diff --git a/apis/ui/v1alpha1/dbgate_types.go b/apis/ui/v1alpha1/dbgate_types.go
new file mode 100644
index 00000000..68196faf
--- /dev/null
+++ b/apis/ui/v1alpha1/dbgate_types.go
@@ -0,0 +1,82 @@
+/*
+Copyright AppsCode Inc. and Contributors
+
+Licensed under the AppsCode Community License 1.0.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ https://github.com/appscode/licenses/raw/1.0.0/AppsCode-Community-1.0.0.md
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+ core "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+ ResourceKindDbgate = "Dbgate"
+ ResourceDbgate = "dbgate"
+ ResourceDbgates = "dbgates"
+)
+
+// Dbgate defines the schama for Dbgate operator installer.
+
+// +genclient
+// +genclient:skipVerbs=updateStatus
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// +kubebuilder:object:root=true
+type Dbgate struct {
+ metav1.TypeMeta `json:",inline,omitempty"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+ Spec DbgateSpec `json:"spec,omitempty"`
+}
+
+type DbgateSpec struct {
+ ReplicaCount int `json:"replicaCount"`
+ Image ImageRef `json:"image"`
+ ImagePullSecrets []string `json:"imagePullSecrets"`
+ NameOverride string `json:"nameOverride"`
+ FullnameOverride string `json:"fullnameOverride"`
+ ServiceAccount ServiceAccountSpec `json:"serviceAccount"`
+ PodAnnotations map[string]string `json:"podAnnotations"`
+ PodSecurityContext *core.PodSecurityContext `json:"podSecurityContext"`
+ SecurityContext *core.SecurityContext `json:"securityContext"`
+ Service ServiceSpec `json:"service"`
+ Resources core.ResourceRequirements `json:"resources"`
+ NodeSelector map[string]string `json:"nodeSelector"`
+ Tolerations []core.Toleration `json:"tolerations"`
+ Affinity *core.Affinity `json:"affinity"`
+ Namespace CreateFlag `json:"namespace"`
+ Gateway GatewaySpec `json:"gateway"`
+ Keda KedaSpec `json:"keda"`
+ TargetPendingRequests int `json:"targetPendingRequests"`
+ Autoscaling Autoscaling `json:"autoscaling"`
+ App DBRef `json:"app"`
+ Bind ObjectRef `json:"bind"`
+ Authzproxy AuthzproxySpec `json:"authzproxy"`
+}
+
+type DBRef struct {
+ AppRef `json:",inline"`
+ Kind string `json:"kind"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// DbgateList is a list of Dbgates
+type DbgateList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ // Items is a list of Dbgate CRD objects
+ Items []Dbgate `json:"items,omitempty"`
+}
diff --git a/apis/ui/v1alpha1/mongo_ui_types.go b/apis/ui/v1alpha1/mongo_ui_types.go
new file mode 100644
index 00000000..beeee74c
--- /dev/null
+++ b/apis/ui/v1alpha1/mongo_ui_types.go
@@ -0,0 +1,88 @@
+/*
+Copyright AppsCode Inc. and Contributors
+
+Licensed under the AppsCode Community License 1.0.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ https://github.com/appscode/licenses/raw/1.0.0/AppsCode-Community-1.0.0.md
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+ core "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+ ResourceKindMongoUi = "MongoUi"
+ ResourceMongoUi = "mongoui"
+ ResourceMongoUis = "mongouis"
+)
+
+// MongoUi defines the schama for MongoUi operator installer.
+
+// +genclient
+// +genclient:skipVerbs=updateStatus
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// +kubebuilder:object:root=true
+type MongoUi struct {
+ metav1.TypeMeta `json:",inline,omitempty"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+ Spec MongoUiSpec `json:"spec,omitempty"`
+}
+
+type MongoUiSpec struct {
+ ReplicaCount int `json:"replicaCount"`
+ Image ImageRef `json:"image"`
+ ImagePullSecrets []string `json:"imagePullSecrets"`
+ NameOverride string `json:"nameOverride"`
+ FullnameOverride string `json:"fullnameOverride"`
+ ServiceAccount ServiceAccountSpec `json:"serviceAccount"`
+ PodAnnotations map[string]string `json:"podAnnotations"`
+ PodSecurityContext *core.PodSecurityContext `json:"podSecurityContext"`
+ SecurityContext *core.SecurityContext `json:"securityContext"`
+ Service ServiceSpec `json:"service"`
+ Resources core.ResourceRequirements `json:"resources"`
+ NodeSelector map[string]string `json:"nodeSelector"`
+ Tolerations []core.Toleration `json:"tolerations"`
+ Affinity *core.Affinity `json:"affinity"`
+ Namespace CreateFlag `json:"namespace"`
+ Gateway GatewaySpec `json:"gateway"`
+ Keda KedaSpec `json:"keda"`
+ TargetPendingRequests int `json:"targetPendingRequests"`
+ Autoscaling Autoscaling `json:"autoscaling"`
+ App MongoRef `json:"app"`
+ TLS MongoUiTLS `json:"tls"`
+ Bind ObjectRef `json:"bind"`
+ Authzproxy AuthzproxySpec `json:"authzproxy"`
+}
+
+type MongoRef struct {
+ AppRef `json:",inline"`
+ Url string `json:"url"`
+}
+
+type MongoUiTLS struct {
+ Enabled bool `json:"enabled"`
+ SecretName string `json:"secretName"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// MongoUiList is a list of MongoUis
+type MongoUiList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ // Items is a list of MongoUi CRD objects
+ Items []MongoUi `json:"items,omitempty"`
+}
diff --git a/apis/ui/v1alpha1/pgadmin_types.go b/apis/ui/v1alpha1/pgadmin_types.go
new file mode 100644
index 00000000..2efccf6e
--- /dev/null
+++ b/apis/ui/v1alpha1/pgadmin_types.go
@@ -0,0 +1,77 @@
+/*
+Copyright AppsCode Inc. and Contributors
+
+Licensed under the AppsCode Community License 1.0.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ https://github.com/appscode/licenses/raw/1.0.0/AppsCode-Community-1.0.0.md
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+ core "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+ ResourceKindPgadmin = "Pgadmin"
+ ResourcePgadmin = "pgadmin"
+ ResourcePgadmins = "pgadmins"
+)
+
+// Pgadmin defines the schama for Pgadmin operator installer.
+
+// +genclient
+// +genclient:skipVerbs=updateStatus
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// +kubebuilder:object:root=true
+type Pgadmin struct {
+ metav1.TypeMeta `json:",inline,omitempty"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+ Spec PgadminSpec `json:"spec,omitempty"`
+}
+
+type PgadminSpec struct {
+ ReplicaCount int `json:"replicaCount"`
+ Image ImageRef `json:"image"`
+ ImagePullSecrets []string `json:"imagePullSecrets"`
+ NameOverride string `json:"nameOverride"`
+ FullnameOverride string `json:"fullnameOverride"`
+ ServiceAccount ServiceAccountSpec `json:"serviceAccount"`
+ PodAnnotations map[string]string `json:"podAnnotations"`
+ PodSecurityContext *core.PodSecurityContext `json:"podSecurityContext"`
+ SecurityContext *core.SecurityContext `json:"securityContext"`
+ Service ServiceSpec `json:"service"`
+ Resources core.ResourceRequirements `json:"resources"`
+ NodeSelector map[string]string `json:"nodeSelector"`
+ Tolerations []core.Toleration `json:"tolerations"`
+ Affinity *core.Affinity `json:"affinity"`
+ Namespace CreateFlag `json:"namespace"`
+ Gateway GatewaySpec `json:"gateway"`
+ Keda KedaSpec `json:"keda"`
+ TargetPendingRequests int `json:"targetPendingRequests"`
+ Autoscaling Autoscaling `json:"autoscaling"`
+ App AppRef `json:"app"`
+ Bind ObjectRef `json:"bind"`
+ Authzproxy AuthzproxySpec `json:"authzproxy"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// PgadminList is a list of Pgadmins
+type PgadminList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ // Items is a list of Pgadmin CRD objects
+ Items []Pgadmin `json:"items,omitempty"`
+}
diff --git a/apis/ui/v1alpha1/phpmyadmin.go b/apis/ui/v1alpha1/phpmyadmin.go
new file mode 100644
index 00000000..003fd574
--- /dev/null
+++ b/apis/ui/v1alpha1/phpmyadmin.go
@@ -0,0 +1,77 @@
+/*
+Copyright AppsCode Inc. and Contributors
+
+Licensed under the AppsCode Community License 1.0.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ https://github.com/appscode/licenses/raw/1.0.0/AppsCode-Community-1.0.0.md
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+ core "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+ ResourceKindPhpmyadmin = "Phpmyadmin"
+ ResourcePhpmyadmin = "phpmyadmin"
+ ResourcePhpmyadmins = "phpmyadmins"
+)
+
+// Phpmyadmin defines the schama for Phpmyadmin operator installer.
+
+// +genclient
+// +genclient:skipVerbs=updateStatus
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// +kubebuilder:object:root=true
+type Phpmyadmin struct {
+ metav1.TypeMeta `json:",inline,omitempty"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+ Spec PhpmyadminSpec `json:"spec,omitempty"`
+}
+
+type PhpmyadminSpec struct {
+ ReplicaCount int `json:"replicaCount"`
+ Image ImageRef `json:"image"`
+ ImagePullSecrets []string `json:"imagePullSecrets"`
+ NameOverride string `json:"nameOverride"`
+ FullnameOverride string `json:"fullnameOverride"`
+ ServiceAccount ServiceAccountSpec `json:"serviceAccount"`
+ PodAnnotations map[string]string `json:"podAnnotations"`
+ PodSecurityContext *core.PodSecurityContext `json:"podSecurityContext"`
+ SecurityContext *core.SecurityContext `json:"securityContext"`
+ Service ServiceSpec `json:"service"`
+ Resources core.ResourceRequirements `json:"resources"`
+ NodeSelector map[string]string `json:"nodeSelector"`
+ Tolerations []core.Toleration `json:"tolerations"`
+ Affinity *core.Affinity `json:"affinity"`
+ Namespace CreateFlag `json:"namespace"`
+ Gateway GatewaySpec `json:"gateway"`
+ Keda KedaSpec `json:"keda"`
+ TargetPendingRequests int `json:"targetPendingRequests"`
+ Autoscaling Autoscaling `json:"autoscaling"`
+ App AppRef `json:"app"`
+ Bind ObjectRef `json:"bind"`
+ Authzproxy AuthzproxySpec `json:"authzproxy"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// PhpmyadminList is a list of Phpmyadmins
+type PhpmyadminList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ // Items is a list of Phpmyadmin CRD objects
+ Items []Phpmyadmin `json:"items,omitempty"`
+}
diff --git a/apis/ui/v1alpha1/register.go b/apis/ui/v1alpha1/register.go
index 674633dd..d3149ec3 100644
--- a/apis/ui/v1alpha1/register.go
+++ b/apis/ui/v1alpha1/register.go
@@ -53,7 +53,16 @@ func Resource(resource string) schema.GroupResource {
// Adds the list of known types to api.Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
- scheme.AddKnownTypes(SchemeGroupVersion)
+ scheme.AddKnownTypes(SchemeGroupVersion,
+ &Dbgate{},
+ &DbgateList{},
+ &MongoUi{},
+ &MongoUiList{},
+ &Pgadmin{},
+ &PgadminList{},
+ &Phpmyadmin{},
+ &PhpmyadminList{},
+ )
scheme.AddKnownTypes(SchemeGroupVersion,
&metav1.Status{},
diff --git a/apis/ui/v1alpha1/types.go b/apis/ui/v1alpha1/types.go
index 4535fd59..78f02319 100644
--- a/apis/ui/v1alpha1/types.go
+++ b/apis/ui/v1alpha1/types.go
@@ -16,26 +16,14 @@ limitations under the License.
package v1alpha1
-import (
- core "k8s.io/api/core/v1"
-)
+import core "k8s.io/api/core/v1"
type ImageRef struct {
- Registry string `json:"registry"`
Repository string `json:"repository"`
+ PullPolicy string `json:"pullPolicy"`
Tag string `json:"tag"`
}
-type Container struct {
- ImageRef `json:",inline"`
- // Compute Resources required by the sidecar container.
- // +optional
- Resources core.ResourceRequirements `json:"resources"`
- // Security options the pod should run with.
- // +optional
- SecurityContext *core.SecurityContext `json:"securityContext"`
-}
-
type ServiceAccountSpec struct {
Create bool `json:"create"`
//+optional
@@ -44,58 +32,67 @@ type ServiceAccountSpec struct {
Annotations map[string]string `json:"annotations"`
}
-type WebHookSpec struct {
- UseKubeapiserverFqdnForAks bool `json:"useKubeapiserverFqdnForAks"`
- Healthcheck HealthcheckSpec `json:"healthcheck"`
+type ServiceSpec struct {
+ Type string `json:"type"`
+ Port int `json:"port"`
}
-type ServingCerts struct {
- Generate bool `json:"generate"`
- // +optional
- CaCrt string `json:"caCrt"`
- // +optional
- ServerCrt string `json:"serverCrt"`
- // +optional
- ServerKey string `json:"serverKey"`
+type CreateFlag struct {
+ Create bool `json:"create"`
}
-type HealthcheckSpec struct {
- // +optional
- Enabled bool `json:"enabled"`
- ProbePort int `json:"probePort"`
+type ObjectRef struct {
+ Name string `json:"name"`
+ Namespace string `json:"namespace"`
}
-// +kubebuilder:validation:Enum=prometheus.io;prometheus.io/operator;prometheus.io/builtin
-type MonitoringAgent string
+type LocalObjectRef struct {
+ Name string `json:"name"`
+}
-type Monitoring struct {
- Agent MonitoringAgent `json:"agent"`
- BindPort int `json:"bindPort"`
- ServiceMonitor *ServiceMonitorLabels `json:"serviceMonitor"`
+type GatewaySpec struct {
+ ClassName string `json:"className"`
+ Port int `json:"port"`
+ TlsSecretRef ObjectRef `json:"tlsSecretRef"`
+ ReferenceGrant CreateFlag `json:"referenceGrant"`
}
-type ServiceMonitorLabels struct {
- // +optional
- Labels map[string]string `json:"labels"`
+type KedaSpec struct {
+ ProxyService ProxyServiceSpec `json:"proxyService"`
}
-type EASSpec struct {
- GroupPriorityMinimum int32 `json:"groupPriorityMinimum"`
- VersionPriority int32 `json:"versionPriority"`
- UseKubeapiserverFqdnForAks bool `json:"useKubeapiserverFqdnForAks"`
- Healthcheck EASHealthcheckSpec `json:"healthcheck"`
- ServingCerts ServingCerts `json:"servingCerts"`
+type ProxyServiceSpec struct {
+ Namespace string `json:"namespace"`
+ Name string `json:"name"`
+ Port int `json:"port"`
}
-type EASHealthcheckSpec struct {
- // +optional
- Enabled bool `json:"enabled"`
+type Autoscaling struct {
+ Http ReplicaRange `json:"http"`
}
-type EASMonitoring struct {
- Agent MonitoringAgent `json:"agent"`
- ServiceMonitor ServiceMonitorLabels `json:"serviceMonitor"`
+type ReplicaRange struct {
+ MinReplicas int `json:"minReplicas"`
+ MaxReplicas int `json:"maxReplicas"`
}
-type PSPSpec struct {
- Enabled bool `json:"enabled"`
+
+type AppRef struct {
+ Service ObjectRef `json:"service"`
+ AuthSecret LocalObjectRef `json:"authSecret"`
+}
+
+type AuthzproxySpec struct {
+ Enabled bool `json:"enabled"`
+ Repository string `json:"repository"`
+ Tag string `json:"tag"`
+ SecurityContext *core.SecurityContext `json:"securityContext"`
+ Resources core.ResourceRequirements `json:"resources"`
+ Params AuthzproxyParams `json:"params"`
+}
+
+type AuthzproxyParams struct {
+ Listen int `json:"listen"`
+ MetricsAddr int `json:"metricsAddr"`
+ PlatformURL string `json:"platformURL"`
+ PlatformCABundle string `json:"platformCABundle"`
}
diff --git a/apis/ui/v1alpha1/types_test.go b/apis/ui/v1alpha1/types_test.go
index a0e9afae..4eb626cb 100644
--- a/apis/ui/v1alpha1/types_test.go
+++ b/apis/ui/v1alpha1/types_test.go
@@ -20,10 +20,17 @@ import (
"os"
"testing"
+ "kubedb.dev/ui/apis/ui/v1alpha1"
+
schemachecker "kmodules.xyz/schema-checker"
)
func TestDefaultValues(t *testing.T) {
- checker := schemachecker.New(os.DirFS("../../.."))
+ checker := schemachecker.New(os.DirFS("../../.."),
+ schemachecker.TestCase{Obj: v1alpha1.DbgateSpec{}},
+ schemachecker.TestCase{Obj: v1alpha1.MongoUiSpec{}},
+ schemachecker.TestCase{Obj: v1alpha1.PgadminSpec{}},
+ schemachecker.TestCase{Obj: v1alpha1.PhpmyadminSpec{}},
+ )
checker.TestAll(t)
}
diff --git a/apis/ui/v1alpha1/zz_generated.deepcopy.go b/apis/ui/v1alpha1/zz_generated.deepcopy.go
index b71ccac3..95921ee6 100644
--- a/apis/ui/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/ui/v1alpha1/zz_generated.deepcopy.go
@@ -23,94 +23,258 @@ package v1alpha1
import (
v1 "k8s.io/api/core/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Container) DeepCopyInto(out *Container) {
+func (in *AppRef) DeepCopyInto(out *AppRef) {
+ *out = *in
+ out.Service = in.Service
+ out.AuthSecret = in.AuthSecret
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppRef.
+func (in *AppRef) DeepCopy() *AppRef {
+ if in == nil {
+ return nil
+ }
+ out := new(AppRef)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AuthzproxyParams) DeepCopyInto(out *AuthzproxyParams) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthzproxyParams.
+func (in *AuthzproxyParams) DeepCopy() *AuthzproxyParams {
+ if in == nil {
+ return nil
+ }
+ out := new(AuthzproxyParams)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AuthzproxySpec) DeepCopyInto(out *AuthzproxySpec) {
*out = *in
- out.ImageRef = in.ImageRef
- in.Resources.DeepCopyInto(&out.Resources)
if in.SecurityContext != nil {
in, out := &in.SecurityContext, &out.SecurityContext
*out = new(v1.SecurityContext)
(*in).DeepCopyInto(*out)
}
+ in.Resources.DeepCopyInto(&out.Resources)
+ out.Params = in.Params
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthzproxySpec.
+func (in *AuthzproxySpec) DeepCopy() *AuthzproxySpec {
+ if in == nil {
+ return nil
+ }
+ out := new(AuthzproxySpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Autoscaling) DeepCopyInto(out *Autoscaling) {
+ *out = *in
+ out.Http = in.Http
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Autoscaling.
+func (in *Autoscaling) DeepCopy() *Autoscaling {
+ if in == nil {
+ return nil
+ }
+ out := new(Autoscaling)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CreateFlag) DeepCopyInto(out *CreateFlag) {
+ *out = *in
return
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Container.
-func (in *Container) DeepCopy() *Container {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CreateFlag.
+func (in *CreateFlag) DeepCopy() *CreateFlag {
if in == nil {
return nil
}
- out := new(Container)
+ out := new(CreateFlag)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *EASHealthcheckSpec) DeepCopyInto(out *EASHealthcheckSpec) {
+func (in *DBRef) DeepCopyInto(out *DBRef) {
*out = *in
+ out.AppRef = in.AppRef
return
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EASHealthcheckSpec.
-func (in *EASHealthcheckSpec) DeepCopy() *EASHealthcheckSpec {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DBRef.
+func (in *DBRef) DeepCopy() *DBRef {
if in == nil {
return nil
}
- out := new(EASHealthcheckSpec)
+ out := new(DBRef)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *EASMonitoring) DeepCopyInto(out *EASMonitoring) {
+func (in *Dbgate) DeepCopyInto(out *Dbgate) {
*out = *in
- in.ServiceMonitor.DeepCopyInto(&out.ServiceMonitor)
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
return
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EASMonitoring.
-func (in *EASMonitoring) DeepCopy() *EASMonitoring {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Dbgate.
+func (in *Dbgate) DeepCopy() *Dbgate {
if in == nil {
return nil
}
- out := new(EASMonitoring)
+ out := new(Dbgate)
in.DeepCopyInto(out)
return out
}
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *Dbgate) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *EASSpec) DeepCopyInto(out *EASSpec) {
+func (in *DbgateList) DeepCopyInto(out *DbgateList) {
*out = *in
- out.Healthcheck = in.Healthcheck
- out.ServingCerts = in.ServingCerts
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]Dbgate, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DbgateList.
+func (in *DbgateList) DeepCopy() *DbgateList {
+ if in == nil {
+ return nil
+ }
+ out := new(DbgateList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *DbgateList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *DbgateSpec) DeepCopyInto(out *DbgateSpec) {
+ *out = *in
+ out.Image = in.Image
+ if in.ImagePullSecrets != nil {
+ in, out := &in.ImagePullSecrets, &out.ImagePullSecrets
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+ in.ServiceAccount.DeepCopyInto(&out.ServiceAccount)
+ if in.PodAnnotations != nil {
+ in, out := &in.PodAnnotations, &out.PodAnnotations
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.PodSecurityContext != nil {
+ in, out := &in.PodSecurityContext, &out.PodSecurityContext
+ *out = new(v1.PodSecurityContext)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.SecurityContext != nil {
+ in, out := &in.SecurityContext, &out.SecurityContext
+ *out = new(v1.SecurityContext)
+ (*in).DeepCopyInto(*out)
+ }
+ out.Service = in.Service
+ in.Resources.DeepCopyInto(&out.Resources)
+ if in.NodeSelector != nil {
+ in, out := &in.NodeSelector, &out.NodeSelector
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.Tolerations != nil {
+ in, out := &in.Tolerations, &out.Tolerations
+ *out = make([]v1.Toleration, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.Affinity != nil {
+ in, out := &in.Affinity, &out.Affinity
+ *out = new(v1.Affinity)
+ (*in).DeepCopyInto(*out)
+ }
+ out.Namespace = in.Namespace
+ out.Gateway = in.Gateway
+ out.Keda = in.Keda
+ out.Autoscaling = in.Autoscaling
+ out.App = in.App
+ out.Bind = in.Bind
+ in.Authzproxy.DeepCopyInto(&out.Authzproxy)
return
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EASSpec.
-func (in *EASSpec) DeepCopy() *EASSpec {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DbgateSpec.
+func (in *DbgateSpec) DeepCopy() *DbgateSpec {
if in == nil {
return nil
}
- out := new(EASSpec)
+ out := new(DbgateSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *HealthcheckSpec) DeepCopyInto(out *HealthcheckSpec) {
+func (in *GatewaySpec) DeepCopyInto(out *GatewaySpec) {
*out = *in
+ out.TlsSecretRef = in.TlsSecretRef
+ out.ReferenceGrant = in.ReferenceGrant
return
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HealthcheckSpec.
-func (in *HealthcheckSpec) DeepCopy() *HealthcheckSpec {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewaySpec.
+func (in *GatewaySpec) DeepCopy() *GatewaySpec {
if in == nil {
return nil
}
- out := new(HealthcheckSpec)
+ out := new(GatewaySpec)
in.DeepCopyInto(out)
return out
}
@@ -132,122 +296,544 @@ func (in *ImageRef) DeepCopy() *ImageRef {
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Monitoring) DeepCopyInto(out *Monitoring) {
+func (in *KedaSpec) DeepCopyInto(out *KedaSpec) {
+ *out = *in
+ out.ProxyService = in.ProxyService
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KedaSpec.
+func (in *KedaSpec) DeepCopy() *KedaSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(KedaSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LocalObjectRef) DeepCopyInto(out *LocalObjectRef) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalObjectRef.
+func (in *LocalObjectRef) DeepCopy() *LocalObjectRef {
+ if in == nil {
+ return nil
+ }
+ out := new(LocalObjectRef)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *MongoRef) DeepCopyInto(out *MongoRef) {
+ *out = *in
+ out.AppRef = in.AppRef
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongoRef.
+func (in *MongoRef) DeepCopy() *MongoRef {
+ if in == nil {
+ return nil
+ }
+ out := new(MongoRef)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *MongoUi) DeepCopyInto(out *MongoUi) {
*out = *in
- if in.ServiceMonitor != nil {
- in, out := &in.ServiceMonitor, &out.ServiceMonitor
- *out = new(ServiceMonitorLabels)
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongoUi.
+func (in *MongoUi) DeepCopy() *MongoUi {
+ if in == nil {
+ return nil
+ }
+ out := new(MongoUi)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *MongoUi) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *MongoUiList) DeepCopyInto(out *MongoUiList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]MongoUi, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongoUiList.
+func (in *MongoUiList) DeepCopy() *MongoUiList {
+ if in == nil {
+ return nil
+ }
+ out := new(MongoUiList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *MongoUiList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *MongoUiSpec) DeepCopyInto(out *MongoUiSpec) {
+ *out = *in
+ out.Image = in.Image
+ if in.ImagePullSecrets != nil {
+ in, out := &in.ImagePullSecrets, &out.ImagePullSecrets
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+ in.ServiceAccount.DeepCopyInto(&out.ServiceAccount)
+ if in.PodAnnotations != nil {
+ in, out := &in.PodAnnotations, &out.PodAnnotations
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.PodSecurityContext != nil {
+ in, out := &in.PodSecurityContext, &out.PodSecurityContext
+ *out = new(v1.PodSecurityContext)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.SecurityContext != nil {
+ in, out := &in.SecurityContext, &out.SecurityContext
+ *out = new(v1.SecurityContext)
(*in).DeepCopyInto(*out)
}
+ out.Service = in.Service
+ in.Resources.DeepCopyInto(&out.Resources)
+ if in.NodeSelector != nil {
+ in, out := &in.NodeSelector, &out.NodeSelector
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.Tolerations != nil {
+ in, out := &in.Tolerations, &out.Tolerations
+ *out = make([]v1.Toleration, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.Affinity != nil {
+ in, out := &in.Affinity, &out.Affinity
+ *out = new(v1.Affinity)
+ (*in).DeepCopyInto(*out)
+ }
+ out.Namespace = in.Namespace
+ out.Gateway = in.Gateway
+ out.Keda = in.Keda
+ out.Autoscaling = in.Autoscaling
+ out.App = in.App
+ out.TLS = in.TLS
+ out.Bind = in.Bind
+ in.Authzproxy.DeepCopyInto(&out.Authzproxy)
return
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Monitoring.
-func (in *Monitoring) DeepCopy() *Monitoring {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongoUiSpec.
+func (in *MongoUiSpec) DeepCopy() *MongoUiSpec {
if in == nil {
return nil
}
- out := new(Monitoring)
+ out := new(MongoUiSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *PSPSpec) DeepCopyInto(out *PSPSpec) {
+func (in *MongoUiTLS) DeepCopyInto(out *MongoUiTLS) {
*out = *in
return
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PSPSpec.
-func (in *PSPSpec) DeepCopy() *PSPSpec {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongoUiTLS.
+func (in *MongoUiTLS) DeepCopy() *MongoUiTLS {
if in == nil {
return nil
}
- out := new(PSPSpec)
+ out := new(MongoUiTLS)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ServiceAccountSpec) DeepCopyInto(out *ServiceAccountSpec) {
+func (in *ObjectRef) DeepCopyInto(out *ObjectRef) {
*out = *in
- if in.Name != nil {
- in, out := &in.Name, &out.Name
- *out = new(string)
- **out = **in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectRef.
+func (in *ObjectRef) DeepCopy() *ObjectRef {
+ if in == nil {
+ return nil
}
- if in.Annotations != nil {
- in, out := &in.Annotations, &out.Annotations
+ out := new(ObjectRef)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Pgadmin) DeepCopyInto(out *Pgadmin) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Pgadmin.
+func (in *Pgadmin) DeepCopy() *Pgadmin {
+ if in == nil {
+ return nil
+ }
+ out := new(Pgadmin)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *Pgadmin) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PgadminList) DeepCopyInto(out *PgadminList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]Pgadmin, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PgadminList.
+func (in *PgadminList) DeepCopy() *PgadminList {
+ if in == nil {
+ return nil
+ }
+ out := new(PgadminList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PgadminList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PgadminSpec) DeepCopyInto(out *PgadminSpec) {
+ *out = *in
+ out.Image = in.Image
+ if in.ImagePullSecrets != nil {
+ in, out := &in.ImagePullSecrets, &out.ImagePullSecrets
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+ in.ServiceAccount.DeepCopyInto(&out.ServiceAccount)
+ if in.PodAnnotations != nil {
+ in, out := &in.PodAnnotations, &out.PodAnnotations
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
+ if in.PodSecurityContext != nil {
+ in, out := &in.PodSecurityContext, &out.PodSecurityContext
+ *out = new(v1.PodSecurityContext)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.SecurityContext != nil {
+ in, out := &in.SecurityContext, &out.SecurityContext
+ *out = new(v1.SecurityContext)
+ (*in).DeepCopyInto(*out)
+ }
+ out.Service = in.Service
+ in.Resources.DeepCopyInto(&out.Resources)
+ if in.NodeSelector != nil {
+ in, out := &in.NodeSelector, &out.NodeSelector
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.Tolerations != nil {
+ in, out := &in.Tolerations, &out.Tolerations
+ *out = make([]v1.Toleration, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.Affinity != nil {
+ in, out := &in.Affinity, &out.Affinity
+ *out = new(v1.Affinity)
+ (*in).DeepCopyInto(*out)
+ }
+ out.Namespace = in.Namespace
+ out.Gateway = in.Gateway
+ out.Keda = in.Keda
+ out.Autoscaling = in.Autoscaling
+ out.App = in.App
+ out.Bind = in.Bind
+ in.Authzproxy.DeepCopyInto(&out.Authzproxy)
return
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountSpec.
-func (in *ServiceAccountSpec) DeepCopy() *ServiceAccountSpec {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PgadminSpec.
+func (in *PgadminSpec) DeepCopy() *PgadminSpec {
if in == nil {
return nil
}
- out := new(ServiceAccountSpec)
+ out := new(PgadminSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ServiceMonitorLabels) DeepCopyInto(out *ServiceMonitorLabels) {
+func (in *Phpmyadmin) DeepCopyInto(out *Phpmyadmin) {
*out = *in
- if in.Labels != nil {
- in, out := &in.Labels, &out.Labels
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Phpmyadmin.
+func (in *Phpmyadmin) DeepCopy() *Phpmyadmin {
+ if in == nil {
+ return nil
+ }
+ out := new(Phpmyadmin)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *Phpmyadmin) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PhpmyadminList) DeepCopyInto(out *PhpmyadminList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]Phpmyadmin, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PhpmyadminList.
+func (in *PhpmyadminList) DeepCopy() *PhpmyadminList {
+ if in == nil {
+ return nil
+ }
+ out := new(PhpmyadminList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PhpmyadminList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PhpmyadminSpec) DeepCopyInto(out *PhpmyadminSpec) {
+ *out = *in
+ out.Image = in.Image
+ if in.ImagePullSecrets != nil {
+ in, out := &in.ImagePullSecrets, &out.ImagePullSecrets
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+ in.ServiceAccount.DeepCopyInto(&out.ServiceAccount)
+ if in.PodAnnotations != nil {
+ in, out := &in.PodAnnotations, &out.PodAnnotations
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
+ if in.PodSecurityContext != nil {
+ in, out := &in.PodSecurityContext, &out.PodSecurityContext
+ *out = new(v1.PodSecurityContext)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.SecurityContext != nil {
+ in, out := &in.SecurityContext, &out.SecurityContext
+ *out = new(v1.SecurityContext)
+ (*in).DeepCopyInto(*out)
+ }
+ out.Service = in.Service
+ in.Resources.DeepCopyInto(&out.Resources)
+ if in.NodeSelector != nil {
+ in, out := &in.NodeSelector, &out.NodeSelector
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.Tolerations != nil {
+ in, out := &in.Tolerations, &out.Tolerations
+ *out = make([]v1.Toleration, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.Affinity != nil {
+ in, out := &in.Affinity, &out.Affinity
+ *out = new(v1.Affinity)
+ (*in).DeepCopyInto(*out)
+ }
+ out.Namespace = in.Namespace
+ out.Gateway = in.Gateway
+ out.Keda = in.Keda
+ out.Autoscaling = in.Autoscaling
+ out.App = in.App
+ out.Bind = in.Bind
+ in.Authzproxy.DeepCopyInto(&out.Authzproxy)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PhpmyadminSpec.
+func (in *PhpmyadminSpec) DeepCopy() *PhpmyadminSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(PhpmyadminSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProxyServiceSpec) DeepCopyInto(out *ProxyServiceSpec) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyServiceSpec.
+func (in *ProxyServiceSpec) DeepCopy() *ProxyServiceSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(ProxyServiceSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ReplicaRange) DeepCopyInto(out *ReplicaRange) {
+ *out = *in
return
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceMonitorLabels.
-func (in *ServiceMonitorLabels) DeepCopy() *ServiceMonitorLabels {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicaRange.
+func (in *ReplicaRange) DeepCopy() *ReplicaRange {
if in == nil {
return nil
}
- out := new(ServiceMonitorLabels)
+ out := new(ReplicaRange)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ServingCerts) DeepCopyInto(out *ServingCerts) {
+func (in *ServiceAccountSpec) DeepCopyInto(out *ServiceAccountSpec) {
*out = *in
+ if in.Name != nil {
+ in, out := &in.Name, &out.Name
+ *out = new(string)
+ **out = **in
+ }
+ if in.Annotations != nil {
+ in, out := &in.Annotations, &out.Annotations
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
return
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServingCerts.
-func (in *ServingCerts) DeepCopy() *ServingCerts {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountSpec.
+func (in *ServiceAccountSpec) DeepCopy() *ServiceAccountSpec {
if in == nil {
return nil
}
- out := new(ServingCerts)
+ out := new(ServiceAccountSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WebHookSpec) DeepCopyInto(out *WebHookSpec) {
+func (in *ServiceSpec) DeepCopyInto(out *ServiceSpec) {
*out = *in
- out.Healthcheck = in.Healthcheck
return
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebHookSpec.
-func (in *WebHookSpec) DeepCopy() *WebHookSpec {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceSpec.
+func (in *ServiceSpec) DeepCopy() *ServiceSpec {
if in == nil {
return nil
}
- out := new(WebHookSpec)
+ out := new(ServiceSpec)
in.DeepCopyInto(out)
return out
}
diff --git a/charts/dbgate/README.md b/charts/dbgate/README.md
index 7201079d..e8a41286 100644
--- a/charts/dbgate/README.md
+++ b/charts/dbgate/README.md
@@ -59,6 +59,7 @@ The following table lists the configurable parameters of the `dbgate` chart and
| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | "" |
| podAnnotations | | {} |
| podSecurityContext | | {} |
+| securityContext | | {} |
| service.type | | ClusterIP |
| service.port | | 80 |
| resources | | {} |
diff --git a/charts/dbgate/values.openapiv3_schema.yaml b/charts/dbgate/values.openapiv3_schema.yaml
new file mode 100644
index 00000000..f8f122fe
--- /dev/null
+++ b/charts/dbgate/values.openapiv3_schema.yaml
@@ -0,0 +1,1772 @@
+properties:
+ affinity:
+ description: Affinity is a group of affinity scheduling rules.
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that
+ satisfy the affinity expressions specified by this field, but it may
+ choose a node that violates one or more of the expressions. The node
+ that is most preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.), compute
+ a sum by iterating through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches all objects
+ with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling
+ term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the corresponding
+ weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's
+ labels.
+ items:
+ description: A node selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator
+ is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. If the operator is Gt or Lt, the
+ values array must have a single element, which will
+ be interpreted as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements by node's
+ fields.
+ items:
+ description: A node selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator
+ is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. If the operator is Gt or Lt, the
+ values array must have a single element, which will
+ be interpreted as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the corresponding nodeSelectorTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this field are
+ not met at scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms. The terms are
+ ORed.
+ items:
+ description: A null or empty node selector term matches no objects.
+ The requirements of them are ANDed. The TopologySelectorTerm type
+ implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's
+ labels.
+ items:
+ description: A node selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator
+ is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. If the operator is Gt or Lt, the
+ values array must have a single element, which will
+ be interpreted as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements by node's
+ fields.
+ items:
+ description: A node selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator
+ is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. If the operator is Gt or Lt, the
+ values array must have a single element, which will
+ be interpreted as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate this
+ pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that
+ satisfy the affinity expressions specified by this field, but it may
+ choose a node that violates one or more of the expressions. The node
+ that is most preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.), compute
+ a sum by iterating through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding podAffinityTerm;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the
+ corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this
+ case pods. If it's null, this PodAffinityTerm matches with
+ no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are
+ used to lookup values from the incoming pod labels, those
+ key-value labels are merged with `labelSelector` as `key in
+ (value)` to select the group of existing pods which pods will
+ be taken into consideration for the incoming pod's pod (anti)
+ affinity. Keys that don't exist in the incoming pod labels
+ will be ignored. The default value is empty. The same key
+ is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't
+ set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity
+ feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: MismatchLabelKeys is a set of pod label keys to
+ select which pods will be taken into consideration. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are merged with `labelSelector` as `key notin
+ (value)` to select the group of existing pods which pods will
+ be taken into consideration for the incoming pod's pod (anti)
+ affinity. Keys that don't exist in the incoming pod labels
+ will be ignored. The default value is empty. The same key
+ is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't
+ set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity
+ feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces that the
+ term applies to. The term is applied to the union of the namespaces
+ selected by this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces list means
+ "this pod's namespace". An empty selector ({}) matches all
+ namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied to the
+ union of the namespaces listed in this field and the ones
+ selected by namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: This pod should be co-located (affinity) or not
+ co-located (anti-affinity) with the pods matching the labelSelector
+ in the specified namespaces, where co-located is defined as
+ running on a node whose value of the label with key topologyKey
+ matches that of any node on which any of the selected pods
+ is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this field are
+ not met at scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update),
+ the system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to
+ each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the label with key
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case
+ pods. If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are used
+ to lookup values from the incoming pod labels, those key-value
+ labels are merged with `labelSelector` as `key in (value)` to
+ select the group of existing pods which pods will be taken into
+ consideration for the incoming pod's pod (anti) affinity. Keys
+ that don't exist in the incoming pod labels will be ignored. The
+ default value is empty. The same key is forbidden to exist in
+ both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot
+ be set when labelSelector isn't set. This is an alpha field and
+ requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: MismatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are used
+ to lookup values from the incoming pod labels, those key-value
+ labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken
+ into consideration for the incoming pod's pod (anti) affinity.
+ Keys that don't exist in the incoming pod labels will be ignored.
+ The default value is empty. The same key is forbidden to exist
+ in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys
+ cannot be set when labelSelector isn't set. This is an alpha field
+ and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term
+ applies to. The term is applied to the union of the namespaces
+ selected by this field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace names
+ that the term applies to. The term is applied to the union of
+ the namespaces listed in this field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located
+ (anti-affinity) with the pods matching the labelSelector in the
+ specified namespaces, where co-located is defined as running on
+ a node whose value of the label with key topologyKey matches that
+ of any node on which any of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g. avoid putting
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that
+ satisfy the anti-affinity expressions specified by this field, but it
+ may choose a node that violates one or more of the expressions. The
+ node that is most preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the
+ corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this
+ case pods. If it's null, this PodAffinityTerm matches with
+ no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are
+ used to lookup values from the incoming pod labels, those
+ key-value labels are merged with `labelSelector` as `key in
+ (value)` to select the group of existing pods which pods will
+ be taken into consideration for the incoming pod's pod (anti)
+ affinity. Keys that don't exist in the incoming pod labels
+ will be ignored. The default value is empty. The same key
+ is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't
+ set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity
+ feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: MismatchLabelKeys is a set of pod label keys to
+ select which pods will be taken into consideration. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are merged with `labelSelector` as `key notin
+ (value)` to select the group of existing pods which pods will
+ be taken into consideration for the incoming pod's pod (anti)
+ affinity. Keys that don't exist in the incoming pod labels
+ will be ignored. The default value is empty. The same key
+ is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't
+ set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity
+ feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces that the
+ term applies to. The term is applied to the union of the namespaces
+ selected by this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces list means
+ "this pod's namespace". An empty selector ({}) matches all
+ namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied to the
+ union of the namespaces listed in this field and the ones
+ selected by namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: This pod should be co-located (affinity) or not
+ co-located (anti-affinity) with the pods matching the labelSelector
+ in the specified namespaces, where co-located is defined as
+ running on a node whose value of the label with key topologyKey
+ matches that of any node on which any of the selected pods
+ is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by this field
+ are not met at scheduling time, the pod will not be scheduled onto the
+ node. If the anti-affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g. due to a pod label
+ update), the system may or may not try to eventually evict the pod from
+ its node. When there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the label with key
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case
+ pods. If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are used
+ to lookup values from the incoming pod labels, those key-value
+ labels are merged with `labelSelector` as `key in (value)` to
+ select the group of existing pods which pods will be taken into
+ consideration for the incoming pod's pod (anti) affinity. Keys
+ that don't exist in the incoming pod labels will be ignored. The
+ default value is empty. The same key is forbidden to exist in
+ both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot
+ be set when labelSelector isn't set. This is an alpha field and
+ requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: MismatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are used
+ to lookup values from the incoming pod labels, those key-value
+ labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken
+ into consideration for the incoming pod's pod (anti) affinity.
+ Keys that don't exist in the incoming pod labels will be ignored.
+ The default value is empty. The same key is forbidden to exist
+ in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys
+ cannot be set when labelSelector isn't set. This is an alpha field
+ and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term
+ applies to. The term is applied to the union of the namespaces
+ selected by this field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace names
+ that the term applies to. The term is applied to the union of
+ the namespaces listed in this field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located
+ (anti-affinity) with the pods matching the labelSelector in the
+ specified namespaces, where co-located is defined as running on
+ a node whose value of the label with key topologyKey matches that
+ of any node on which any of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ app:
+ properties:
+ authSecret:
+ properties:
+ name:
+ type: string
+ required:
+ - name
+ type: object
+ kind:
+ type: string
+ service:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - authSecret
+ - kind
+ - service
+ type: object
+ authzproxy:
+ properties:
+ enabled:
+ type: boolean
+ params:
+ properties:
+ listen:
+ type: integer
+ metricsAddr:
+ type: integer
+ platformCABundle:
+ type: string
+ platformURL:
+ type: string
+ required:
+ - listen
+ - metricsAddr
+ - platformCABundle
+ - platformURL
+ type: object
+ repository:
+ type: string
+ resources:
+ description: ResourceRequirements describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in spec.resourceClaims,\
+ \ that are used by this container. \n This is an alpha field and requires\
+ \ enabling the DynamicResourceAllocation feature gate. \n This field\
+ \ is immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources
+ required. If Requests is omitted for a container, it defaults to Limits
+ if that is explicitly specified, otherwise to an implementation-defined
+ value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that will be applied
+ to a container. Some fields are present in both SecurityContext and PodSecurityContext. When
+ both are set, the values in SecurityContext take precedence.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a process can
+ gain more privileges than its parent process. This bool directly controls
+ if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.'
+ type: boolean
+ appArmorProfile:
+ description: appArmorProfile is the AppArmor options to use by this container.
+ If set, this profile overrides the pod's appArmorProfile. Note that
+ this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile loaded on the node
+ that should be used. The profile must be preconfigured on the node
+ to work. Must match the loaded name of the profile. Must be set
+ if and only if type is "Localhost".
+ type: string
+ type:
+ description: 'type indicates which kind of AppArmor profile will be
+ applied. Valid options are: Localhost - a profile pre-loaded on
+ the node. RuntimeDefault - the container runtime''s default profile.
+ Unconfined - no AppArmor enforcement.'
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: The capabilities to add/drop when running containers. Defaults
+ to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in privileged
+ containers are essentially equivalent to root on the host. Defaults
+ to false. Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults
+ for readonly paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot be set when
+ spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem. Default
+ is false. Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses
+ runtime default if unset. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that
+ it does not run as UID 0 (root) and fail to start the container if it
+ does. If unset or false, no such validation will be performed. May also
+ be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults
+ to user specified in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container. If unspecified,
+ the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext takes
+ precedence. Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container. If seccomp
+ options are provided at both the pod & container level, the container
+ options override the pod options. Note that this field cannot be set
+ when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file
+ on the node should be used. The profile must be preconfigured on
+ the node to work. Must be a descending path, relative to the kubelet's
+ configured seccomp profile location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be\
+ \ applied. Valid options are: \n Localhost - a profile defined in\
+ \ a file on the node should be used. RuntimeDefault - the container\
+ \ runtime default profile should be used. Unconfined - no profile\
+ \ should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence. Note that this field cannot be
+ set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents
+ of the GMSA credential spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential
+ spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as
+ a 'Host Process' container. All of a Pod's containers must have
+ the same effective HostProcess value (it is not allowed to have
+ a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be
+ set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the
+ container process. Defaults to the user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ tag:
+ type: string
+ required:
+ - enabled
+ - params
+ - repository
+ - resources
+ - securityContext
+ - tag
+ type: object
+ autoscaling:
+ properties:
+ http:
+ properties:
+ maxReplicas:
+ type: integer
+ minReplicas:
+ type: integer
+ required:
+ - maxReplicas
+ - minReplicas
+ type: object
+ required:
+ - http
+ type: object
+ bind:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ fullnameOverride:
+ type: string
+ gateway:
+ properties:
+ className:
+ type: string
+ port:
+ type: integer
+ referenceGrant:
+ properties:
+ create:
+ type: boolean
+ required:
+ - create
+ type: object
+ tlsSecretRef:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - className
+ - port
+ - referenceGrant
+ - tlsSecretRef
+ type: object
+ image:
+ properties:
+ pullPolicy:
+ type: string
+ repository:
+ type: string
+ tag:
+ type: string
+ required:
+ - pullPolicy
+ - repository
+ - tag
+ type: object
+ imagePullSecrets:
+ items:
+ type: string
+ type: array
+ keda:
+ properties:
+ proxyService:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ port:
+ type: integer
+ required:
+ - name
+ - namespace
+ - port
+ type: object
+ required:
+ - proxyService
+ type: object
+ nameOverride:
+ type: string
+ namespace:
+ properties:
+ create:
+ type: boolean
+ required:
+ - create
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ type: object
+ podAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ podSecurityContext:
+ description: PodSecurityContext holds pod-level security attributes and common
+ container settings. Some fields are also present in container.securityContext. Field
+ values of container.securityContext take precedence over field values of PodSecurityContext.
+ properties:
+ appArmorProfile:
+ description: appArmorProfile is the AppArmor options to use by the containers
+ in this pod. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile loaded on the node that
+ should be used. The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile. Must be set if and only if
+ type is "Localhost".
+ type: string
+ type:
+ description: 'type indicates which kind of AppArmor profile will be applied.
+ Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault
+ - the container runtime''s default profile. Unconfined - no AppArmor
+ enforcement.'
+ type: string
+ required:
+ - type
+ type: object
+ fsGroup:
+ description: "A special supplemental group that applies to all containers\
+ \ in a pod. Some volume types allow the Kubelet to change the ownership\
+ \ of that volume to be owned by the pod: \n 1. The owning GID will be the\
+ \ FSGroup 2. The setgid bit is set (new files created in the volume will\
+ \ be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n\
+ \ If unset, the Kubelet will not modify the ownership and permissions of\
+ \ any volume. Note that this field cannot be set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing ownership and
+ permission of the volume before being exposed inside Pod. This field will
+ only apply to volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified,
+ "Always" is used. Note that this field cannot be set when spec.os.name is
+ windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses
+ runtime default if unset. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field cannot be set
+ when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user. If
+ true, the Kubelet will validate the image at runtime to ensure that it does
+ not run as UID 0 (root) and fail to start the container if it does. If unset
+ or false, no such validation will be performed. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults
+ to user specified in image metadata if unspecified. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence for that container. Note that this field
+ cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers. If unspecified,
+ the container runtime will allocate a random SELinux context for each container. May
+ also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this pod. Note
+ that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file on
+ the node should be used. The profile must be preconfigured on the node
+ to work. Must be a descending path, relative to the kubelet's configured
+ seccomp profile location. Must be set if type is "Localhost". Must NOT
+ be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be applied.\
+ \ Valid options are: \n Localhost - a profile defined in a file on the\
+ \ node should be used. RuntimeDefault - the container runtime default\
+ \ profile should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run in each container,
+ in addition to the container's primary GID, the fsGroup (if specified),
+ and group memberships defined in the container image for the uid of the
+ container process. If unspecified, no additional groups are added to any
+ container. Note that group memberships defined in the container image for
+ the uid of the container process are still effective, even if they are not
+ included in this list. Note that this field cannot be set when spec.os.name
+ is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: atomic
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for the pod. Pods
+ with unsupported sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ windowsOptions:
+ description: The Windows specific settings applied to all containers. If unspecified,
+ the options within a container's SecurityContext will be used. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential
+ spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as a
+ 'Host Process' container. All of a Pod's containers must have the same
+ effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the container
+ process. Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext takes
+ precedence.
+ type: string
+ type: object
+ type: object
+ replicaCount:
+ type: integer
+ resources:
+ description: ResourceRequirements describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in spec.resourceClaims,\
+ \ that are used by this container. \n This is an alpha field and requires\
+ \ enabling the DynamicResourceAllocation feature gate. \n This field is\
+ \ immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is
+ explicitly specified, otherwise to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that will be applied
+ to a container. Some fields are present in both SecurityContext and PodSecurityContext. When
+ both are set, the values in SecurityContext take precedence.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a process can gain
+ more privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.'
+ type: boolean
+ appArmorProfile:
+ description: appArmorProfile is the AppArmor options to use by this container.
+ If set, this profile overrides the pod's appArmorProfile. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile loaded on the node that
+ should be used. The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile. Must be set if and only if
+ type is "Localhost".
+ type: string
+ type:
+ description: 'type indicates which kind of AppArmor profile will be applied.
+ Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault
+ - the container runtime''s default profile. Unconfined - no AppArmor
+ enforcement.'
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: The capabilities to add/drop when running containers. Defaults
+ to the default set of capabilities granted by the container runtime. Note
+ that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in privileged containers
+ are essentially equivalent to root on the host. Defaults to false. Note
+ that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults
+ for readonly paths and masked paths. This requires the ProcMountType feature
+ flag to be enabled. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem. Default
+ is false. Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses
+ runtime default if unset. May also be set in PodSecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when spec.os.name is
+ windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user. If
+ true, the Kubelet will validate the image at runtime to ensure that it does
+ not run as UID 0 (root) and fail to start the container if it does. If unset
+ or false, no such validation will be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults
+ to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence. Note that this field cannot be set
+ when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container. If unspecified,
+ the container runtime will allocate a random SELinux context for each container. May
+ also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container. If seccomp options
+ are provided at both the pod & container level, the container options override
+ the pod options. Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file on
+ the node should be used. The profile must be preconfigured on the node
+ to work. Must be a descending path, relative to the kubelet's configured
+ seccomp profile location. Must be set if type is "Localhost". Must NOT
+ be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be applied.\
+ \ Valid options are: \n Localhost - a profile defined in a file on the\
+ \ node should be used. RuntimeDefault - the container runtime default\
+ \ profile should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all containers. If unspecified,
+ the options from the PodSecurityContext will be used. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential
+ spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as a
+ 'Host Process' container. All of a Pod's containers must have the same
+ effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the container
+ process. Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext takes
+ precedence.
+ type: string
+ type: object
+ type: object
+ service:
+ properties:
+ port:
+ type: integer
+ type:
+ type: string
+ required:
+ - port
+ - type
+ type: object
+ serviceAccount:
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ create:
+ type: boolean
+ name:
+ type: string
+ required:
+ - create
+ type: object
+ targetPendingRequests:
+ type: integer
+ tolerations:
+ items:
+ description: The pod this Toleration is attached to tolerates any taint that
+ matches the triple using the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty means match
+ all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule
+ and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies to. Empty
+ means match all taint keys. If the key is empty, operator must be Exists;
+ this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the value. Valid
+ operators are Exists and Equal. Defaults to Equal. Exists is equivalent
+ to wildcard for value, so that a pod can tolerate all taints of a particular
+ category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time the toleration
+ (which must be of effect NoExecute, otherwise this field is ignored) tolerates
+ the taint. By default, it is not set, which means tolerate the taint forever
+ (do not evict). Zero and negative values will be treated as 0 (evict immediately)
+ by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches to. If the
+ operator is Exists, the value should be empty, otherwise just a regular
+ string.
+ type: string
+ type: object
+ type: array
+required:
+- affinity
+- app
+- authzproxy
+- autoscaling
+- bind
+- fullnameOverride
+- gateway
+- image
+- imagePullSecrets
+- keda
+- nameOverride
+- namespace
+- nodeSelector
+- podAnnotations
+- podSecurityContext
+- replicaCount
+- resources
+- securityContext
+- service
+- serviceAccount
+- targetPendingRequests
+- tolerations
+type: object
diff --git a/charts/dbgate/values.yaml b/charts/dbgate/values.yaml
index d8f46690..04af02e9 100644
--- a/charts/dbgate/values.yaml
+++ b/charts/dbgate/values.yaml
@@ -28,7 +28,7 @@ podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
-# securityContext: # +doc-gen:break
+securityContext: {}
# allowPrivilegeEscalation: false
# capabilities:
# drop: ["ALL"]
diff --git a/charts/mongo-ui/values.openapiv3_schema.yaml b/charts/mongo-ui/values.openapiv3_schema.yaml
new file mode 100644
index 00000000..5275a060
--- /dev/null
+++ b/charts/mongo-ui/values.openapiv3_schema.yaml
@@ -0,0 +1,1783 @@
+properties:
+ affinity:
+ description: Affinity is a group of affinity scheduling rules.
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that
+ satisfy the affinity expressions specified by this field, but it may
+ choose a node that violates one or more of the expressions. The node
+ that is most preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.), compute
+ a sum by iterating through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches all objects
+ with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling
+ term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the corresponding
+ weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's
+ labels.
+ items:
+ description: A node selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator
+ is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. If the operator is Gt or Lt, the
+ values array must have a single element, which will
+ be interpreted as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements by node's
+ fields.
+ items:
+ description: A node selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator
+ is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. If the operator is Gt or Lt, the
+ values array must have a single element, which will
+ be interpreted as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the corresponding nodeSelectorTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this field are
+ not met at scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms. The terms are
+ ORed.
+ items:
+ description: A null or empty node selector term matches no objects.
+ The requirements of them are ANDed. The TopologySelectorTerm type
+ implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's
+ labels.
+ items:
+ description: A node selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator
+ is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. If the operator is Gt or Lt, the
+ values array must have a single element, which will
+ be interpreted as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements by node's
+ fields.
+ items:
+ description: A node selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator
+ is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. If the operator is Gt or Lt, the
+ values array must have a single element, which will
+ be interpreted as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate this
+ pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that
+ satisfy the affinity expressions specified by this field, but it may
+ choose a node that violates one or more of the expressions. The node
+ that is most preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.), compute
+ a sum by iterating through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding podAffinityTerm;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the
+ corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this
+ case pods. If it's null, this PodAffinityTerm matches with
+ no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are
+ used to lookup values from the incoming pod labels, those
+ key-value labels are merged with `labelSelector` as `key in
+ (value)` to select the group of existing pods which pods will
+ be taken into consideration for the incoming pod's pod (anti)
+ affinity. Keys that don't exist in the incoming pod labels
+ will be ignored. The default value is empty. The same key
+ is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't
+ set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity
+ feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: MismatchLabelKeys is a set of pod label keys to
+ select which pods will be taken into consideration. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are merged with `labelSelector` as `key notin
+ (value)` to select the group of existing pods which pods will
+ be taken into consideration for the incoming pod's pod (anti)
+ affinity. Keys that don't exist in the incoming pod labels
+ will be ignored. The default value is empty. The same key
+ is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't
+ set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity
+ feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces that the
+ term applies to. The term is applied to the union of the namespaces
+ selected by this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces list means
+ "this pod's namespace". An empty selector ({}) matches all
+ namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied to the
+ union of the namespaces listed in this field and the ones
+ selected by namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: This pod should be co-located (affinity) or not
+ co-located (anti-affinity) with the pods matching the labelSelector
+ in the specified namespaces, where co-located is defined as
+ running on a node whose value of the label with key topologyKey
+ matches that of any node on which any of the selected pods
+ is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this field are
+ not met at scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update),
+ the system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to
+ each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the label with key
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case
+ pods. If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are used
+ to lookup values from the incoming pod labels, those key-value
+ labels are merged with `labelSelector` as `key in (value)` to
+ select the group of existing pods which pods will be taken into
+ consideration for the incoming pod's pod (anti) affinity. Keys
+ that don't exist in the incoming pod labels will be ignored. The
+ default value is empty. The same key is forbidden to exist in
+ both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot
+ be set when labelSelector isn't set. This is an alpha field and
+ requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: MismatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are used
+ to lookup values from the incoming pod labels, those key-value
+ labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken
+ into consideration for the incoming pod's pod (anti) affinity.
+ Keys that don't exist in the incoming pod labels will be ignored.
+ The default value is empty. The same key is forbidden to exist
+ in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys
+ cannot be set when labelSelector isn't set. This is an alpha field
+ and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term
+ applies to. The term is applied to the union of the namespaces
+ selected by this field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace names
+ that the term applies to. The term is applied to the union of
+ the namespaces listed in this field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located
+ (anti-affinity) with the pods matching the labelSelector in the
+ specified namespaces, where co-located is defined as running on
+ a node whose value of the label with key topologyKey matches that
+ of any node on which any of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g. avoid putting
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that
+ satisfy the anti-affinity expressions specified by this field, but it
+ may choose a node that violates one or more of the expressions. The
+ node that is most preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the
+ corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this
+ case pods. If it's null, this PodAffinityTerm matches with
+ no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are
+ used to lookup values from the incoming pod labels, those
+ key-value labels are merged with `labelSelector` as `key in
+ (value)` to select the group of existing pods which pods will
+ be taken into consideration for the incoming pod's pod (anti)
+ affinity. Keys that don't exist in the incoming pod labels
+ will be ignored. The default value is empty. The same key
+ is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't
+ set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity
+ feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: MismatchLabelKeys is a set of pod label keys to
+ select which pods will be taken into consideration. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are merged with `labelSelector` as `key notin
+ (value)` to select the group of existing pods which pods will
+ be taken into consideration for the incoming pod's pod (anti)
+ affinity. Keys that don't exist in the incoming pod labels
+ will be ignored. The default value is empty. The same key
+ is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't
+ set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity
+ feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces that the
+ term applies to. The term is applied to the union of the namespaces
+ selected by this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces list means
+ "this pod's namespace". An empty selector ({}) matches all
+ namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied to the
+ union of the namespaces listed in this field and the ones
+ selected by namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: This pod should be co-located (affinity) or not
+ co-located (anti-affinity) with the pods matching the labelSelector
+ in the specified namespaces, where co-located is defined as
+ running on a node whose value of the label with key topologyKey
+ matches that of any node on which any of the selected pods
+ is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by this field
+ are not met at scheduling time, the pod will not be scheduled onto the
+ node. If the anti-affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g. due to a pod label
+ update), the system may or may not try to eventually evict the pod from
+ its node. When there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the label with key
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case
+ pods. If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are used
+ to lookup values from the incoming pod labels, those key-value
+ labels are merged with `labelSelector` as `key in (value)` to
+ select the group of existing pods which pods will be taken into
+ consideration for the incoming pod's pod (anti) affinity. Keys
+ that don't exist in the incoming pod labels will be ignored. The
+ default value is empty. The same key is forbidden to exist in
+ both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot
+ be set when labelSelector isn't set. This is an alpha field and
+ requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: MismatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are used
+ to lookup values from the incoming pod labels, those key-value
+ labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken
+ into consideration for the incoming pod's pod (anti) affinity.
+ Keys that don't exist in the incoming pod labels will be ignored.
+ The default value is empty. The same key is forbidden to exist
+ in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys
+ cannot be set when labelSelector isn't set. This is an alpha field
+ and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term
+ applies to. The term is applied to the union of the namespaces
+ selected by this field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace names
+ that the term applies to. The term is applied to the union of
+ the namespaces listed in this field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located
+ (anti-affinity) with the pods matching the labelSelector in the
+ specified namespaces, where co-located is defined as running on
+ a node whose value of the label with key topologyKey matches that
+ of any node on which any of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ app:
+ properties:
+ authSecret:
+ properties:
+ name:
+ type: string
+ required:
+ - name
+ type: object
+ service:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ url:
+ type: string
+ required:
+ - authSecret
+ - service
+ - url
+ type: object
+ authzproxy:
+ properties:
+ enabled:
+ type: boolean
+ params:
+ properties:
+ listen:
+ type: integer
+ metricsAddr:
+ type: integer
+ platformCABundle:
+ type: string
+ platformURL:
+ type: string
+ required:
+ - listen
+ - metricsAddr
+ - platformCABundle
+ - platformURL
+ type: object
+ repository:
+ type: string
+ resources:
+ description: ResourceRequirements describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in spec.resourceClaims,\
+ \ that are used by this container. \n This is an alpha field and requires\
+ \ enabling the DynamicResourceAllocation feature gate. \n This field\
+ \ is immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources
+ required. If Requests is omitted for a container, it defaults to Limits
+ if that is explicitly specified, otherwise to an implementation-defined
+ value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that will be applied
+ to a container. Some fields are present in both SecurityContext and PodSecurityContext. When
+ both are set, the values in SecurityContext take precedence.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a process can
+ gain more privileges than its parent process. This bool directly controls
+ if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.'
+ type: boolean
+ appArmorProfile:
+ description: appArmorProfile is the AppArmor options to use by this container.
+ If set, this profile overrides the pod's appArmorProfile. Note that
+ this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile loaded on the node
+ that should be used. The profile must be preconfigured on the node
+ to work. Must match the loaded name of the profile. Must be set
+ if and only if type is "Localhost".
+ type: string
+ type:
+ description: 'type indicates which kind of AppArmor profile will be
+ applied. Valid options are: Localhost - a profile pre-loaded on
+ the node. RuntimeDefault - the container runtime''s default profile.
+ Unconfined - no AppArmor enforcement.'
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: The capabilities to add/drop when running containers. Defaults
+ to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in privileged
+ containers are essentially equivalent to root on the host. Defaults
+ to false. Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults
+ for readonly paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot be set when
+ spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem. Default
+ is false. Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses
+ runtime default if unset. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that
+ it does not run as UID 0 (root) and fail to start the container if it
+ does. If unset or false, no such validation will be performed. May also
+ be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults
+ to user specified in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container. If unspecified,
+ the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext takes
+ precedence. Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container. If seccomp
+ options are provided at both the pod & container level, the container
+ options override the pod options. Note that this field cannot be set
+ when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file
+ on the node should be used. The profile must be preconfigured on
+ the node to work. Must be a descending path, relative to the kubelet's
+ configured seccomp profile location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be\
+ \ applied. Valid options are: \n Localhost - a profile defined in\
+ \ a file on the node should be used. RuntimeDefault - the container\
+ \ runtime default profile should be used. Unconfined - no profile\
+ \ should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence. Note that this field cannot be
+ set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents
+ of the GMSA credential spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential
+ spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as
+ a 'Host Process' container. All of a Pod's containers must have
+ the same effective HostProcess value (it is not allowed to have
+ a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be
+ set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the
+ container process. Defaults to the user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ tag:
+ type: string
+ required:
+ - enabled
+ - params
+ - repository
+ - resources
+ - securityContext
+ - tag
+ type: object
+ autoscaling:
+ properties:
+ http:
+ properties:
+ maxReplicas:
+ type: integer
+ minReplicas:
+ type: integer
+ required:
+ - maxReplicas
+ - minReplicas
+ type: object
+ required:
+ - http
+ type: object
+ bind:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ fullnameOverride:
+ type: string
+ gateway:
+ properties:
+ className:
+ type: string
+ port:
+ type: integer
+ referenceGrant:
+ properties:
+ create:
+ type: boolean
+ required:
+ - create
+ type: object
+ tlsSecretRef:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - className
+ - port
+ - referenceGrant
+ - tlsSecretRef
+ type: object
+ image:
+ properties:
+ pullPolicy:
+ type: string
+ repository:
+ type: string
+ tag:
+ type: string
+ required:
+ - pullPolicy
+ - repository
+ - tag
+ type: object
+ imagePullSecrets:
+ items:
+ type: string
+ type: array
+ keda:
+ properties:
+ proxyService:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ port:
+ type: integer
+ required:
+ - name
+ - namespace
+ - port
+ type: object
+ required:
+ - proxyService
+ type: object
+ nameOverride:
+ type: string
+ namespace:
+ properties:
+ create:
+ type: boolean
+ required:
+ - create
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ type: object
+ podAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ podSecurityContext:
+ description: PodSecurityContext holds pod-level security attributes and common
+ container settings. Some fields are also present in container.securityContext. Field
+ values of container.securityContext take precedence over field values of PodSecurityContext.
+ properties:
+ appArmorProfile:
+ description: appArmorProfile is the AppArmor options to use by the containers
+ in this pod. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile loaded on the node that
+ should be used. The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile. Must be set if and only if
+ type is "Localhost".
+ type: string
+ type:
+ description: 'type indicates which kind of AppArmor profile will be applied.
+ Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault
+ - the container runtime''s default profile. Unconfined - no AppArmor
+ enforcement.'
+ type: string
+ required:
+ - type
+ type: object
+ fsGroup:
+ description: "A special supplemental group that applies to all containers\
+ \ in a pod. Some volume types allow the Kubelet to change the ownership\
+ \ of that volume to be owned by the pod: \n 1. The owning GID will be the\
+ \ FSGroup 2. The setgid bit is set (new files created in the volume will\
+ \ be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n\
+ \ If unset, the Kubelet will not modify the ownership and permissions of\
+ \ any volume. Note that this field cannot be set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing ownership and
+ permission of the volume before being exposed inside Pod. This field will
+ only apply to volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified,
+ "Always" is used. Note that this field cannot be set when spec.os.name is
+ windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses
+ runtime default if unset. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field cannot be set
+ when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user. If
+ true, the Kubelet will validate the image at runtime to ensure that it does
+ not run as UID 0 (root) and fail to start the container if it does. If unset
+ or false, no such validation will be performed. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults
+ to user specified in image metadata if unspecified. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence for that container. Note that this field
+ cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers. If unspecified,
+ the container runtime will allocate a random SELinux context for each container. May
+ also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this pod. Note
+ that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file on
+ the node should be used. The profile must be preconfigured on the node
+ to work. Must be a descending path, relative to the kubelet's configured
+ seccomp profile location. Must be set if type is "Localhost". Must NOT
+ be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be applied.\
+ \ Valid options are: \n Localhost - a profile defined in a file on the\
+ \ node should be used. RuntimeDefault - the container runtime default\
+ \ profile should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run in each container,
+ in addition to the container's primary GID, the fsGroup (if specified),
+ and group memberships defined in the container image for the uid of the
+ container process. If unspecified, no additional groups are added to any
+ container. Note that group memberships defined in the container image for
+ the uid of the container process are still effective, even if they are not
+ included in this list. Note that this field cannot be set when spec.os.name
+ is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: atomic
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for the pod. Pods
+ with unsupported sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ windowsOptions:
+ description: The Windows specific settings applied to all containers. If unspecified,
+ the options within a container's SecurityContext will be used. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential
+ spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as a
+ 'Host Process' container. All of a Pod's containers must have the same
+ effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the container
+ process. Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext takes
+ precedence.
+ type: string
+ type: object
+ type: object
+ replicaCount:
+ type: integer
+ resources:
+ description: ResourceRequirements describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in spec.resourceClaims,\
+ \ that are used by this container. \n This is an alpha field and requires\
+ \ enabling the DynamicResourceAllocation feature gate. \n This field is\
+ \ immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is
+ explicitly specified, otherwise to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that will be applied
+ to a container. Some fields are present in both SecurityContext and PodSecurityContext. When
+ both are set, the values in SecurityContext take precedence.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a process can gain
+ more privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.'
+ type: boolean
+ appArmorProfile:
+ description: appArmorProfile is the AppArmor options to use by this container.
+ If set, this profile overrides the pod's appArmorProfile. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile loaded on the node that
+ should be used. The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile. Must be set if and only if
+ type is "Localhost".
+ type: string
+ type:
+ description: 'type indicates which kind of AppArmor profile will be applied.
+ Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault
+ - the container runtime''s default profile. Unconfined - no AppArmor
+ enforcement.'
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: The capabilities to add/drop when running containers. Defaults
+ to the default set of capabilities granted by the container runtime. Note
+ that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in privileged containers
+ are essentially equivalent to root on the host. Defaults to false. Note
+ that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults
+ for readonly paths and masked paths. This requires the ProcMountType feature
+ flag to be enabled. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem. Default
+ is false. Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses
+ runtime default if unset. May also be set in PodSecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when spec.os.name is
+ windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user. If
+ true, the Kubelet will validate the image at runtime to ensure that it does
+ not run as UID 0 (root) and fail to start the container if it does. If unset
+ or false, no such validation will be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults
+ to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence. Note that this field cannot be set
+ when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container. If unspecified,
+ the container runtime will allocate a random SELinux context for each container. May
+ also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container. If seccomp options
+ are provided at both the pod & container level, the container options override
+ the pod options. Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file on
+ the node should be used. The profile must be preconfigured on the node
+ to work. Must be a descending path, relative to the kubelet's configured
+ seccomp profile location. Must be set if type is "Localhost". Must NOT
+ be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be applied.\
+ \ Valid options are: \n Localhost - a profile defined in a file on the\
+ \ node should be used. RuntimeDefault - the container runtime default\
+ \ profile should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all containers. If unspecified,
+ the options from the PodSecurityContext will be used. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential
+ spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as a
+ 'Host Process' container. All of a Pod's containers must have the same
+ effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the container
+ process. Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext takes
+ precedence.
+ type: string
+ type: object
+ type: object
+ service:
+ properties:
+ port:
+ type: integer
+ type:
+ type: string
+ required:
+ - port
+ - type
+ type: object
+ serviceAccount:
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ create:
+ type: boolean
+ name:
+ type: string
+ required:
+ - create
+ type: object
+ targetPendingRequests:
+ type: integer
+ tls:
+ properties:
+ enabled:
+ type: boolean
+ secretName:
+ type: string
+ required:
+ - enabled
+ - secretName
+ type: object
+ tolerations:
+ items:
+ description: The pod this Toleration is attached to tolerates any taint that
+ matches the triple using the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty means match
+ all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule
+ and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies to. Empty
+ means match all taint keys. If the key is empty, operator must be Exists;
+ this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the value. Valid
+ operators are Exists and Equal. Defaults to Equal. Exists is equivalent
+ to wildcard for value, so that a pod can tolerate all taints of a particular
+ category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time the toleration
+ (which must be of effect NoExecute, otherwise this field is ignored) tolerates
+ the taint. By default, it is not set, which means tolerate the taint forever
+ (do not evict). Zero and negative values will be treated as 0 (evict immediately)
+ by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches to. If the
+ operator is Exists, the value should be empty, otherwise just a regular
+ string.
+ type: string
+ type: object
+ type: array
+required:
+- affinity
+- app
+- authzproxy
+- autoscaling
+- bind
+- fullnameOverride
+- gateway
+- image
+- imagePullSecrets
+- keda
+- nameOverride
+- namespace
+- nodeSelector
+- podAnnotations
+- podSecurityContext
+- replicaCount
+- resources
+- securityContext
+- service
+- serviceAccount
+- targetPendingRequests
+- tls
+- tolerations
+type: object
diff --git a/charts/pgadmin/values.openapiv3_schema.yaml b/charts/pgadmin/values.openapiv3_schema.yaml
new file mode 100644
index 00000000..26f8f9d2
--- /dev/null
+++ b/charts/pgadmin/values.openapiv3_schema.yaml
@@ -0,0 +1,1769 @@
+properties:
+ affinity:
+ description: Affinity is a group of affinity scheduling rules.
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that
+ satisfy the affinity expressions specified by this field, but it may
+ choose a node that violates one or more of the expressions. The node
+ that is most preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.), compute
+ a sum by iterating through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches all objects
+ with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling
+ term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the corresponding
+ weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's
+ labels.
+ items:
+ description: A node selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator
+ is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. If the operator is Gt or Lt, the
+ values array must have a single element, which will
+ be interpreted as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements by node's
+ fields.
+ items:
+ description: A node selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator
+ is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. If the operator is Gt or Lt, the
+ values array must have a single element, which will
+ be interpreted as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the corresponding nodeSelectorTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this field are
+ not met at scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms. The terms are
+ ORed.
+ items:
+ description: A null or empty node selector term matches no objects.
+ The requirements of them are ANDed. The TopologySelectorTerm type
+ implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's
+ labels.
+ items:
+ description: A node selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator
+ is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. If the operator is Gt or Lt, the
+ values array must have a single element, which will
+ be interpreted as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements by node's
+ fields.
+ items:
+ description: A node selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator
+ is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. If the operator is Gt or Lt, the
+ values array must have a single element, which will
+ be interpreted as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate this
+ pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that
+ satisfy the affinity expressions specified by this field, but it may
+ choose a node that violates one or more of the expressions. The node
+ that is most preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.), compute
+ a sum by iterating through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding podAffinityTerm;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the
+ corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this
+ case pods. If it's null, this PodAffinityTerm matches with
+ no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are
+ used to lookup values from the incoming pod labels, those
+ key-value labels are merged with `labelSelector` as `key in
+ (value)` to select the group of existing pods which pods will
+ be taken into consideration for the incoming pod's pod (anti)
+ affinity. Keys that don't exist in the incoming pod labels
+ will be ignored. The default value is empty. The same key
+ is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't
+ set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity
+ feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: MismatchLabelKeys is a set of pod label keys to
+ select which pods will be taken into consideration. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are merged with `labelSelector` as `key notin
+ (value)` to select the group of existing pods which pods will
+ be taken into consideration for the incoming pod's pod (anti)
+ affinity. Keys that don't exist in the incoming pod labels
+ will be ignored. The default value is empty. The same key
+ is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't
+ set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity
+ feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces that the
+ term applies to. The term is applied to the union of the namespaces
+ selected by this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces list means
+ "this pod's namespace". An empty selector ({}) matches all
+ namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied to the
+ union of the namespaces listed in this field and the ones
+ selected by namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: This pod should be co-located (affinity) or not
+ co-located (anti-affinity) with the pods matching the labelSelector
+ in the specified namespaces, where co-located is defined as
+ running on a node whose value of the label with key topologyKey
+ matches that of any node on which any of the selected pods
+ is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this field are
+ not met at scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update),
+ the system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to
+ each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the label with key
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case
+ pods. If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are used
+ to lookup values from the incoming pod labels, those key-value
+ labels are merged with `labelSelector` as `key in (value)` to
+ select the group of existing pods which pods will be taken into
+ consideration for the incoming pod's pod (anti) affinity. Keys
+ that don't exist in the incoming pod labels will be ignored. The
+ default value is empty. The same key is forbidden to exist in
+ both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot
+ be set when labelSelector isn't set. This is an alpha field and
+ requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: MismatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are used
+ to lookup values from the incoming pod labels, those key-value
+ labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken
+ into consideration for the incoming pod's pod (anti) affinity.
+ Keys that don't exist in the incoming pod labels will be ignored.
+ The default value is empty. The same key is forbidden to exist
+ in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys
+ cannot be set when labelSelector isn't set. This is an alpha field
+ and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term
+ applies to. The term is applied to the union of the namespaces
+ selected by this field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace names
+ that the term applies to. The term is applied to the union of
+ the namespaces listed in this field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located
+ (anti-affinity) with the pods matching the labelSelector in the
+ specified namespaces, where co-located is defined as running on
+ a node whose value of the label with key topologyKey matches that
+ of any node on which any of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g. avoid putting
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that
+ satisfy the anti-affinity expressions specified by this field, but it
+ may choose a node that violates one or more of the expressions. The
+ node that is most preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the
+ corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this
+ case pods. If it's null, this PodAffinityTerm matches with
+ no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are
+ used to lookup values from the incoming pod labels, those
+ key-value labels are merged with `labelSelector` as `key in
+ (value)` to select the group of existing pods which pods will
+ be taken into consideration for the incoming pod's pod (anti)
+ affinity. Keys that don't exist in the incoming pod labels
+ will be ignored. The default value is empty. The same key
+ is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't
+ set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity
+ feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: MismatchLabelKeys is a set of pod label keys to
+ select which pods will be taken into consideration. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are merged with `labelSelector` as `key notin
+ (value)` to select the group of existing pods which pods will
+ be taken into consideration for the incoming pod's pod (anti)
+ affinity. Keys that don't exist in the incoming pod labels
+ will be ignored. The default value is empty. The same key
+ is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't
+ set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity
+ feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces that the
+ term applies to. The term is applied to the union of the namespaces
+ selected by this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces list means
+ "this pod's namespace". An empty selector ({}) matches all
+ namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied to the
+ union of the namespaces listed in this field and the ones
+ selected by namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: This pod should be co-located (affinity) or not
+ co-located (anti-affinity) with the pods matching the labelSelector
+ in the specified namespaces, where co-located is defined as
+ running on a node whose value of the label with key topologyKey
+ matches that of any node on which any of the selected pods
+ is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by this field
+ are not met at scheduling time, the pod will not be scheduled onto the
+ node. If the anti-affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g. due to a pod label
+ update), the system may or may not try to eventually evict the pod from
+ its node. When there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the label with key
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case
+ pods. If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are used
+ to lookup values from the incoming pod labels, those key-value
+ labels are merged with `labelSelector` as `key in (value)` to
+ select the group of existing pods which pods will be taken into
+ consideration for the incoming pod's pod (anti) affinity. Keys
+ that don't exist in the incoming pod labels will be ignored. The
+ default value is empty. The same key is forbidden to exist in
+ both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot
+ be set when labelSelector isn't set. This is an alpha field and
+ requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: MismatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are used
+ to lookup values from the incoming pod labels, those key-value
+ labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken
+ into consideration for the incoming pod's pod (anti) affinity.
+ Keys that don't exist in the incoming pod labels will be ignored.
+ The default value is empty. The same key is forbidden to exist
+ in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys
+ cannot be set when labelSelector isn't set. This is an alpha field
+ and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term
+ applies to. The term is applied to the union of the namespaces
+ selected by this field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace names
+ that the term applies to. The term is applied to the union of
+ the namespaces listed in this field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located
+ (anti-affinity) with the pods matching the labelSelector in the
+ specified namespaces, where co-located is defined as running on
+ a node whose value of the label with key topologyKey matches that
+ of any node on which any of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ app:
+ properties:
+ authSecret:
+ properties:
+ name:
+ type: string
+ required:
+ - name
+ type: object
+ service:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - authSecret
+ - service
+ type: object
+ authzproxy:
+ properties:
+ enabled:
+ type: boolean
+ params:
+ properties:
+ listen:
+ type: integer
+ metricsAddr:
+ type: integer
+ platformCABundle:
+ type: string
+ platformURL:
+ type: string
+ required:
+ - listen
+ - metricsAddr
+ - platformCABundle
+ - platformURL
+ type: object
+ repository:
+ type: string
+ resources:
+ description: ResourceRequirements describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in spec.resourceClaims,\
+ \ that are used by this container. \n This is an alpha field and requires\
+ \ enabling the DynamicResourceAllocation feature gate. \n This field\
+ \ is immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources
+ required. If Requests is omitted for a container, it defaults to Limits
+ if that is explicitly specified, otherwise to an implementation-defined
+ value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that will be applied
+ to a container. Some fields are present in both SecurityContext and PodSecurityContext. When
+ both are set, the values in SecurityContext take precedence.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a process can
+ gain more privileges than its parent process. This bool directly controls
+ if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.'
+ type: boolean
+ appArmorProfile:
+ description: appArmorProfile is the AppArmor options to use by this container.
+ If set, this profile overrides the pod's appArmorProfile. Note that
+ this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile loaded on the node
+ that should be used. The profile must be preconfigured on the node
+ to work. Must match the loaded name of the profile. Must be set
+ if and only if type is "Localhost".
+ type: string
+ type:
+ description: 'type indicates which kind of AppArmor profile will be
+ applied. Valid options are: Localhost - a profile pre-loaded on
+ the node. RuntimeDefault - the container runtime''s default profile.
+ Unconfined - no AppArmor enforcement.'
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: The capabilities to add/drop when running containers. Defaults
+ to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in privileged
+ containers are essentially equivalent to root on the host. Defaults
+ to false. Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults
+ for readonly paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot be set when
+ spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem. Default
+ is false. Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses
+ runtime default if unset. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that
+ it does not run as UID 0 (root) and fail to start the container if it
+ does. If unset or false, no such validation will be performed. May also
+ be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults
+ to user specified in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container. If unspecified,
+ the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext takes
+ precedence. Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container. If seccomp
+ options are provided at both the pod & container level, the container
+ options override the pod options. Note that this field cannot be set
+ when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file
+ on the node should be used. The profile must be preconfigured on
+ the node to work. Must be a descending path, relative to the kubelet's
+ configured seccomp profile location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be\
+ \ applied. Valid options are: \n Localhost - a profile defined in\
+ \ a file on the node should be used. RuntimeDefault - the container\
+ \ runtime default profile should be used. Unconfined - no profile\
+ \ should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence. Note that this field cannot be
+ set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents
+ of the GMSA credential spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential
+ spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as
+ a 'Host Process' container. All of a Pod's containers must have
+ the same effective HostProcess value (it is not allowed to have
+ a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be
+ set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the
+ container process. Defaults to the user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ tag:
+ type: string
+ required:
+ - enabled
+ - params
+ - repository
+ - resources
+ - securityContext
+ - tag
+ type: object
+ autoscaling:
+ properties:
+ http:
+ properties:
+ maxReplicas:
+ type: integer
+ minReplicas:
+ type: integer
+ required:
+ - maxReplicas
+ - minReplicas
+ type: object
+ required:
+ - http
+ type: object
+ bind:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ fullnameOverride:
+ type: string
+ gateway:
+ properties:
+ className:
+ type: string
+ port:
+ type: integer
+ referenceGrant:
+ properties:
+ create:
+ type: boolean
+ required:
+ - create
+ type: object
+ tlsSecretRef:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - className
+ - port
+ - referenceGrant
+ - tlsSecretRef
+ type: object
+ image:
+ properties:
+ pullPolicy:
+ type: string
+ repository:
+ type: string
+ tag:
+ type: string
+ required:
+ - pullPolicy
+ - repository
+ - tag
+ type: object
+ imagePullSecrets:
+ items:
+ type: string
+ type: array
+ keda:
+ properties:
+ proxyService:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ port:
+ type: integer
+ required:
+ - name
+ - namespace
+ - port
+ type: object
+ required:
+ - proxyService
+ type: object
+ nameOverride:
+ type: string
+ namespace:
+ properties:
+ create:
+ type: boolean
+ required:
+ - create
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ type: object
+ podAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ podSecurityContext:
+ description: PodSecurityContext holds pod-level security attributes and common
+ container settings. Some fields are also present in container.securityContext. Field
+ values of container.securityContext take precedence over field values of PodSecurityContext.
+ properties:
+ appArmorProfile:
+ description: appArmorProfile is the AppArmor options to use by the containers
+ in this pod. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile loaded on the node that
+ should be used. The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile. Must be set if and only if
+ type is "Localhost".
+ type: string
+ type:
+ description: 'type indicates which kind of AppArmor profile will be applied.
+ Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault
+ - the container runtime''s default profile. Unconfined - no AppArmor
+ enforcement.'
+ type: string
+ required:
+ - type
+ type: object
+ fsGroup:
+ description: "A special supplemental group that applies to all containers\
+ \ in a pod. Some volume types allow the Kubelet to change the ownership\
+ \ of that volume to be owned by the pod: \n 1. The owning GID will be the\
+ \ FSGroup 2. The setgid bit is set (new files created in the volume will\
+ \ be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n\
+ \ If unset, the Kubelet will not modify the ownership and permissions of\
+ \ any volume. Note that this field cannot be set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing ownership and
+ permission of the volume before being exposed inside Pod. This field will
+ only apply to volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified,
+ "Always" is used. Note that this field cannot be set when spec.os.name is
+ windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses
+ runtime default if unset. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field cannot be set
+ when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user. If
+ true, the Kubelet will validate the image at runtime to ensure that it does
+ not run as UID 0 (root) and fail to start the container if it does. If unset
+ or false, no such validation will be performed. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults
+ to user specified in image metadata if unspecified. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence for that container. Note that this field
+ cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers. If unspecified,
+ the container runtime will allocate a random SELinux context for each container. May
+ also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this pod. Note
+ that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file on
+ the node should be used. The profile must be preconfigured on the node
+ to work. Must be a descending path, relative to the kubelet's configured
+ seccomp profile location. Must be set if type is "Localhost". Must NOT
+ be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be applied.\
+ \ Valid options are: \n Localhost - a profile defined in a file on the\
+ \ node should be used. RuntimeDefault - the container runtime default\
+ \ profile should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run in each container,
+ in addition to the container's primary GID, the fsGroup (if specified),
+ and group memberships defined in the container image for the uid of the
+ container process. If unspecified, no additional groups are added to any
+ container. Note that group memberships defined in the container image for
+ the uid of the container process are still effective, even if they are not
+ included in this list. Note that this field cannot be set when spec.os.name
+ is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: atomic
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for the pod. Pods
+ with unsupported sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ windowsOptions:
+ description: The Windows specific settings applied to all containers. If unspecified,
+ the options within a container's SecurityContext will be used. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential
+ spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as a
+ 'Host Process' container. All of a Pod's containers must have the same
+ effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the container
+ process. Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext takes
+ precedence.
+ type: string
+ type: object
+ type: object
+ replicaCount:
+ type: integer
+ resources:
+ description: ResourceRequirements describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in spec.resourceClaims,\
+ \ that are used by this container. \n This is an alpha field and requires\
+ \ enabling the DynamicResourceAllocation feature gate. \n This field is\
+ \ immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is
+ explicitly specified, otherwise to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that will be applied
+ to a container. Some fields are present in both SecurityContext and PodSecurityContext. When
+ both are set, the values in SecurityContext take precedence.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a process can gain
+ more privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.'
+ type: boolean
+ appArmorProfile:
+ description: appArmorProfile is the AppArmor options to use by this container.
+ If set, this profile overrides the pod's appArmorProfile. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile loaded on the node that
+ should be used. The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile. Must be set if and only if
+ type is "Localhost".
+ type: string
+ type:
+ description: 'type indicates which kind of AppArmor profile will be applied.
+ Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault
+ - the container runtime''s default profile. Unconfined - no AppArmor
+ enforcement.'
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: The capabilities to add/drop when running containers. Defaults
+ to the default set of capabilities granted by the container runtime. Note
+ that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in privileged containers
+ are essentially equivalent to root on the host. Defaults to false. Note
+ that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults
+ for readonly paths and masked paths. This requires the ProcMountType feature
+ flag to be enabled. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem. Default
+ is false. Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses
+ runtime default if unset. May also be set in PodSecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when spec.os.name is
+ windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user. If
+ true, the Kubelet will validate the image at runtime to ensure that it does
+ not run as UID 0 (root) and fail to start the container if it does. If unset
+ or false, no such validation will be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults
+ to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence. Note that this field cannot be set
+ when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container. If unspecified,
+ the container runtime will allocate a random SELinux context for each container. May
+ also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container. If seccomp options
+ are provided at both the pod & container level, the container options override
+ the pod options. Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file on
+ the node should be used. The profile must be preconfigured on the node
+ to work. Must be a descending path, relative to the kubelet's configured
+ seccomp profile location. Must be set if type is "Localhost". Must NOT
+ be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be applied.\
+ \ Valid options are: \n Localhost - a profile defined in a file on the\
+ \ node should be used. RuntimeDefault - the container runtime default\
+ \ profile should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all containers. If unspecified,
+ the options from the PodSecurityContext will be used. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential
+ spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as a
+ 'Host Process' container. All of a Pod's containers must have the same
+ effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the container
+ process. Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext takes
+ precedence.
+ type: string
+ type: object
+ type: object
+ service:
+ properties:
+ port:
+ type: integer
+ type:
+ type: string
+ required:
+ - port
+ - type
+ type: object
+ serviceAccount:
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ create:
+ type: boolean
+ name:
+ type: string
+ required:
+ - create
+ type: object
+ targetPendingRequests:
+ type: integer
+ tolerations:
+ items:
+ description: The pod this Toleration is attached to tolerates any taint that
+ matches the triple using the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty means match
+ all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule
+ and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies to. Empty
+ means match all taint keys. If the key is empty, operator must be Exists;
+ this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the value. Valid
+ operators are Exists and Equal. Defaults to Equal. Exists is equivalent
+ to wildcard for value, so that a pod can tolerate all taints of a particular
+ category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time the toleration
+ (which must be of effect NoExecute, otherwise this field is ignored) tolerates
+ the taint. By default, it is not set, which means tolerate the taint forever
+ (do not evict). Zero and negative values will be treated as 0 (evict immediately)
+ by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches to. If the
+ operator is Exists, the value should be empty, otherwise just a regular
+ string.
+ type: string
+ type: object
+ type: array
+required:
+- affinity
+- app
+- authzproxy
+- autoscaling
+- bind
+- fullnameOverride
+- gateway
+- image
+- imagePullSecrets
+- keda
+- nameOverride
+- namespace
+- nodeSelector
+- podAnnotations
+- podSecurityContext
+- replicaCount
+- resources
+- securityContext
+- service
+- serviceAccount
+- targetPendingRequests
+- tolerations
+type: object
diff --git a/charts/phpmyadmin/values.openapiv3_schema.yaml b/charts/phpmyadmin/values.openapiv3_schema.yaml
new file mode 100644
index 00000000..26f8f9d2
--- /dev/null
+++ b/charts/phpmyadmin/values.openapiv3_schema.yaml
@@ -0,0 +1,1769 @@
+properties:
+ affinity:
+ description: Affinity is a group of affinity scheduling rules.
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that
+ satisfy the affinity expressions specified by this field, but it may
+ choose a node that violates one or more of the expressions. The node
+ that is most preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.), compute
+ a sum by iterating through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches all objects
+ with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling
+ term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the corresponding
+ weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's
+ labels.
+ items:
+ description: A node selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator
+ is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. If the operator is Gt or Lt, the
+ values array must have a single element, which will
+ be interpreted as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements by node's
+ fields.
+ items:
+ description: A node selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator
+ is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. If the operator is Gt or Lt, the
+ values array must have a single element, which will
+ be interpreted as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the corresponding nodeSelectorTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this field are
+ not met at scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms. The terms are
+ ORed.
+ items:
+ description: A null or empty node selector term matches no objects.
+ The requirements of them are ANDed. The TopologySelectorTerm type
+ implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's
+ labels.
+ items:
+ description: A node selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator
+ is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. If the operator is Gt or Lt, the
+ values array must have a single element, which will
+ be interpreted as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements by node's
+ fields.
+ items:
+ description: A node selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set
+ of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator
+ is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. If the operator is Gt or Lt, the
+ values array must have a single element, which will
+ be interpreted as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate this
+ pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that
+ satisfy the affinity expressions specified by this field, but it may
+ choose a node that violates one or more of the expressions. The node
+ that is most preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.), compute
+ a sum by iterating through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding podAffinityTerm;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the
+ corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this
+ case pods. If it's null, this PodAffinityTerm matches with
+ no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are
+ used to lookup values from the incoming pod labels, those
+ key-value labels are merged with `labelSelector` as `key in
+ (value)` to select the group of existing pods which pods will
+ be taken into consideration for the incoming pod's pod (anti)
+ affinity. Keys that don't exist in the incoming pod labels
+ will be ignored. The default value is empty. The same key
+ is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't
+ set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity
+ feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: MismatchLabelKeys is a set of pod label keys to
+ select which pods will be taken into consideration. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are merged with `labelSelector` as `key notin
+ (value)` to select the group of existing pods which pods will
+ be taken into consideration for the incoming pod's pod (anti)
+ affinity. Keys that don't exist in the incoming pod labels
+ will be ignored. The default value is empty. The same key
+ is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't
+ set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity
+ feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces that the
+ term applies to. The term is applied to the union of the namespaces
+ selected by this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces list means
+ "this pod's namespace". An empty selector ({}) matches all
+ namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied to the
+ union of the namespaces listed in this field and the ones
+ selected by namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: This pod should be co-located (affinity) or not
+ co-located (anti-affinity) with the pods matching the labelSelector
+ in the specified namespaces, where co-located is defined as
+ running on a node whose value of the label with key topologyKey
+ matches that of any node on which any of the selected pods
+ is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this field are
+ not met at scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update),
+ the system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to
+ each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the label with key
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case
+ pods. If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are used
+ to lookup values from the incoming pod labels, those key-value
+ labels are merged with `labelSelector` as `key in (value)` to
+ select the group of existing pods which pods will be taken into
+ consideration for the incoming pod's pod (anti) affinity. Keys
+ that don't exist in the incoming pod labels will be ignored. The
+ default value is empty. The same key is forbidden to exist in
+ both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot
+ be set when labelSelector isn't set. This is an alpha field and
+ requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: MismatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are used
+ to lookup values from the incoming pod labels, those key-value
+ labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken
+ into consideration for the incoming pod's pod (anti) affinity.
+ Keys that don't exist in the incoming pod labels will be ignored.
+ The default value is empty. The same key is forbidden to exist
+ in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys
+ cannot be set when labelSelector isn't set. This is an alpha field
+ and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term
+ applies to. The term is applied to the union of the namespaces
+ selected by this field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace names
+ that the term applies to. The term is applied to the union of
+ the namespaces listed in this field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located
+ (anti-affinity) with the pods matching the labelSelector in the
+ specified namespaces, where co-located is defined as running on
+ a node whose value of the label with key topologyKey matches that
+ of any node on which any of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g. avoid putting
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that
+ satisfy the anti-affinity expressions specified by this field, but it
+ may choose a node that violates one or more of the expressions. The
+ node that is most preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the
+ corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this
+ case pods. If it's null, this PodAffinityTerm matches with
+ no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are
+ used to lookup values from the incoming pod labels, those
+ key-value labels are merged with `labelSelector` as `key in
+ (value)` to select the group of existing pods which pods will
+ be taken into consideration for the incoming pod's pod (anti)
+ affinity. Keys that don't exist in the incoming pod labels
+ will be ignored. The default value is empty. The same key
+ is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't
+ set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity
+ feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: MismatchLabelKeys is a set of pod label keys to
+ select which pods will be taken into consideration. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are merged with `labelSelector` as `key notin
+ (value)` to select the group of existing pods which pods will
+ be taken into consideration for the incoming pod's pod (anti)
+ affinity. Keys that don't exist in the incoming pod labels
+ will be ignored. The default value is empty. The same key
+ is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't
+ set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity
+ feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces that the
+ term applies to. The term is applied to the union of the namespaces
+ selected by this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces list means
+ "this pod's namespace". An empty selector ({}) matches all
+ namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied to the
+ union of the namespaces listed in this field and the ones
+ selected by namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: This pod should be co-located (affinity) or not
+ co-located (anti-affinity) with the pods matching the labelSelector
+ in the specified namespaces, where co-located is defined as
+ running on a node whose value of the label with key topologyKey
+ matches that of any node on which any of the selected pods
+ is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by this field
+ are not met at scheduling time, the pod will not be scheduled onto the
+ node. If the anti-affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g. due to a pod label
+ update), the system may or may not try to eventually evict the pod from
+ its node. When there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the label with key
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case
+ pods. If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are used
+ to lookup values from the incoming pod labels, those key-value
+ labels are merged with `labelSelector` as `key in (value)` to
+ select the group of existing pods which pods will be taken into
+ consideration for the incoming pod's pod (anti) affinity. Keys
+ that don't exist in the incoming pod labels will be ignored. The
+ default value is empty. The same key is forbidden to exist in
+ both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot
+ be set when labelSelector isn't set. This is an alpha field and
+ requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: MismatchLabelKeys is a set of pod label keys to select
+ which pods will be taken into consideration. The keys are used
+ to lookup values from the incoming pod labels, those key-value
+ labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken
+ into consideration for the incoming pod's pod (anti) affinity.
+ Keys that don't exist in the incoming pod labels will be ignored.
+ The default value is empty. The same key is forbidden to exist
+ in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys
+ cannot be set when labelSelector isn't set. This is an alpha field
+ and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term
+ applies to. The term is applied to the union of the namespaces
+ selected by this field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace names
+ that the term applies to. The term is applied to the union of
+ the namespaces listed in this field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located
+ (anti-affinity) with the pods matching the labelSelector in the
+ specified namespaces, where co-located is defined as running on
+ a node whose value of the label with key topologyKey matches that
+ of any node on which any of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ app:
+ properties:
+ authSecret:
+ properties:
+ name:
+ type: string
+ required:
+ - name
+ type: object
+ service:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - authSecret
+ - service
+ type: object
+ authzproxy:
+ properties:
+ enabled:
+ type: boolean
+ params:
+ properties:
+ listen:
+ type: integer
+ metricsAddr:
+ type: integer
+ platformCABundle:
+ type: string
+ platformURL:
+ type: string
+ required:
+ - listen
+ - metricsAddr
+ - platformCABundle
+ - platformURL
+ type: object
+ repository:
+ type: string
+ resources:
+ description: ResourceRequirements describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in spec.resourceClaims,\
+ \ that are used by this container. \n This is an alpha field and requires\
+ \ enabling the DynamicResourceAllocation feature gate. \n This field\
+ \ is immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources
+ required. If Requests is omitted for a container, it defaults to Limits
+ if that is explicitly specified, otherwise to an implementation-defined
+ value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that will be applied
+ to a container. Some fields are present in both SecurityContext and PodSecurityContext. When
+ both are set, the values in SecurityContext take precedence.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a process can
+ gain more privileges than its parent process. This bool directly controls
+ if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.'
+ type: boolean
+ appArmorProfile:
+ description: appArmorProfile is the AppArmor options to use by this container.
+ If set, this profile overrides the pod's appArmorProfile. Note that
+ this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile loaded on the node
+ that should be used. The profile must be preconfigured on the node
+ to work. Must match the loaded name of the profile. Must be set
+ if and only if type is "Localhost".
+ type: string
+ type:
+ description: 'type indicates which kind of AppArmor profile will be
+ applied. Valid options are: Localhost - a profile pre-loaded on
+ the node. RuntimeDefault - the container runtime''s default profile.
+ Unconfined - no AppArmor enforcement.'
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: The capabilities to add/drop when running containers. Defaults
+ to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in privileged
+ containers are essentially equivalent to root on the host. Defaults
+ to false. Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults
+ for readonly paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot be set when
+ spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem. Default
+ is false. Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses
+ runtime default if unset. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that
+ it does not run as UID 0 (root) and fail to start the container if it
+ does. If unset or false, no such validation will be performed. May also
+ be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults
+ to user specified in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container. If unspecified,
+ the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext takes
+ precedence. Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container. If seccomp
+ options are provided at both the pod & container level, the container
+ options override the pod options. Note that this field cannot be set
+ when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file
+ on the node should be used. The profile must be preconfigured on
+ the node to work. Must be a descending path, relative to the kubelet's
+ configured seccomp profile location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be\
+ \ applied. Valid options are: \n Localhost - a profile defined in\
+ \ a file on the node should be used. RuntimeDefault - the container\
+ \ runtime default profile should be used. Unconfined - no profile\
+ \ should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence. Note that this field cannot be
+ set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents
+ of the GMSA credential spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential
+ spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as
+ a 'Host Process' container. All of a Pod's containers must have
+ the same effective HostProcess value (it is not allowed to have
+ a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be
+ set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the
+ container process. Defaults to the user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ tag:
+ type: string
+ required:
+ - enabled
+ - params
+ - repository
+ - resources
+ - securityContext
+ - tag
+ type: object
+ autoscaling:
+ properties:
+ http:
+ properties:
+ maxReplicas:
+ type: integer
+ minReplicas:
+ type: integer
+ required:
+ - maxReplicas
+ - minReplicas
+ type: object
+ required:
+ - http
+ type: object
+ bind:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ fullnameOverride:
+ type: string
+ gateway:
+ properties:
+ className:
+ type: string
+ port:
+ type: integer
+ referenceGrant:
+ properties:
+ create:
+ type: boolean
+ required:
+ - create
+ type: object
+ tlsSecretRef:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - className
+ - port
+ - referenceGrant
+ - tlsSecretRef
+ type: object
+ image:
+ properties:
+ pullPolicy:
+ type: string
+ repository:
+ type: string
+ tag:
+ type: string
+ required:
+ - pullPolicy
+ - repository
+ - tag
+ type: object
+ imagePullSecrets:
+ items:
+ type: string
+ type: array
+ keda:
+ properties:
+ proxyService:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ port:
+ type: integer
+ required:
+ - name
+ - namespace
+ - port
+ type: object
+ required:
+ - proxyService
+ type: object
+ nameOverride:
+ type: string
+ namespace:
+ properties:
+ create:
+ type: boolean
+ required:
+ - create
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ type: object
+ podAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ podSecurityContext:
+ description: PodSecurityContext holds pod-level security attributes and common
+ container settings. Some fields are also present in container.securityContext. Field
+ values of container.securityContext take precedence over field values of PodSecurityContext.
+ properties:
+ appArmorProfile:
+ description: appArmorProfile is the AppArmor options to use by the containers
+ in this pod. Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile loaded on the node that
+ should be used. The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile. Must be set if and only if
+ type is "Localhost".
+ type: string
+ type:
+ description: 'type indicates which kind of AppArmor profile will be applied.
+ Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault
+ - the container runtime''s default profile. Unconfined - no AppArmor
+ enforcement.'
+ type: string
+ required:
+ - type
+ type: object
+ fsGroup:
+ description: "A special supplemental group that applies to all containers\
+ \ in a pod. Some volume types allow the Kubelet to change the ownership\
+ \ of that volume to be owned by the pod: \n 1. The owning GID will be the\
+ \ FSGroup 2. The setgid bit is set (new files created in the volume will\
+ \ be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n\
+ \ If unset, the Kubelet will not modify the ownership and permissions of\
+ \ any volume. Note that this field cannot be set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing ownership and
+ permission of the volume before being exposed inside Pod. This field will
+ only apply to volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified,
+ "Always" is used. Note that this field cannot be set when spec.os.name is
+ windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses
+ runtime default if unset. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field cannot be set
+ when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user. If
+ true, the Kubelet will validate the image at runtime to ensure that it does
+ not run as UID 0 (root) and fail to start the container if it does. If unset
+ or false, no such validation will be performed. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults
+ to user specified in image metadata if unspecified. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence for that container. Note that this field
+ cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers. If unspecified,
+ the container runtime will allocate a random SELinux context for each container. May
+ also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this pod. Note
+ that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file on
+ the node should be used. The profile must be preconfigured on the node
+ to work. Must be a descending path, relative to the kubelet's configured
+ seccomp profile location. Must be set if type is "Localhost". Must NOT
+ be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be applied.\
+ \ Valid options are: \n Localhost - a profile defined in a file on the\
+ \ node should be used. RuntimeDefault - the container runtime default\
+ \ profile should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run in each container,
+ in addition to the container's primary GID, the fsGroup (if specified),
+ and group memberships defined in the container image for the uid of the
+ container process. If unspecified, no additional groups are added to any
+ container. Note that group memberships defined in the container image for
+ the uid of the container process are still effective, even if they are not
+ included in this list. Note that this field cannot be set when spec.os.name
+ is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: atomic
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for the pod. Pods
+ with unsupported sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ windowsOptions:
+ description: The Windows specific settings applied to all containers. If unspecified,
+ the options within a container's SecurityContext will be used. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential
+ spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as a
+ 'Host Process' container. All of a Pod's containers must have the same
+ effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the container
+ process. Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext takes
+ precedence.
+ type: string
+ type: object
+ type: object
+ replicaCount:
+ type: integer
+ resources:
+ description: ResourceRequirements describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in spec.resourceClaims,\
+ \ that are used by this container. \n This is an alpha field and requires\
+ \ enabling the DynamicResourceAllocation feature gate. \n This field is\
+ \ immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is
+ explicitly specified, otherwise to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that will be applied
+ to a container. Some fields are present in both SecurityContext and PodSecurityContext. When
+ both are set, the values in SecurityContext take precedence.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a process can gain
+ more privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.'
+ type: boolean
+ appArmorProfile:
+ description: appArmorProfile is the AppArmor options to use by this container.
+ If set, this profile overrides the pod's appArmorProfile. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile loaded on the node that
+ should be used. The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile. Must be set if and only if
+ type is "Localhost".
+ type: string
+ type:
+ description: 'type indicates which kind of AppArmor profile will be applied.
+ Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault
+ - the container runtime''s default profile. Unconfined - no AppArmor
+ enforcement.'
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: The capabilities to add/drop when running containers. Defaults
+ to the default set of capabilities granted by the container runtime. Note
+ that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in privileged containers
+ are essentially equivalent to root on the host. Defaults to false. Note
+ that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults
+ for readonly paths and masked paths. This requires the ProcMountType feature
+ flag to be enabled. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem. Default
+ is false. Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process. Uses
+ runtime default if unset. May also be set in PodSecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when spec.os.name is
+ windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root user. If
+ true, the Kubelet will validate the image at runtime to ensure that it does
+ not run as UID 0 (root) and fail to start the container if it does. If unset
+ or false, no such validation will be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process. Defaults
+ to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence. Note that this field cannot be set
+ when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container. If unspecified,
+ the container runtime will allocate a random SELinux context for each container. May
+ also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container. If seccomp options
+ are provided at both the pod & container level, the container options override
+ the pod options. Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined in a file on
+ the node should be used. The profile must be preconfigured on the node
+ to work. Must be a descending path, relative to the kubelet's configured
+ seccomp profile location. Must be set if type is "Localhost". Must NOT
+ be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile will be applied.\
+ \ Valid options are: \n Localhost - a profile defined in a file on the\
+ \ node should be used. RuntimeDefault - the container runtime default\
+ \ profile should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all containers. If unspecified,
+ the options from the PodSecurityContext will be used. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential
+ spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should be run as a
+ 'Host Process' container. All of a Pod's containers must have the same
+ effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint of the container
+ process. Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext takes
+ precedence.
+ type: string
+ type: object
+ type: object
+ service:
+ properties:
+ port:
+ type: integer
+ type:
+ type: string
+ required:
+ - port
+ - type
+ type: object
+ serviceAccount:
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ create:
+ type: boolean
+ name:
+ type: string
+ required:
+ - create
+ type: object
+ targetPendingRequests:
+ type: integer
+ tolerations:
+ items:
+ description: The pod this Toleration is attached to tolerates any taint that
+ matches the triple using the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty means match
+ all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule
+ and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies to. Empty
+ means match all taint keys. If the key is empty, operator must be Exists;
+ this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the value. Valid
+ operators are Exists and Equal. Defaults to Equal. Exists is equivalent
+ to wildcard for value, so that a pod can tolerate all taints of a particular
+ category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time the toleration
+ (which must be of effect NoExecute, otherwise this field is ignored) tolerates
+ the taint. By default, it is not set, which means tolerate the taint forever
+ (do not evict). Zero and negative values will be treated as 0 (evict immediately)
+ by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches to. If the
+ operator is Exists, the value should be empty, otherwise just a regular
+ string.
+ type: string
+ type: object
+ type: array
+required:
+- affinity
+- app
+- authzproxy
+- autoscaling
+- bind
+- fullnameOverride
+- gateway
+- image
+- imagePullSecrets
+- keda
+- nameOverride
+- namespace
+- nodeSelector
+- podAnnotations
+- podSecurityContext
+- replicaCount
+- resources
+- securityContext
+- service
+- serviceAccount
+- targetPendingRequests
+- tolerations
+type: object