthyPackageRevision +β”‚ β”œβ”€ Provider/crossplane-contrib-provider-kubernetes v0.10.0 True True - HealthyPackageRevision +β”‚ β”‚ └─ ProviderRevision/crossplane-contrib-provider-kubernetes-63506a3443e0 v0.10.0 - True Active HealthyPackageRevision +β”‚ β”œβ”€ Provider/upbound-provider-aws-ec2 v0.47.0 True True - HealthyPackageRevision +β”‚ β”‚ β”œβ”€ ProviderRevision/upbound-provider-aws-ec2-cfeb0cd0f1d2 v0.47.0 - True Active HealthyPackageRevision +β”‚ β”‚ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision +β”‚ β”‚ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision +β”‚ β”œβ”€ Provider/upbound-provider-aws-eks v0.47.0 True True - HealthyPackageRevision +β”‚ β”‚ β”œβ”€ ProviderRevision/upbound-provider-aws-eks-641a096d79d8 v0.47.0 - True Active HealthyPackageRevision +β”‚ β”‚ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision +β”‚ β”‚ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision +β”‚ β”œβ”€ Provider/upbound-provider-aws-iam v0.47.0 True True - HealthyPackageRevision +β”‚ β”‚ β”œβ”€ ProviderRevision/upbound-provider-aws-iam-438eac423037 v0.47.0 - True Active HealthyPackageRevision +β”‚ β”‚ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision +β”‚ β”‚ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision +β”‚ └─ Function/upbound-function-patch-and-transform v0.2.1 True True - HealthyPackageRevision +β”‚ └─ FunctionRevision/upbound-function-patch-and-transform-a2f88f8d8715 v0.2.1 - True Active HealthyPackageRevision +β”œβ”€ Configuration/upbound-configuration-app v0.2.0 True True - HealthyPackageRevision +β”‚ β”œβ”€ ConfigurationRevision/upbound-configuration-app-5d95726dba8c v0.2.0 - True Active HealthyPackageRevision +β”‚ β”œβ”€ Provider/crossplane-contrib-provider-helm v0.16.0 True True - HealthyPackageRevision +β”‚ β”‚ └─ ProviderRevision/crossplane-contrib-provider-helm-b4cc4c2c8db3 v0.16.0 - True Active HealthyPackageRevision +β”‚ └─ Function/upbound-function-patch-and-transform v0.2.1 True True - HealthyPackageRevision +β”‚ └─ FunctionRevision/upbound-function-patch-and-transform-a2f88f8d8715 v0.2.1 - True Active HealthyPackageRevision +β”œβ”€ Configuration/upbound-configuration-observability-oss v0.2.0 True True - HealthyPackageRevision +β”‚ β”œβ”€ ConfigurationRevision/upbound-configuration-observability-oss-a51529457ad7 v0.2.0 - True Active HealthyPackageRevision +β”‚ β”œβ”€ Provider/crossplane-contrib-provider-helm v0.16.0 True True - HealthyPackageRevision +β”‚ β”‚ └─ ProviderRevision/crossplane-contrib-provider-helm-b4cc4c2c8db3 v0.16.0 - True Active HealthyPackageRevision +β”‚ β”œβ”€ Provider/crossplane-contrib-provider-kubernetes v0.10.0 True True - HealthyPackageRevision +β”‚ β”‚ └─ ProviderRevision/crossplane-contrib-provider-kubernetes-63506a3443e0 v0.10.0 - True Active HealthyPackageRevision +β”‚ β”œβ”€ Provider/grafana-provider-grafana v0.8.0 True True - HealthyPackageRevision +β”‚ β”‚ └─ ProviderRevision/grafana-provider-grafana-ac529c8ce1c6 v0.8.0 - True Active HealthyPackageRevision +β”‚ └─ Function/upbound-function-patch-and-transform v0.2.1 True True - HealthyPackageRevision +β”‚ └─ FunctionRevision/upbound-function-patch-and-transform-a2f88f8d8715 v0.2.1 - True Active HealthyPackageRevision +└─ Configuration/upbound-configuration-gitops-flux v0.2.0 True True - HealthyPackageRevision + β”œβ”€ ConfigurationRevision/upbound-configuration-gitops-flux-2e80ec62738d v0.2.0 - True Active HealthyPackageRevision + β”œβ”€ Provider/crossplane-contrib-provider-helm v0.16.0 True True - HealthyPackageRevision + β”‚ └─ ProviderRevision/crossplane-contrib-provider-helm-b4cc4c2c8db3 v0.16.0 - True Active HealthyPackageRevision + └─ Function/upbound-function-patch-and-transform v0.2.1 True True - HealthyPackageRevision + └─ FunctionRevision/upbound-function-patch-and-transform-a2f88f8d8715 v0.2.1 - True Active HealthyPackageRevision +``` + +Use `--show-package-dependencies none` to hide all dependencies. + +```shell +crossplane beta trace configuration platform-ref-aws --show-package-dependencies none +NAME VERSION INSTALLED HEALTHY STATE STATUS +Configuration/platform-ref-aws v0.9.0 True True - HealthyPackageRevision +└─ ConfigurationRevision/platform-ref-aws-9ad7b5db2899 v0.9.0 - True Active HealthyPackageRevision +``` + +#### Print package revisions + +By default the `crossplane beta trace` command only shows the package revisions +actively in use. To view both active and inactive revisions use +`--show-package-revisions all`. + +```shell +crossplane beta trace configuration platform-ref-aws --show-package-revisions all +NAME VERSION INSTALLED HEALTHY STATE STATUS +Configuration/platform-ref-aws v0.9.0 True True - HealthyPackageRevision +β”œβ”€ ConfigurationRevision/platform-ref-aws-ad01153c1179 v0.8.0 - True Inactive HealthyPackageRevision +β”œβ”€ ConfigurationRevision/platform-ref-aws-9ad7b5db2899 v0.9.0 - True Active HealthyPackageRevision +β”œβ”€ Configuration/upbound-configuration-aws-network v0.2.0 True True - HealthyPackageRevision +β”‚ β”œβ”€ ConfigurationRevision/upbound-configuration-aws-network-288fcd1b88dd v0.2.0 - True Active HealthyPackageRevision +β”‚ └─ Provider/upbound-provider-aws-ec2 v1.0.0 True True - HealthyPackageRevision +β”‚ β”œβ”€ ProviderRevision/upbound-provider-aws-ec2-5cfd948d082f v1.0.0 - True Active HealthyPackageRevision +β”‚ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision +β”‚ └─ ProviderRevision/upbound-provider-family-aws-48b3b5ccf964 v1.0.0 - True Active HealthyPackageRevision +# Removed for brevity +``` + +To hide all revisions use `--show-package-revision none`. + +```shell +crossplane beta trace configuration platform-ref-aws --show-package-revisions none +NAME VERSION INSTALLED HEALTHY STATE STATUS +Configuration/platform-ref-aws v0.9.0 True True - HealthyPackageRevision +β”œβ”€ Configuration/upbound-configuration-aws-network v0.2.0 True True - HealthyPackageRevision +β”‚ └─ Provider/upbound-provider-aws-ec2 v1.0.0 True True - HealthyPackageRevision +β”‚ └─ Provider/upbound-provider-family-aws v1.0.0 True True - HealthyPackageRevision +# Removed for brevity +``` + +### beta validate + +The `crossplane beta validate` command validates +[compositions]({{}}) against provider or XRD +schemas using the Kubernetes API server's validation library. + +The `crossplane beta validate` command supports validating the following +scenarios: + +- Validate a managed resource or composite resource + [against a Provider or XRD schema](#validate-resources-against-a-schema). +- Use the output of `crossplane beta render` as [validation input](#validate-render-command-output). +- Validate an [XRD against Kubernetes Common Expression Language](#validate-common-expression-language-rules) + (CEL) rules. +- Validate resources against a [directory of schemas](#validate-against-a-directory-of-schemas). + + +{{< hint "note" >}} +The `crossplane beta validate` command performs all validation offline. + +A Kubernetes cluster running Crossplane isn't required. +{{< /hint >}} + +#### Flags + +{{< table "table table-sm table-striped" >}} +| Short flag | Long flag | Description | +| ------------ | ------------------------ | ----------------------------------------------------- | +| `-h` | `--help` | Show context sensitive help. | +| `-v` | `--version` | Print version and quit. | +| | `--cache-dir=".crossplane/cache"` | Specify the absolute path to the cache directory to store downloaded schemas. | +| | `--clean-cache` | Clean the cache directory before downloading package schemas. | +| | `--skip-success-results` | Skip printing success results. | +| | `--verbose` | Print verbose logging statements. | +{{< /table >}} + +#### Validate resources against a schema + +The `crossplane beta validate` command can validate an XR and one or more +managed resources against a provider's schema. + +{{}} +When validating against a provider the `crossplane beta validate` command +downloads the provider package to the `--cache-dir` directory. By default +Crossplane uses `.crossplane` as the `--cache-dir` location. + +Access to a Kubernetes cluster or Crossplane pod isn't required. +Validation requires the ability to download the provider package. +{{< /hint >}} + +The `crossplane beta validate` command downloads and caches the schema CRD files +in the `--cache-dir` directory. By default the Crossplane CLI uses +`.crossplane/cache` as the cache location. + +To clear the cache and download the CRD files again use the `--clean-cache` flag. + +To validate a managed resource against a provider, +first, create a provider manifest file. For example, to validate an IAM role +from Provider AWS, use the +[Provider AWS IAM](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.0.0) +manifest. + +{{}} +To validate a +"[family provider](https://blog.upbound.io/new-provider-families)" use the +provider manifests of the resources to validate. +{{< /hint >}} + +```yaml +apiVersion: pkg.crossplane.io/v1 +kind: Provider +metadata: + name: provider-aws-iam +spec: + package: xpkg.upbound.io/upbound/provider-aws-iam:v1.0.0 +``` + +Now include the XR or managed resource to validate. + +For example, to validate an +{{}}AccessKey{{}} managed resource, +provide a managed resource YAML file. + +```yaml {label="iamAK"} +apiVersion: iam.aws.upbound.io/v1beta1 +kind: AccessKey +metadata: + name: sample-access-key-0 +spec: + forProvider: + userSelector: + matchLabels: + example-name: test-user-0 +``` + +Run the `crossplane beta validate` command providing the provider and managed +resource YAML files as input. + +```shell +crossplane beta validate provider.yaml managedResource.yaml +[βœ“] iam.aws.upbound.io/v1beta1, Kind=AccessKey, sample-access-key-0 validated successfully +Total 1 resources: 0 missing schemas, 1 success case, 0 failure cases +``` + + +#### Validate render command output + +You can pipe the output of `crossplane beta render` into +`crossplane beta validate` to validate complete Crossplane resource pipelines, +including XRs, compositions and composition functions. + +Use the `--include-full-xr` command with `crossplane beta render` and the `-` +option with `crossplane beta validate` to pipe the output from +`crossplane beta render` to the input of `crossplane beta validate`. + +```shell {copy-lines="1"} +crossplane beta render xr.yaml composition.yaml function.yaml --include-full-xr | crossplane beta validate schemas.yaml - +[x] schema validation error example.crossplane.io/v1beta1, Kind=XR, example : status.conditions[0].lastTransitionTime: Invalid value: "null": status.conditions[0].lastTransitionTime in body must be of type string: "null" +[x] schema validation error example.crossplane.io/v1beta1, Kind=XR, example : spec: Required value +[βœ“] iam.aws.upbound.io/v1beta1, Kind=AccessKey, sample-access-key-0 validated successfully +[βœ“] iam.aws.upbound.io/v1beta1, Kind=AccessKey, sample-access-key-1 validated successfully +[βœ“] iam.aws.upbound.io/v1beta1, Kind=User, test-user-0 validated successfully +[βœ“] iam.aws.upbound.io/v1beta1, Kind=User, test-user-1 validated successfully +Total 5 resources: 0 missing schemas, 4 success cases, 1 failure cases +``` + + +#### Validate Common Expression Language rules +XRDs can define [validation rules](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-rules) expressed in the Common Expression Language +([CEL](https://kubernetes.io/docs/reference/using-api/cel/)). + + +Apply a CEL rule with the +{{}}x-kubernetes-validations{{}} key +inside the schema {{}}spec{{}} object of an XRD. + +```yaml {label="celXRD"} +apiVersion: apiextensions.crossplane.io/v1 +kind: CompositeResourceDefinition +metadata: + name: myXR.crossplane.io +spec: +# Removed for brevity + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-validations: + - rule: "self.minReplicas <= self.replicas && self.replicas <= self.maxReplicas" + message: "replicas should be in between minReplicas and maxReplicas." + properties: + minReplicas: + type: integer + maxReplicas: + type: integer + replicas: + type: integer +# Removed for brevity +``` + +The rule in this example checks that the vale of the +{{}}replicas{{}} field of an XR is between +the {{}}minReplicas{{}} and +{{}}maxReplicas{{}} values. + +```yaml {label="celXR"} +apiVersion: example.crossplane.io/v1beta1 +kind: XR +metadata: + name: example +spec: + replicas: 49 + minReplicas: 1 + maxReplicas: 30 +``` + +Running `crossplane beta validate` with the example XRD and XR produces an +error. + +```shell +`crossplane beta validate xrd.yaml xr.yaml +[x] CEL validation error example.crossplane.io/v1beta1, Kind=XR, example : spec: Invalid value: "object": replicas should be in between minReplicas and maxReplicas. +Total 1 resources: 0 missing schemas, 0 success cases, 1 failure cases +``` + + +#### Validate against a directory of schemas + +The `crossplane beta render` command can validate a directory of YAML files. + +The command only processes `.yaml` and `.yml` files, while ignoring all other +file types. + +With a directory of files, provide the directory and resource to validate. + +For example, using a directory named +{{}}schemas{{}} containing the XRD +and Provider schemas. + +```shell {label="validateDir"} +tree +schemas +|-- platform-ref-aws.yaml +|-- providers +| |-- a.txt +| `-- provider-aws-iam.yaml +`-- xrds + `-- xrd.yaml +``` + +Provide the directory name and a resource YAML file to the +`crossplane beta validate` command. + +```shell +crossplane beta validate schema resources.yaml +[x] schema validation error example.crossplane.io/v1beta1, Kind=XR, example : status.conditions[0].lastTransitionTime: Invalid value: "null": status.conditions[0].lastTransitionTime in body must be of type string: "null" +[x] CEL validation error example.crossplane.io/v1beta1, Kind=XR, example : spec: Invalid value: "object": no such key: minReplicas evaluating rule: replicas should be greater than or equal to minReplicas. +[βœ“] iam.aws.upbound.io/v1beta1, Kind=AccessKey, sample-access-key-0 validated successfully +[βœ“] iam.aws.upbound.io/v1beta1, Kind=AccessKey, sample-access-key-1 validated successfully +[βœ“] iam.aws.upbound.io/v1beta1, Kind=User, test-user-0 validated successfully +[βœ“] iam.aws.upbound.io/v1beta1, Kind=User, test-user-1 validated successfully +Total 5 resources: 0 missing schemas, 4 success cases, 1 failure cases +``` + +### beta xpkg init + +The `crossplane beta xpkg init` command populates the current directory with +files to build a package. + +Provide a name to use for the package and the package template to start from +with the command +`crossplane beta xpkg init