diff --git a/rancher-turtles-airgap-resources-chart/Chart.yaml b/rancher-turtles-airgap-resources-chart/Chart.yaml
new file mode 100644
index 0000000..7b95ebc
--- /dev/null
+++ b/rancher-turtles-airgap-resources-chart/Chart.yaml
@@ -0,0 +1,10 @@
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:0.3.3
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:0.3.3-%RELEASE%
+apiVersion: v2
+appVersion: 0.11.0
+description: Rancher Turtles utility chart for airgap scenarios
+home: https://github.com/rancher/turtles/
+icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
+name: rancher-turtles-airgap-resources
+type: application
+version: 0.3.3
diff --git a/rancher-turtles-airgap-resources-chart/README.md b/rancher-turtles-airgap-resources-chart/README.md
new file mode 100644
index 0000000..efa3278
--- /dev/null
+++ b/rancher-turtles-airgap-resources-chart/README.md
@@ -0,0 +1,26 @@
+# Deploy Rancher Turtles in airgapped scenarios
+
+To simplify deployment of the suse-edge rancher-turtles wrapper chart in airgapped scenarios
+this chart deploys the corresponding ConfigMap resources, as described in the
+[Rancher Turtles Documentation](https://turtles.docs.rancher.com/getting-started/air-gapped-environment)
+
+In addition to installing the chart, it will be necessary to adjust the rancher-turtles chart values:
+
+```
+cluster-api-operator:
+ cluster-api:
+ core:
+ fetchConfig:
+ selector: "{\"matchLabels\": {\"provider-components\": \"core\"}}"
+ rke2:
+ bootstrap:
+ fetchConfig:
+ selector: "{\"matchLabels\": {\"provider-components\": \"rke2-bootstrap\"}}"
+ controlPlane:
+ fetchConfig:
+ selector: "{\"matchLabels\": {\"provider-components\": \"rke2-control-plane\"}}"
+ metal3:
+ infrastructure:
+ fetchConfig:
+ selector: "{\"matchLabels\": {\"provider-components\": \"metal3\"}}"
+```
diff --git a/rancher-turtles-airgap-resources-chart/_service b/rancher-turtles-airgap-resources-chart/_service
new file mode 100644
index 0000000..6b8f891
--- /dev/null
+++ b/rancher-turtles-airgap-resources-chart/_service
@@ -0,0 +1,8 @@
+
+
+
+ Chart.yaml
+ IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)
+ IMG_PREFIX
+
+
diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
new file mode 100644
index 0000000..ea024e6
--- /dev/null
+++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
@@ -0,0 +1,54 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ control-plane: controller-manager
+ name: capi-system
+---
+apiVersion: v1
+binaryData:
+ components: H4sICF1MImcAA2NvcmUtY29tcG9uZW50cy55YW1sAOy9aXPbSJYo+t2/AqGeCcszImWVq+pO+cbEfW4v3brtLSTZdV9U91yBJEhiDAIsLFq6Xv33d5bcsCdIipJdeSK6yyKAXE5mnjz78dfh5yDNwiR+7l2dPPoSxrPn3nt/FWRrfxo8WgW5P/Nz//kjz4v8SRBl+C/Pm0ZFlgfp+Gb05T+ycZgcr9PkKpwF6XP5aOSvQ341ifM0iUbryI+D5/LPCN5Y+bG/CFJ4K4YO4RF8Mspu4evVo9Fo9Mg3xgb/Dm7yIMa/srHoVA34JXSZrM6CLCnSafAqmIdxmMObpfH7cZzkPv4sJxGkuRwENhfG/x1M89HUH83TZFUazzH/O0ivwngxwg/NueFkFkE8/lJMgkkRRjNu70oh9un45Pvx001xKLDDv00jP8uCbFz9+lG2DqbYMIxJdkzdZHnq58Hi9rn3czBZJskX+vWa/82v4FjCIM5fJvE8XMjf4FOc7zTQP5RWSjQxEm9VXqL9U15T/cLaz5fPvWMeai7HoAZ+FlyFwbVY+0x2P8INqv85gaXFvxdpUqyf17Ap8CZxjShI0lD+PaptU7GR+NeXiGT6OQqz/G+1R2/hV3q8jorUj6qLw3hfJmn+Xg8BupzyA9hCReSn5a/gUTZN1oFx+mbw25WBhJHnz2a0r/3oYxrGOJokKlax6mEWZNM0XOe06y7CVeDNYHz4J/Y6DbxpGvCfybw+V8/77yyJP9LajOXJGctPsLks91frR+ZOeLGQC5/f4uDhE/5hFqzTANEOqMvTgn/kb65O/Gi99L9nbEyXwcqXawwIiF98PP387Lz0s1ee2f83MvaSOQ0vzDzfg70GxCYPvOtlOF3C2sfeJPCKLJh5ecIoCDw+9/jLOomSBeyM8aNHRrOvjPFfLKFdnJ93HUYRNpYGq+QKvg4Bk3GA2MyXgRcDiYJHUeDjCVWNwblewzZXm4/BoG7Gr10zRUDk8FfwIpC5IKOexTaBETE+eUQw6hSnkcHZVssO2EgmSOjGlabP4RxDM7hxi2gmjiPOZ5os4vCfqu0MsYidIo6z3KONCFvSu/KjIjiCDmaVllf+LTSDfXpFbLRHH2TVcbxL0gAanSfPvWWer7Pnx8eLMJc0f5qsVgVQ99tjIr7hpMiTNDueBVdBdJyFi5GfTpdhDn0VaXCM1IcmEhPdH69mf0rFLZGVuuXdC7QSDqfxgKjCgOVBUsGbkJviKepVwJ8QdWevzy88ORJeKV4U/WoNL3J9EJuAniDl7/CuojaDeLZOYDHoDyboXlZMVmGO2+BXwHSOS1dt9iXdi3RC1nh6Z9UXTmN4ZxVEL2FX73mtcFWyES6C1WqZt331ZUav8UDely1La5KVc3hVPJ2IAwd/hSkeiRyJiTj/5jdlTDWTAATBQnwk7qjyrG+30fIZ3/POSwPYGwFSezinvhclUzibgKtiilvDz71lEs3kLHI/jLKGZudJ6hE/gmRF7lrRl8ed4SvGrKtbo2vStFg+rH0cnMbz1OfRwSZoetEGCwjvuMELSf1N+ih3BhIn3K9Gl7R90xXRx5aWcaZinTxiY+XgK3eGCXRnzMMgInqQFes1sAN4Y8xpDEkc3eK/6ayWmpZcoLrGWjpQyzzz/AlcRtiNQIE38fGyw35ExzCCICfqA/QlCqd+jbowdC+Z6Lbtke1CIZwFc7lbfy3oJFW27ZRYekUjO5pK5vjhzJvcwmcSe83Ts5siQtvt3DljuJzlTSxJgphV7bItQws9qwJtJ+LP7MfUuQoIp3MeJF1XhHoQtaZBiVWAMwJH3J+JH5FCw8HhZ0d8DfUOHkGzFkB3YugKrsdw5v3v8w/vj/+SiOPiT+FyzpiyrqCrI9jEwMYB3yGI7jk+GQMDF87hThuL1gDvv3z3j248e94bOMrBDXCxEXAq4vypm1duwDATe1C2DHwfTBIHvE5mYsLXNJXc/wINiKnATR+FX1qImIYDvHqMYf+GbPHvB97h9RIG4B3gnwc8HMVr4W9yT+lhETkHxC8WeAJ6uiUeAW/XJx4gAeYeJ0ZT1AGuI4wthIWY1YYJ2IUxlnHS0yVc3MGN9x2yyYQzwN6TMZPG7BbaucEep8sE+B2miDDbpQ+0LEtgNNdBFI2Yis+8a+B6knlPf3IJcSvDWvnAvnZxvFW4+PDqw3MeKW61RYzDQ+YIhgB3KNLTvELWeeugWLH040XAM4W7scCrZSeHvs6CVmHYeScWdRB1ujc2rwqWGCMpc4cYe2+cvS0whtqhNA5AZkKkzZJphviaBus8O4b7O0Wdx/F1kn5BFRMerhHv2uyYFBnHf6L/7ApBrJ/ZMZao0ftHFY4iO94FpiT7MZwX6MXXORPaabUPJCasuBACvHErrfwZX1t+fHvPZxbXo0hxZLcjqeIFAon/zkJgFuD3XSxAEe6U+H06fXX/2/P4TzCrHRzkFsG2DDcjPdrRyl+P+CsfmOtw2viV5Mib8T5CxDU+6RlOs3AuwVLEk2JcWBXr1iDVsH6PfhfimRLMDSG5bb1fAAdYwP5eCX3MyuhrFaSoK8SlFBwY7PxsncQz5DTUm0oVI5SKtw9DPKwKhpuKfjUDSuNLhoraRtCy2un2h/yFHiPJl7FXxErUn3lfglvBqMNRgF6TVC6rb6rjgKtGLdukS+wEgRpFTrRKkfYzT5KI2HVqlVYxDWBaQFE9P52Eeeqnt2qvIBcMY/HhTRhwRze/FkF6608iblEIUBPcBwEaXnD4S+CeV8ksnN/ibhSkpousVUhaM0UrMrRqAaUC8q+Rug0xMo1fTXDPW+cd7AigF0JxCzslI5Szkpo3RcWUkKQLHzXZ9J40Mf2za9Mcko2HlzKIAFVP1HpB/7A9/Bwufn4E9zGORyhsSH2v7Y1d1we3Tka5nW4DXr/Nd0DPC62aJbsl3JFGaYA2yYJiWmiRttcgWZwDC82R/UHZl8bofrVF960pugct0Z41RPvUDm2hGdqfVsjiIHdrg+zP8FAt0APQAFlgp1vzY4+doRqf/Wt7LJHRo+UZhpHB2p29a3YssGKt0bHHzV1qch6wFscC2Z3aG3sED9Ta7F1j04uJXtZ4mJamXUPTrJ3p6D7sMb/3L9JpxZre4IIg2ehRJk+KctHSDgkNTRsuCnWHhIoVXzUtnOoampMOCwXwHWlEwnIXg3/R/KpHRxmVP1mIYrlsNUROcSU9rRraEztYTz1B/qMyjelmzhROdnKyUwmc7ORkJyc7lcHJTk52GoAMJztVwclOTnZyspMCnDPs1k2Epp/504pTOTcI9yP8rOSKVokAmMmcufYpmoSmMsADP6dhZ10BMC3iVmkIkhvaysH7VbCOkltkL1tY/UHe3UZrPHcM0MKBit4w7ki84IlorEbTXSsSEHwy7kKjJjaaTw0QiFWrCGN7Smtz42Amsu9myI77JamRGbfmUVbWrLVLJUoDOopMOvhfmhEMl210wsaDmnDfxaIP8dthdMwCYBwDQgaGYpUn7omoGckuivkfdbZLVwux5u8+nV/Q9ojDX4tACyKl4DK28sYc/yW9Kzo7EIMRrRjRZ76KP6utfRd1tnMLEltlV9hXARV83sxwEiGusGBQpkJyFEzIjLjDzr5q2JDm8XII1YADymDn9O95kyTJMWB23efDPcztzPP+LBuWOGOKr/rTB7ykeREUq7d5dVkY8Z0CN+9UqEp3E7YoQugMAtEwFEkIOwwM0TAwRETDEKQg2IaNaNhNAIkGS79KDZZBJS0jtlxVhH0Gmmi4/5ATDfetFivDPYWhaLiHgBQN+w5N0bBlkIqG/YaraBhMYvpDWDRsSl02CWvR8ABUdGUYjOP+oBcNm+J4k0AYDfcTEqNhI5RahMlo2AavG4XOaLiXIBoNg3E7KLBGw6YYvutgGw0PWOlYhsFL1huKo2HTZdogPEfDvQTqaBiIT6vgHQ3Dw3g0dAf0aGgP7dlg2H2OJWUYumEqTiclmbriUeEEawYnWDvB2gnWTrB2gnUvOMHaACdYO8G6G5xg7QRrJ1grcIK1E6zLsFPBujuPhoahW2XT3BqDHBgY7ibVRnefQwROq0QXxusD8xZoGLi1Nzn9+0uIoWFPqTE03EWSDA13kS5DwyB61ZdCQ8OD3pT7SLWhYS9JNzTYpt8w0LHbRBwaBuwty1dtrryRdmvqfKusqO141WJsfeMaeVMjz339aU82JcvcJn6a+nU2sfXjxge1H5mCPffmfpTx+JCM+oug9FMxUYnNn3u//f7oKysXICsDyKoOmxUG2K4WgLE2ZlUA+ZtL4+/S+Ls0/i6Nv0vjb4IQB/8a+FG+fLkMpl+ar+BBUR5Ga4o++k0PefCALxN/DQunYUDixdKaPPC0/Cv/5lO8JMzcdmTYi28/dBiYR+KQ4VWw6AgeGdnJCEOyNt568yIFpKdYWieYhXzPIT3FBfGjKLkWiwSSaALX1cE7Y8YHWivBbDyZpDs6PJDc/oGUMz3RVDvHXtIUAYpGSTpiDBgVjuqAsQnnuZ/mxRp5oqTIdxJTWmuVkcRidpALVc1NuCrgWkHWDo9K/QR1cd1kNMxo06vDBze/QBQtRkU9g6OCRYsfw2iyLJmGeBF1dbFMk2KBuoZLJM7jj+KQnb665DPankAVATN0aI41yJXNUZ1vuLrWfqqVVwti+ChirFuCEdTwcVZ1J4EGZreIGGatCbfE53qHgoSQqsG/AoqMGokn3d2YpJg6g1b9iNiqXfUhVu6up6K7UUo6JT6oljuX81Uw94uIuBvv5Km3CuMi7xahT+febVJ412G2pMC4MCMlEO8B6BtmeaROA/NwwQ0S2jBnw/PTrRIKGKTqojfoakhtlFqzjSyBSSl7biUEcYOxs04t8Yx23uk+cdXTFQE5BFwmaxY0j3jPzMMoCsinImi6trVKpaMvFs5w3nFwLflqrfetuXXxzbqE/0MVzryEHsHZySDRPOno1zeGx5xWFGIcJtBYJIaGLIxinCs04wrNNMFDcElyhWZcoRnPFZpxhWZcoRkEV2jGFZppBVdoZu+FZjytTHgphdAOXnlAzqN6szpERKeMESyOfIN4nBkMPwXJs0uQAu6JNFU+Zx4hQYj1JJhMRfZNbgxm+z4FqqwmxGUgj9fRBdqeUN/74QxO4TgYi6PYMGp2n2FJSw5Hj6G1i868NcOw3YRvw/4BaCK1kKFnuBXWeOZkhbdJzmqszo40z0hJcaTuZ+x5P6PUKflXU3eyhDcnQRBLhmkBslxbnVfRCXD9BactQdkvACGZJU6hZ5P2se7V7xbErRwyeCB9TD5s1rdBvEAr7EkfY27r2ZH3KSqHtocv7n0edr4KjOXOV/q3JmvEuzSdNiS0y4mAQe2vMxQCdkErB6je6XgVKyDyRsKtksa9pFfPTLV6xwhQxGWpl25Lkm6g/YNPpbkeAD0FEThDn65pMCNGBa9Az7QDdJ2614uxd/DLs9EPIFyOWDRcBb6k++bUr8MoQkOqnDrhAdVaXRvp0H+C40f3NvyfJBzPDIW5wtghEL8uZerhpNIWWTx+aGiqXfnk52jOf+79199/+eXp6Kd//PuI//P3f/zL5irPvhJvd1TSuxLt6Qp7u8LeG00Rwelbnb7V6VudvtXpWxGcvvUhaGmcvtXpW52+tQJO3+oKe9eCD0sumXxtKweTxmrfLf01eHheNDiU0Mk0K2cjUw18AxxVTr0uRidZHGizpUOzJ1eB3FUgdxXIXQXyGrgK5PdbgRwucUD8OZwTQGSLG31pNd+XPpAe2CQxymALblPqY9vU+pk8RewyK75tobtdMm8/De0vD2C/YdWdaapkzVIVMDFSsi6COEj1xEylR+lK7xfn+QIWHc7oIiZ9/RyQP/GnX7DXy99+88ayagn19fvvI/wthY0JF+Tvv7fWthBdmPOYyQMZ3EyDYJZ5Pz7DJU79KTSf6RHAsYT3Vis+mT/8h/ESO1PDSx29LgKqp4CHOKZe5aXAY86K+Ty8QaRFZCXzfuisu6bHz/wB7skwW8lNxCs1T3DDkk4lXRQdJVoY/s27LGH18jn1U9JgCcfY/nXExnhq0MwLOUs/WsNAYSgpyE+M9iNCBBlek2s4/Ud2ONjWloHG3VdABWUsa6s51O60vK83pw7NMrn2oqR85iPSw8GuQrqxWudc9wWdrektsqizklAzwC1dLxOMGPTnVIFEv83MbfoFdhqe0JkY3BgWQ8VUAKaf8jCQkbhVL5H+b47BCkHUKq9W3PmzAI3yrdfB+w8Xr58zU8rskbjpUOxKw9kMaCMIz5EgNawHlCFrF505QHp2Ai106oc7W2WjLSnO5MC8wFKukiJmzxPm8cXyVZc8WwfEgHuzVBVXwVG2h7QRVhDZAnfQ7dMjMm8yxRUdkcOCwCu1LagMRQ/FtzysKFyFgtXqXqumyQILyMI3SyKXeJ1P84h780YjYUm/fIib4DMGx8MhzeF87GgvNDS55Za49kOi6OSdAg+uqIc2logT3c6of5RerXeKaFZtFtHCFrvlHhbVFUV2RZFL4Ioiu6LIrihyGVxRZFcUeQAyXFHkKriiyK4osiuKrKCv7kf/IlW8PZsi3yUbPcrkSdFKR5Uap6FpI1lOPTVOxXtUNd1eSlemzimA70gjsn10MfgXza96dJTRlpeFaGWRrYbIKa5kzq+G9pKynpJQU4vr37B4s5OdnOxUAic7OdnJyU5lcLKTk50GIMPJTlVwspOTnZzspGCNvjdNDGz/6nzkT0uOGKI5se0plFB7UzID3uwrZHjuSeGCHIH8jtSoDO+THCYnB6MCKUW34uZN0hmHkOIfFO1ab6o1Pr01uyt1amQLpdmLuWtXzeYdYaDD3NglBDRNt0/oEEbyLn9F24P3SjclJgnojPA/YpnbD+HOFqXc4Osbf4pp9JKY7iFzgMCwvpZeiSvALPaXBa10oicZQQlFNA3d12YLzrDxsjPYxRuKHOnN57p1lr3+7ih39Z957aypPZVLOoO+IgLkDSi9tqRTYJ9j/c73G0JvwgqEEg4Viow9gr8xjnZZLyZZ31XR1g/r0urikEoJDa2mwsCr8gFFt0t/Nrs88i7RsRN4uEsSm+CvFdy+l3RRKHdwm7YHFQxZWxZE3QRbqFOpnobldqiifY95w+n6U6o24cLAp41UC4XR49IXbtgo2ZIb3zG2cTykd9R4xMk1L7uZiIHOCntbC6dcTi1zCQcsiGdiMdewtvgXp4+xK/zyb6R6hM3MG+S5iAEgxcBT71A0+YQ6GHmH3N8TZix4cEO7URsQfpD77zkqOqjTIBvY9qCNSIqfu9qJn0mrVCrtQL9suhdfh5Sgg5tNxD/eoItVmGkdKzkFzWbC859Qa9WHIivZmHe9uNKhT+pAbj12J8KwA+EmlKFojn5AQ+byc8CKI+EeDIIQRjDEKKRlVydjItGGwhKEOCbbuLpHVv1MgqmPTWsvqhHHRiwpbdDST1GomukyG4S4hnFY9aYqi4j6C3BzzIqpzLOb0MJRyqPDIqZcxPhv0k89sUPbWTAvCZzLYjIGYdOQo0YgXmbH1ekeT6Jkcjx7Gjx95p98/x38Yzqb/fD9Tyc//PQs+On7kyA4mf04+WH208ls4v94vP6yOJ6ms+MvQHbi/0tKoPEi+dPbk6c/jt6enPQl5UEoSU4yPmRUxNTkiOacdSZL13Ald/idHlE6Qu6YmjC0Mnt/PEEZNi1haabCxkn9JSlZvsyqPn40LYQxUKyofbHLF+VLXuuJrvw0xCgoyW8TJzsmpbt+hEs6KcIoh2fqV/vOeRcZzvsBi08BTkKa+ITl5f998e4t7jGijYMmObhAqZzJXS/xZ9GPXGLZr7m+fjZ0RVWr0u9UnRq7NcXTWlvUO8L1gIJt9sVHk64ybPwKsq09L1kPrT+LGYIUJgcIxefiE0Wwk1iqdJWWSpHtntnUJOPuBbUnirb5hWqzM0qCzWGvkSFRTQtZCdVw/94bsOvsSsiXRkrmqsYxYmM7HR3pH85UYbth43xX+ljsuNKIMRbZ4lTSPkM7by4jZrWmqH+6wy7U7kJSvXO2pralsLs6aszgbUkSbWLYq8A3GlveURHE4aVGiIMO5fejLKk9seymMfOcdzgjiZViklnrhBuUO1OnyZIJ5007Ab468LvzhzKU3XCEonqDBT1taqe+YJZ4alrW8kjvBhurapFoUtnf5f6ulaXmopB9O115fTV/H2ARHcsRMHbRjgUbbVzDgCVbOJQdF6Zm25frAc3NlPK2s35q6zDsuTQr/a4Jg7lY/VEfb1J937qYvFjkj3Au9rXBVV+Dt7b6cutNjS257VyCb2A7W79sJ4mMjDu350W8pXteKTOGFvJIzzz65zAyTXkdb0nBpvUVi/H0rau5yW3syq/0H+yWuyxWfjzCAnAkGRsvd3nusWNgl1KsdxcHMXY4O23NNWtLDF/LhnhCNtogKljIVmIt/okBtZ/s03wPiqALKbYqc6kYl3R2VZOTqiCyMF2iKvXyyCMl83WYBTIZRWtHGMzLVfK6pjwvoxcV25ksMtA8TCDqMrJ4870hXAa23hrS9UDZfWOdJKlHp7tr1wab+w4WZIp+T1JRlb2WdgjrAg2vWpvQG1fhIe4lwcqJAg5PxMdIDtJOrWl1m4mkMMHw6f6l+mXbLHkmnXMtzVIOqd+pxnKOIjt3d0rqgVmnrJmFIYzluRioOjQ6UdnaD9mrnSzeWabT8WmDWTdn9JkzWEl6yboUdMGvJvNXCvsScW1Pq8dQToanNsXLJJ6Hi/4l7GENSN2+0Tb9XP1yV9tUDqmS6q9vop0bphcXXf7cNa7byoTWm7+hnScb0XAaHnROo52vUlRtE+fLzxWOIKsYF5SFGE/QlHZl0Rz8IZyjpJpHLi2rrFgBGTNnA2+20ig758kWgmD6VCrTifagUjYZNanGVkoT7ZxW72z6L9HuDKT2dLA1Cyk5//Sbfk5r+fnIzKvIu8c5OoGFWIYLNBRH6Buu8ja2tus3Lso2LIdVIs0HcjMNSqjZlCRRpcPskWLbU2V2fmim0dTJMre+dvpyVT6Q1dlHzsrGrJUD+FALWXvX914fsehdiT6FhO0anUmvExkpmEmR8sqwtsve+gQj0gCwxVTFOap2yLnqeplEMjUz+0S2qxOS9YgpoAjlLLN8wjmLcy4HGaZEZA8iPGy9ipwjw+g0CYw4yZCKtZkddC5Rl42Dv7daoXN2NDP5A+F7ZrlhbKg6vBGjGfnZeefAaoPrOeIfys22TMJgDa5CX37kXT3rbFuu8YVui/Q5WTFBByaBHPFEsAqdDf5NOaB5L89edRIHW130cDo7XKf/oqEP48iWUS2IK0U246V3yGSXfGWv/VsZzZ1ZmDY5OdtLXwT1Cr8xpBDopYhF4KwKrMiGGqeBEXZFXoD0gsmqMSFBeCXKPuq3bHsw0pYXaLn4KLwMP7GT4RtBIYD+8G6FCyLr9xqVHqMgjhYpDU+IWEJjilf7OskoQUPfSHfkBCm0abveaCIrp2Rxy9kALWmRBr19xM6ReQnZfXRfmOrVhje9OkQr3osIwhxlOLRDnbW5J4iLXhfYoXvgNbQpN4AshstOhYKy7HkfWBrLduZdbGs2ExknBqH/NX8jJBXRgsjpMmB/7Giuity+82/C1R3spEr7dS5TPoC5q8Hs4FoKY5AbMIAsFSVJ7Q6cjceKxlkY3y3OuP0GnIkHXw/OuNDmrjH1hloVR0kzlKI3QT3Hnrj6xc/MCIWLOOmUZ4w+jJLgugyKbGyNdVwRlYCJQ0EXRcB/KWJkBH/RIU1VzqDr4DEmYKKQfrQmwTrGi666rwydkR5tnXKsx8pHLRFFcugnmpM5FpMaL9p1TRJ6d5PA/q7uueHxnRYb6BQbNc6XkB852YxF0ClCLyIGtfOHYV9X/s3pXSzpO9Gu0tH6N7IagLGsG7Eu26yvIIBIY3/83upMCGrch0RRE333WOSGW9Ao9Xk7RKMdvbgzPN7FTW7wNgKH9Cfvw9ptOwCZ6IBR5ayQbvhRFhzVlHfMugOquSgZBoFRnrH4CDsPfi2oNpT8Tsh5otmNx4IEoHcouObkSKHHtOEods/c3NFOC+O7IXuiXbXXwvgbJnthfEdkTzbcgsZvjezdjQBjiCcCh3dB9nQndmRvgZWzbAgfN7zxaIYRPnNUG47jayF9osTZrnfbR25W7rYUxnEjU1pVzyt75K3swrb3LeHYu74PRlGTyaAk6wzT4u/MHGBnBGgyGjh5qgK24b5D906DfZgPV8P+EaGPfaZiCTvaTJba4QEBFLb6X3pvx/i+EHMnzz3892Bd+2dTUw8r8lxlcqYZHam6eYJoH8mLGO4HocvbGU0r4vDXIrgTjveTbrqsIQ2ZD4411yv9sHk0++J97bWjViRgx+j7Py2UkEuUCrdkechFQm9xiVrGB+m0kkZBTum7oRrTBn7E63xOkViiW0Veo9t+mozVN9e0SsIZRN+nHidUqVue/bTs+WHh9SHBdnVt6PKIWut4wcJNqa+fUdX7o+W9nq428rkdqc8aH2Zt49nQV1dEH27iqfszfyrenAjPCm6QigBmqvxCa+EE8vMke/EUky1NZT4+qq5I9s6yw68KRCJRoAkN1SGUi6nWR9DNSdYjjbep5FCLg2YnTGUxEb1Ba/IFDq1scf5rRQKC7wmfHxMbzQe1kymw9vdtixEHspmxO5sZVCbSrjaOsrJmrV2qiiPBjO1B9NWl6d/bWpvYRoCY9oUdD7lHGB2zAOg7+X5LfsWYOFeBj3NJXMX8u8k5WcKpgsG7T+cX+ubW9RpMfAg/UdpGOqK525hU9TcX+478pWJ/Acivrf3WoT5zP4yKNHiVrPzQPkakZwnemI1KvlH05M34V9Y903S0wyNPGC+97pvunZKYATnoSy0aLHWckZsZ+VGrFLL2pZ53UwJUHRdopPngbr2CAol/DfwoX75cBtMv1sv4rvapETNRf9iJLeUsMnyatjqGlX/zKV7SeFrq3Gvw49sPreG6EkYDFEX6bStpbbArZXzrzYuUMvGlwSqYhUpuLyVSxXBg2PoJ7P+DdwY+DvRhYl9zSuXY2+2BDPw+UDyxaHCQhgAQOErSEWPGQi+ARPgcE80W686ixRqG4vN9rQcpRWBsRZCXbF9UFBg38MA9j5BTgZuMamKpQwNXg0Ajx2+XY/2oDnqYxY9hTFmWTEOkef0dLdOkWCDBu8RyEeOPorLU6atLFk3Gjx71C/LoPSkLpZP8GFdKz0yT1dpPdbQk64KJbepXZ4wkAXycVUt6oYPiLaKKJR7CeZb7q7V3SDUsZpitCm7RKyDhKIP1u5yMZDooj5IuUZfQth+F/wxmO+5JrOt+pqU7U7FcdDGW2rdY7Eot+1UYF5254SWczr3bpIBLOVuKIGrOZ0j7BMYB8z5SZ4ivxuBmHYXTMOcSS093pqoxSOGFZcrO4brEWheN5ftMqiwZ7N7GRfk3kVa3unl0cTibk1s9pRGQXgz3X7MG4Yh32jzEeNsj4cZYu991ut3eHpkZQ0zEwbVUps4xL2wpt4ORrwe3+xL+DwWLeQlhQtCQcldH2KAE3ywnT0JZFKKAA5ScQmGgRckpv/h4usvE+EOSIe6i+J6GQel0LArytYzSMlvTvor0abjfcn0a7rtwn4Z7KOGnYc/F/DTss6yfhi0K/GnYX6k/DYPIhl3q1M0oxtCSgBoeQHFADYPw2V0wUMMm+BxaRFDD/ssJahiMvp4Sgxo2xeHgsoMa9l6AUMMgPFoXJdSwCTbvslChhgdcslDDoOXpLGOoYZMlGVjaUMPeixxqGOz2YGXdHVYC0QSlrnkpBfk78AyodSGZKdMyJZg2+QZxbTOYUArSe7+4CVwhaRB9NnOQoMi6KbTcyBFw4LrRC6r+4FRNpC28zQyrIUoW4RT4mQ9nXKtJHO+GGYSkxWB5VA5Kj6SnI0svmuHHpr4aWNSErUK4HKSiM7Q6tyKPB/Pv5ADmky4GxFGL7jSPTPY5qYEbe97PKLNLrt3UWmHVn0kQxJIdXID0a5PvFuWigg3CKDMHfsZ6GjFYnsFR3w6xUWwMSInLg7ITebQftWdTvWd4tQo7hfNmbVv4XjHc7Sxt/e7I0YHWxuJF2+3e6zjCMICw27q+qf17hoLUzrNd2Jto6EAL/7V5o2WmZHnJTMNL7zgoQQxpGujOJ5kRejn4VJr9AVB5/wt0Ws1WaFqN+s/568XYO/jl2egHEOVHLIKvAl/eTCYaVMlMgQbCCaok+zfhof8E54KpQPB/kmw9M8woCoeHQIb7leiHk0qLZDH7oaHBPsWh8A/3/uvvv/zydPTTP/59xP/5+z/+ZTdKbqtzAOTiDC0N5wHeEDvzlZARAnqvZtwB3R/SXz0OrmEppW1e6nBZWdfZ/ETYR7q3mWmmeOodyvaVT4C+n5QVBY9MlqBGDRiMbupB0giMoXvP3L+t3whvePZd73bps1gDNwFjOc8xLeyi01heTQZmfCYtpqSXkl4/3LI8F93kGN2nyCjB5ivRwiAnFls+w7ag22DPZ2nmMPNHmf5V6HGPh0Uk4TXQpDQOtQlbaxQxiZh2Uz2SibIxuCia+NMvlE77t9+8sfS6o25//32Ev9Vc6sYyheV74y24P2bJCv5q9eAqDcec/kxGsqCXawBE48dnuFdSf4pFlvRo4RzBe6sVG5V/+A/jJbaQduX+lrAIciQFmHovpr4FEy7GnxXzeXiDGBeRcT/0T8coWYezWAW40cNsJe1ywm8pwVNARz5dFB2uiSb8m3dZWpNLLpBXUs0PcEWSTfJkobEXct5+tIZBw7DScKp86BE1xOvDRRzBQgzCCvbTvXUaJlPf4ipd6qGkk2QdUHl/20vM/PIPQllvHrBd3q8oDL0ChoyswP0CwhAq8r7etCImy+QaRGlBMgx7Jx0bpLCrdc5OnGjspbdIMmVjjsZ75wCWwPqgF3suUlVLHxVSzcEicG3PmRjiGPaW8hCB1X3Kg8FEo7fqJbLQUHr5IBpwu588lfzFN+F5R5sm9cM72TFGuyryJsnRhLRKiph1Rei2pLZCdftkWEUMrY4zbIqRhCPuzQtbSa8GnT89Iqaf8Sm6I/WBWBfqQZBk8rQCSYkGF4WrUGTBtVnxponPwjkrNdn14BJVfNM84j690UhIpZffyob6nERAzV8FOXRxB/uqofktt9e1H3JUjkiedkU99FS3obT8MxpFMBvb7zrRuNp4ooWtd96D3xrZUFa+Zy8wxtVtLZuXHC38RxR5BuYuzJg/0t7aPXZ88heK+1zN7h/ztsKFoea4Q+8zecRE4lS5IonhSQVTHazB8NgtCzgNsxldllt63STTaZHi1S9FmCicB9PbaaSYPC5M6cN2Eag+D/oLAg5RFGP6pfhNFC6WVupZKx9vhGF+3uYX1prfTSx37/R0tY2HmcIVEjK43+b81NiAar2W/nqNnqW1aun9voQI5sYjVR23l8lICb3ELGmR+x4q0URqOBgTxwQd8Sm16jSJZkFq7h7vsMg4vF6G5IgNiFcNEnS9T5+gKo98pnXFeIkX61lzQvDTWIjrkXeInCxu64AvPRPTT46aFJA6Y7FVj+s0TFK4IdEnWcwtm/pI1TD7n3EMSTkre2PqaTcncxtNdTJTck4DmRj61aHUPta8msJc/YVl0VSRGvQ5K3KI0IaZ7OC7p/96VN0tBqPAYkum9K/wuq0zFtMb8uejmyic+tYIEVoTKv5VUdQTWyCqXFBhX6lVngDXI/x0ZXf9WmYE/IzlKn+aY9IFjQp04KbArT4ll4StYiqG1D6E5YFGP61nd+FPzY17BbUuCqqgO52/ysac6gKPGpKcsH8v1C51qZyklAT/KXvjqezyLuK9+zGBrdAbbMTvD78AXhl9lBSMa/6JFKiwI9s0LF6IZCuc34pwTq0poMOKFAZpjUU+GIZqkgbv4Iy0TEfewfvgOsjyA/jXB6Dh8C+rBsm6HSeap8dUpVi4/qiUx7uEB0qwpqgJegvY1Tu3yTmNMPJ4Ulav8rStXmW87Nb5hVii8yLtN2YifO380IURktVgPTUjszE6f1ZgYTF/Ahen11dszRgWXSn15q1PiBZUMJXHJAOJNFfW3sPg5rn3w5PqVWt768nh6XsJ2zt5+q+W9d5JmMLR4f0HI3yKxmgy+GrTGUrWdq29qEyOq7lxXdIZq2OMKeLNiZco0367HkrKwR3wI88kP4ISqMmTyF0DjJed73ux9shigcylsGOzub18u2UYYpiJEASlpSBNilU3eh8mEcfP4MjV8s8SWkm2r3gnz4h/krvEzs9Ebm/vA3kARMbmIpd58jH6IoKG6miz6kShFtEmXCSOgCBnUphEvJB2qeFYp0Uc2waI+IaGx5BUxWKEmtOsoGrQKd+SCxNxyurAOcpdzqlhkKLaEt41Ed7o6AwlwpuTTWTYtiP0xCsMIPEl34tdEmAkNFsRYBKPocX/0XyQbaizVT9MwQV5LBFfX4b3Hu1oNooyskmZeXvBoCPlrF9cmohaCs3mBdR0Eg0PmpxLnYR2QR1eK71lX62WZXpIUu+dJcajeStLufdCLK4hR5WkVLrmP8Qs9Nh5Kcx0/aNBAq+NTDQqN9n7thz5Hq3zNs49g4wfpTjvKEFPdo7Kli75bG0op8qSo2DnOBWR38Patzn/ZNrhnDuzziLFYKvLmCRJjraE9a63/p9lwzqMAWmD6q8hQlzY/awEepXRTONZ4uadJXEZou6BMd6VlucsmMuEAiJraSWzwLTIcmAKZEiVnSadrOKcV8DII9D/4TDH/aHR8Ai7jIhHGMi/DoyMr43YclUR9h8hj/BQouQRHk6kPMK9Rssj3FvEPML9RM0j7CRyHuE+oucRBpMY2yh6hE2py+bR9AgPKqIeYTCObSPrETbF8eYR9gj3GWWPsBFKraPtEbbB6xZR9wj3GHmPMBi3G0TgI2yK4f1E4iN8FdH4CIOXzDIqH2HTZdo4Oh/hHiP0ETYJfrXNw75NtL59fCvm+O5jY6yHXU7etvOqj+XUcCWZupI2zgnWDE6wdoK1E6ydYO0E615wgrUBTrB2gnU3OMHaCdZOsFbgBGsnWJdhp4K1zHK/85K/Mnu+rPkr//bZCV1yqnUTPfNDRoGatjQH/VvuRY4ejiKWNjRS+tO/04XMZMFsslkmQr2pc67L5Ak7lM/9GNhA3yrlIb3eULHuTlKpbUIXXui5kGIg9opYqU1mVCiIpR+jMJBMIyKIPQsoKx8LLFr1iW4bE6wOi+lwqHQzRXAm3D7tJMydEALZ9vx0Euapn96qtaXQ51tZe8Wqw1+LIL1lFy5oW8isE1HTKr2SKXdWySyc31KoJ9OpjZKCNhPGAjoaLYDgwb2jUb5rShb5kyD6+jflO9hrmFiLU+XAHsx0JsnmcnNJuvDj8J+BqCGWB4skhT+tejvMponIVckJ5p6o9YeR3IqiWTL3XMYhjxTvZoYgR8Dy2CmxqB+4HKe2ERRDNxjvgt3uLctX7apkKoenzrfKKtyOV3dSVZMK6rU+7ale0juC7nSM4s78iHRwBzUcqZ3m6o1rePTV1W3E+VhWbKT57axk41dWrrG0yF95vUZc891WatwZ+isVEwWnLE9auWZjZvLAOCeD+/BzkYklT77d0o3q7Hb1bpGzepBvdHfa2weYGHStd0ZnH3/47KBW2+kPlxe0j1h+QxlBiYbuMxco4dZlAS2vp8sC2tJP26Zpz/9JG3pg5k9i8F3Oz/3k/KQF+sMl/rS6aF3KT5fyc99bySX7/CaSfe5uU3wDka6ssGsJcm1Sabko17IzrnFfZ1I7YikbITjn3AZwzrk9I3bOuc451znnOufcTnDOuc451znntoNzznXOuc4513POue3w1TnnfsNRr06wVuAE63ZwgrUTrJ1g7QRrJ1g7wboHnGDdDU6wdoK1E6w9J1g7wfqhRL3aSL4uilWBi2J1UawuitVFsboo1m85irX145YHqBcrKoe1dMrMUMNzerkUPpJMBNEjBZvk8MyPytuy/WpEJ+uw5R4sj0i9qEYiK/sOHQ1Ca9Rbc6eqT9LqYHdKK688LknZ26nFVtVzyauxpR5KHxsB88kvUh+kA+mtv22k71ssiCN4pUCviJerXmQdKPiX2Duk0oRLaNmldmflm7orVdkjqkEb0TWpe2MF1mzM8Tp+LnVfX+LkOqYiTbFyZeXS0dRga+f4Fq4IK8tE68SgTFFewLu8beQyhg3ry5D3dueZ7bjHQOTI/PZimLYL9MJbFivYeRj6RzyIaBd1nnSHYC0u4G1C4IH8CboaE4rU8vWsEGOIuS8PwzlaWd3eCcMIs3bh33a+FyQuYkvaDib3yeOMToAxO9R5vgTpLnrpZx0qT2w0k1oD3Bg44ekySTLaSLiTUWuNW66sZDVDNr1F4UPHOZY3hDasESvKnm2H3Ay42TTMW8MgbdF7LtrREWNomblBfiTM+RZDJCkKd8ZLMU1QfZKxNIa8Qob4UimHkJ0yipy19k6HH4iISFkkiTisZcE94hN/muM5TVKUyboid3BV1XwY3zJ8ntIlxLLcGt9i//nGj9o3Sf8KNNybLfgXt6Y2rfD2PSIaCr9epAVgk4Zz5H2KicptPK6uUmHWh04kMtAU2TxXZNDB45iMhcFrPE1Wxxbn7h2GPYxVq2NKmGDUGlOKLlzxNMkydYdmZP/yXsg46SNvUuAxmvoYsqrFOs1DtA5C8/rzIgJ2PQi8MUUa8Yrq4WVPuB6gPwkj3FIU2IY1weFw0JUUrtZJCru3VY/Vs1hdbOSo4XJvfI1H3fgIu2940MletrOWkrX6i4gNbqLtpQ32ofaBytGAARq5ijJOYtV4w3BFEXEtGNWxbQSa//h9y5Saw8uv/DTE/dTHcn6W75XTudR5Y/ki8S0Ns8FtLm2L8kLbCXvaPhLFr6rZslq8cdP663Xgpyp4I1Oky+8ZZj+3KqIvuxRdpSm90u+XsW40xNFcamJtB7EnsYUlJvWAJE47xMgqtrfBrB1+GZA571a9DNOhvEFmX9rphciXhotQObFclfZZD5PJQByRjKy/DOMIcHlJS6nOozok5VQ1nPBGnBvpsICGdlSqdHzSM6BK12E2RQuCFHV875X4RZMBqVJGtWOc9YfvWeq57DTrw1awVatOqOs7OhJOa1oyfzYzFH8ea8oBkctwgQx0hHYvpY3tab18Bj5bjcleyT5Ixb6pLnOQJnO4HnOQar1JqanU4RaddSnMLT43VepaXd7/5QANoq1u+oGu5j510g0aaUXrdrgmO9TpDsXomXQn1fdUWLmcyAGA3+qb8/skD4TrFdsdlYecao0S310vE2EDypcFkdY+rXeyHjFVFI6BlQsrmy6DlU9aL+AtqOI6SrEkG/U0LecmXQjF3ar960JSXJjdWCzmBIh34HdlROK2BqzlOX1Q0iBzG1V2Yle0H96LX3w8/fzs3GKoteFaHeYP5S5aJmcwhFehLz/yrp5Z9CB3xoVukTjirJiITJBGX0Qxwu48Vgx/U4Yf7+XZKwtiMMxlenOr4GY+Ji8a+quwrno5BKkl31u8Mg+ZCOMVGV37t9IXOevN6yOBEzS89IVLqdA6IR1CLUeYDXQB5eYap4SOC0Ve+FGEZm9MwxRecW5IT781rB9DR1lgStKPwpYttFFvBB0CWsd7HK6OrDuHpQappUmDaZHSUMlNW2kEkElYJ1kWWvEICCWHGWl2HxU81hETTaDgaWFzPYp8Hne5MUU+IcmAlzOIDKJ7GvR2EztN5jUhf9R7waNGzXBcvtJ/MGkjM8dImTmMly0RRHilbClDEDvQHyGIix5pW8JmO+c1tF/NbMpBDoJ+3ePuscgWqmGnW80uv6gGoabeYKFe85dC4hLtCMXd4L21Uxwowv/Ov8F8p3e6Cyt91fls+QBwoga2s4tTqG7JJEdJXYcc5X4eVoLGKGeQ3Q9GRbbaOkbFg68Zo0Ivf4d4fEM9iOOpWWrRs6DjY2lUEz8zmxcu4sRCGjR6MlTQWbFG2w8r8alJoAtoG8sCwNChoMrCMdxfh1pNOIK/6OCnKhrwOnicKutnJLJ0daf11WA4oi+LCVniNJVp6/p4EiWT45WPGrfj9ZfFsX6iebNjMbXxok97J6F334n1uIubeMBttNlWO8UOjHMqZHMO76KbaGfHc4PW/sAM/Mq/Ob3rxX8n+lA6dP9GZqQ1NsAWbNj2O6HbCNoEdnm3NcCk39Kc7xjT3EkLqqXOdOeoHkKb9oLru+ZBDJ5N4Jn+5P1c4xAGI/x0XucbkUaxm0tVOctCDSxHSLd5lFxz7DF6yaRe8GtBnv3yOyE3i2a3HFFO7jc9A8LdMcXLWY9sq7HcFYu2h50ZxndPbkUfam+G8R+Q3IbxHsit7KQF1X8Ucnv3Ip8h0Ak83x251V3ZkdsF1UGxILjc8JZjGkZwzbFtNZqvl+SKyiR3uTs/chdyd6YwshtVLKdCA7yVKoR0L+RgoGQ4NM/PhghsMjmVZMRN7D87NifZGZGajE5OGrWURm0Dshk222sN/g58VBv2G+m6bF0fJOx08w2yEwzOXDDMEtDlHV+GzVbmQuCHgm6EF/0m9pnPpo0HVvC5ypNFMz1SlXLEJXKkyp2lUj97J7SU6xDeOf//SXdT1oyHLBXEWgagu0hVSLwPSWCoVtyK3Nwhcv9PCzXmymiABy6Twb+KtGri4rdOaYEguAfhBljxdVJNatcWxPp8TqUXROeKxEe3trcDVvJa00oKFyp9++PZaHJJoSGanlLWXlIShu0A+xuiNYSjqXuLtbHreVT1mep826rz/o5H5Grd8Vg20fFK1j1ai5H2XSZG5MFLEQg0NJRBfle6uyshh0GHv5+Ik6I2ONizGgyB1qPIOGHoJt8dodS1c7tyj1ULLaqrz0wl2Hf1bRUkZcy+8TkOpOHBRiFQjR/VfuQ4JoNdRL9rDPw1fikmKq5NTkuEE3q//f5oNBo9MnKNeiUbnkw2dXXyiDLveS8pZeqZaE9vtEdmKEHNAX4KpG/EpX5TbC6McQKjqT+i+BFviumpslugoKtj/jfmmIgXI/yQW1DxWKNFEI/xSpsUYTTj9q7k4K+ejk++Hz99VPbYlpUF4Srk6ci8rc/lI7RVPhK7T/6mkBbkk5BS9GRjIOiIlWqDj/B0YV+UYstIQ5bJ+qHez8FkmSRf6Ndr/rdcjGkUBnGOJzVc6H0n0myYG1EMDxEkmhiJtyovcao5E63GC2tM0Ood81Dl1tIDPwswlZXYDmrDjDzYAvqfE1ht/HuRJsX6udeGFjEasQrCi1z+PaogXyR3lKEZco+dB/mfGf30DprE/9b93lt4hd5dR0XqR10LyosE/yoiP+148RE6xSZ49lSCPbwargwsIXUA9gpnaZ5HXrOrEyo8yc63ZS/mVo/hdnardeaEHeKtWF+CP9VfzowMVCKBRIhMLdZazKgs9SOjs1fGrIhrIp5VunynwSq5YjZGhBcTQQYKAo/IR8GQ5ZtVI22JjrvZTUSZcGgwHaDFiqCwavh5h0Z5LZ0+o01Hck6uCZmR7xcPCrKHyQJjImTbylFfBJiicEQ5oUiQOmoIfsGA/DQgObmIjfZY8qqO447z/6ld3nDt1O7Het7V7uWhHKrsNC61eahGLRU5Q9SdvT6/MJNxKWFfv1rDi1wfxCagJxDecSptWhDP1gkshtjhIQX5F5NVmHNURpDlWUP19Zd0bZFwt8b8GzX1xWlHtod7yvraslrNcX1tKXnE3dWytK3EBhNhls6eSHCtkuFU8dvWkG3GHkm0e4KnRavNsdMlMigyQYSpDvzfNCC6gRZ/CYJ1RnuCEmtHkc5H2XTwVH+xDk80Wt0kBHpaa+W9LXtdH0Abw11/s10kEsl1KvkVk2tMua3qO3Ozk6a9YTTVnw+mwvJ2TvdMJX4obRqdD0KV2hww3aXfqsceEiEuu5L7Cq6l66wW1G1RxIDmoK/5xm3GfAPXN1Br09FmZdXaOZM+Fa6d2UTsnAERYC/EXuNc+MCOT79QIl596egN2aP6ENtVTZnk590EtsFW6bG7D1O+/RXak4cV2y7vkceZJ5NRhlk18nMWTDF0r4YjmSWrp2d0XD1ApN9+iKfBQRMlo9z7UjISIYRkSRkla4x1pH0qn3uzJGArC2bmUdm6dhL+3p9MvoT1x+XE8DyhsXeunHPpfib9eQ+SzoNpKi8glvve+ets/Ljzs/7gj5FouOcl1eMucIh5Y8QZ68oIx1BC59vylx7sOmB4pIoqlmy7VW2Wa18k56pcLVIi7fzcNukagyVe+pPo19VZla2l7kupI27WLlV75fTvJOI10HcbU5p2BfJOtseFjTa2jwCP6Gx1PG7RvJnD3EIV260VbGaz7kcPSA44ZUWg8VO3JpAWwrBYkDz7EkuLx0plU9q0dGxnhUiqlIWY7d4sG9WtyfG8/86SmMoFeWOV70F+j23D2FaSSLEe5cVC4pUxMJNpTft1L9873YvTvTjdi9O9ON2L07043YvTvbSA0720gNO9ON2L0720gdO9ON2L0720DdPpXr5h3YtUs0inoM20LNsqVoyF61OxyPecTsTpRJxOxOlEnE7E6UScTsTpRExwOhGnE3E6ka6PnE6kHZxORPfqdCLNw/xKdSLqjm3m3frvhZf68w7+jY+b4LqMyghNO8UooSALH8ZweJIU5TGhmPiu/mHrbnGhdw8n9M7F3Ml/7jfmjh52BdtZRNn1h9c9euBxdZJAiVIbqiZsfapclNU5bzlFpVNUOkVls8qqV0PZq2frKGfPX55Tya0k3YQxe4v3tijaBYQOiZ0YT8a1gORfLAg0l4niz6XCxigORdobKgxKWVeMN+yUi6e5kQiuxCkyvzE204ChkAI7p6XWerduhzp4fYOHqHQdd6Cz+klZaxeV8SqY91XTCZVwsQxK71EejhfvX7XpOzr1d/bF3ttHKkiSfMIl4+BI+mGcCSoMdBtLyx1xGe0YL+DUly93SGN0CdCCYlVBXZeuDTc2mjloqUvYLWEEe5U1T2j++IPSr6opCxGkW/5sFE/UUxvpVGLNevg9uje1Cvpa4HV6nDHucb8uwzUrYEV5r+4FYOCcYbJ53qGn8REKY/if1zdstYXlfJUEGfxKv2yNHx7arrAjy3JlOsOXrpMosIB5RYl4SUzC23CjwT94qt07YmmUHDcTiMVJPApW6/y2sX2BPfjDRN6GXYluOOUVPWG2LkJuG30ISMKWclM47dbFBOki4Aq4XWtpkYXPUnHVn3GvT6Ezwu3e+kyivVMR06Gr6R4f3QxvO6qHDqla14sxu61vjInJ+orLg/6G1Jt20O+wwCHe+i9keifzmVD/Gc20drSmgjKwPPAp3iJIZGIPSCrdKdBn9eY8wjqXGV8F6io/gL8OKIVvS0fm0Tk4jQ+OpCm1fCDUhUVZ+A7o2cF48GVroTZreVjKxQfYGYnNkyer2rHrMBjamAqFSv9Yq/NRiw0TC/zGWuwKNydIdVZJGpjWxgTpiKHLRuk1V3Lw1lbqs2BuJCjTdp5NjMxdRpRNzScSm61kytJw0mUy6TGW9JtJeqnDsNxqFsp/rfdqRcxman8Lhf9WedxalPe7TeBmaCK7T/C5NC2G0owu/uZjR4ZQeUujIRP/0eEgogpA0rlVps8B8lHzNh3ptlpw0LAazeswqoqrVuI2K84HCdzskGCK3MmE9fY7kbmTmC/vPhr9Ur2oxiLqb+lhNLsrbEpZVY+qQ9La4dy1Hk9J0FjGrNOyyRcssSk84k0oMxpEL1I/zkLpZLqtxIomWw8tpKyxUnPOVS9YMg3VW6hjFe4pxIMkmPaynYGloyLUmHAEhf0X0/7OgpRPoO5NeiIwI89UEhVilO6W2JaYi6xREzRcbLC1c3wLV4SPqmidbvcpZpvtym5pazruvSuArmdoy9papUCFVT1VWFW066Fdb+qLlKLAeAAr6k+SgmVuvXw9KyStfbdazNl0wjDCrL2UrO18mZXElrStQO6Tx8IlQM8O79JWxWi5UcEdTWlj4ISnywT55FoyV5PEQ9dYhh01jL63KHzoOA/gDzJVWCJWaHa3Q24WXAVpmLfqZGzRey7a8YQVUZRJBbZ0GuZwp/ggRMxpXzGFO+OlmCaz4MjL2OYA12lKkvXKR1/ygB2O4DYMZiGcmqg9rzsdfiAiQrRQFDzMC+6RFF+YA386TVK0W0cdOb1xVdV8GN/vPp1fyOTgJKIQ3eFL7D/fYCjB5ivQcHm24P9cefGVtu+RtFNdUD2VN1zpRST13nhcXRnyrQ+dyHyvKbJ5rnCpQzyOyVgU1KWqlRbn7p0f33pj1eqY7Hc6ST4fL7g/Y1zxNMkyQ2KKwi9AxK+AsCHZO/ImRa5KSfjpJAQikN4aDETrILQ33LyIvMMsCLxxDPt5zCuqh5c94SI3/iSMcEux65xM/0wMH8o1QALuJDUyD6fxUUtW8Q2ZasnA/SWIBU/Sw3x9qH0AU5lHlPkdEbbQv4s9v0qyJjEsDaZcMVXxkDb8Wne9nvbaPN9U7JHo9NtI+OKcApxTgHMKcE4BzingW3IKqE11qnZwi/Dj3AgawbkRODcC50bg3Ag6e3FuBIPG59wInBuBBudG4NwInBuBcyNwbgTOjcC5ETg3gmZwbgTOjaDaqHMjQHBuBBuvgHMjcG4Ezo3AuRF8K24Ed5W71N5HwFit0oXqzPvOvO/M+86878z7zrzfwmk5874z71sO35n3t8COM+87874z7zvzvjPvO/O+M+87874z7yMMN++P4CgDBZmGkTP9MzjTfwmc6d+Z/ivgTP/O9O85038znp3p35n+vxnTf/1yb3zNeQjcq4eAq3YR7rrahattUa1tsdOiFvRLrZJFW/kKUbNiCYTuve4Su+AH1WIWj2wqWAxyi5EilRA2smK6xCpkHwMqhXP8EbcUtl36I5gdvwJJGNnh4zdwZ6jaRYavjKD366WfyQXmHfDR+KVGwu+y+oacaqezTOb8Ykrg/GKcX8xX6hdj7Qwz0APmfZBfJ+mXHv5MUpuY38YzCTek8D8c6v8B+OUt9BFuCgvnj1bpA2iQbsiwbyB6kN1Wyhx+S+mU8Gy0exKYyt0fv//+WfN7Bsv47Lt26aqRbRRISmY2ri8XlMaI0Z6iNkqctOtlCLfbx2Qmn7Jc5EdRMm06PaLTXhvoNJylf4Y2vnRYl3uNz1am5z7Dc7fZeWSMtAP/rYZlwa69SlZ+2KJ6Kq0Dv8j19vCaFd+3OHH0IEB+vPX6i4a8z6cf3fo3NT/ciizEmI+RHwevxVXWb2KofWL6A5VuRVGdt2HM4prC5WO7ntABYdvAbEPjQ0ntEqRkyz2Gr3IxyVjsLUk9M6aeqJRnkW+jLb+2I/YXknZvOoxtCXP7rhsRjhp+xvFuusPOgvkmzqcvy00IB6tkLcxEaQBsWYBRAeR1JmXpkdJkl63OyySaNR0i5jPYQoA0b20IUGwzE5uTxkGv+M18CEIvV9AohjTiBPeDEDW0HZ2m3KJg69mcpAImWW8LduR0zoMgfpvxHgbToCTrwLYD5Pgz8SOymGkgnon62Z1UU8tE6EwCXVyRl+D/Pv/w/vgviVBlo6kqy5gzRIebIyUJC6bxnKyIKz8O58CMj0VrgM9fvvtHG1uE1cCFDvcIS4qzPVeICnK3haIavWqR6BgNFNgdMcFrmkLufyFa4wvRBJW2bVfKAdUZ18P8DQnV7wfeIXvcHOCfBzwMJRSahXH1cNjtNA0XC7TMtHRH5BrZ/yekv557cWI0EYvqu5LfnNWGB1iEsZVx0NIVsKLBjfcdO31Ao4ClJ8KRILuF72+4XnsC9whbJWB2S/8q8LIELZlBFI1YKJh51+Rb2dKPXCL2RFz7ad4pgku4+PDqgygPjFtnEUvzKnQJZIatMabVC+Q82hIwTLadSneWeYGy1UaHs93hyO5clt2QuqjEvcmRlphodzCyw0TZ72gwJrRvHSJjlkwzxAOaxbPj5Aov5eD6GBlVVAvjph/x7sqOSQV5/Cf6z6YTZ03qlrPniur3hgLsPTveBAPywra/I1vxcF5lAqQiDw6tZLlIY2dQ9ZU/Y7Lvx61m1Ts+O4hnsvpOb0eCgxoBARopS+C0WYzoQWwRbkVcPp2+us8TBaPf4EDtzIcWZpP60ElBq7YhL3tabYQVl5vwsCbH2sTmVXnY8vgFAzuVqvXYy3xgrmTPjqN1HK3jaB1H6zhax9E6jtZxtI6j/QY52jV6CTbgr4S7j/SS4R5IMVvrlK5Yww9KmGqATUT2pXm1zNB88mGNIg8t5X6WJVN0ip2JaTVYmngekySJAr/s0r5lGMeQ2I29BmwIc1cpcGPapnB20RoaXLRGBVy0xqYTdtEazYh10RoKXLSGi9Zw0Rr3najR9DM4xRgAP0J31wHOLMZXijsKtQZK+aU0jHnpZ7AaAe4w1cYQDrbqJuHP+sK8X1bf7xwy52iBt4YNag77FMQ59gZroBK26UZsTuwbsy9yAK17e5t8qRibN+PBNW/e05x8xK6zkpwCR8Cg2cvkGmg+HOlKi4ZyfGq4mwD5zdaY34eO9ib8rp+z/NzuljYkjYuV/1lZ+676Z9vDPA3IGrCSqVv0AL3altBQMSdIw4G3ChdLcvzydNKvbtLSkQ/HPBZW94F5LpCFDNKVPhXIwZQWuX1yqAsNiaemnYfTmdxWDpXkFLpn13y0emdfmlXpcIhly6KQdWHlKUkBGhXQ00YdufJdb1nBNhrROFDR+bs2uaD/6L8ptSAlgCBTWdPSQOxTPwcxE0YJi7KiCAlMESHkp4aGSSDl5D0y0SByUGThUMO6Ah42TZHt4/7bJt94vMTkz1pkBOu5C350P1PPky9wUbHVxtzjzZRskforEB1BwqCIk3Ua5C1+8B14qlpO+6+3qpkULziV0MRQh5Rbbp5C56ZuPp27iOlUWQApXscM6hTvNoyW0l4GxmW1u/BNQAWGb22ySynuq+riK8UcapXYbKnXmwq5p4ksvh4vxjJE7cg7K+KY/nFBZJrk/iOP49K8IJ8O2GRff/5q0dMOk1Z/7QGDu63MbRU96Gpwu2BEF4zoghFdMKILRnTBiC4Y0QUj1sEFIxK4YMQKuGBEF4zYMBPnuu1ct53rtnPddq7bznXbuW47120FznW7Ai4Y0QUjCnAcreNoHUfrOFrH0TqO1nG0jqO1wM/XztF+I8GI8CxZJ1HSW6ircRvQbQ3bz19nhS5lK1usOq007Y73Hy5eP0fH5zBTGnXEURCTo58x6QvRahMPG/jEli/QIDKPfOZBp3l4hT9w4vyZHBYafjOuc/c/G9GMl7poEP65DBdLYD6CG2DgQ2Qp/Yg9FZGToPiSMBdOxFkunG2QTQiRXcT3myxs3fIARQDZWvyMe00g6iV+LhlU5EbQHStocb2kKQvMbsSi9Ls8dzk845OJ2DbKfb3bkNWPP4Rmz4rWYXWWyn0n2pIuWbJtsygk/S5DseR6GHNtj8/xvBcgRxSxCADFG8foj0rOzkwrH9wD2TohJzj9pvKpMfdA2T+sChcV7lVWfqSbbsYsd2NwhnKdBxFrHUnvvWZQN+lMcsOlTQodv2OkeRM/a7NFI9gUvm6onNH64qCQBQYrWzXCkCLMsPp6zMI6V8RK0zCjYrAsJmK4A/p/yu3gVxQbHEDa0xv6VU+QnAkXuBzuBBIcqWVa+TSAKcINZUR4KddOpDm35D8Ag+7p6tciSG+JimOrOgyZrN0Urk6BgatkFs4pFrn1+ipDhZlo5iUwPnK0AB4BGCqN4M6We6M7GKKOgsYSHtD2esdBMsK7D3ZTZpSZ541TYU+SdOGjuyO9J6uS/LNvYx1SvRBeaipe+UStJ4zhlosdq4ryRCOxDLcMczV4oZ6OuIcunxpj8gO3StRV0ZnBapdYvCQm37Et7Nf5TLQlL6i4WE0wmnpeodwYcdmJM1GNnekN6jvC6Kh2lSl9XiZYC6ZHMuxddy6H1Umw4WLIHxMXW6xw/4lQksrI9fbwZkmQlTkseXkJflNea10T/Rkpj1Zj+QsMVMqF+q7pqsNhRf70S9bSmVDwMeak03W4iJFctw+k3wcFoc9BsHe/IeZgeV7MgehvI/GdGe14QNZw+KSB598l3yNUu5KfS2j9VsCzUIwxYhl5naOWTsorMA9TXBcOVo8li4Xe+FFyu2ryOmawSyHRQ3OvrDUOyIr/TZGWqoK+Q/7pHQOKwNDaNsv2MzdRF9Tg4mW5nYLAiecQVwLFV+Ir3D1TjpbmLaQ8K46dl/aVXllL0viu9mG5GnzDnumgDIJN7ZwMvdfn2jjkmq5NQQq7FWdlvWAgfYLkR5EgbIyibAvz0nrJuXTLdxJY886tiM8zJTsDy+jXRylvgmvU0gO+58H0dhoFlQ9NxUVXqJgGO2a/U1DWMIxdwvgbIZlUTSm16fObkm3SYnbTWvRxKuVkPcwsGYE6eu/ypAOZf6lZruplYhlWrGPUjVxKnzxUlI6prcv+yxTBmnvtF8wZhi7bpkJ6bVX7V+ru5PXufm2PBYK1JCxe30BgYbBeeIahy4qwXwmZYY9yMsNdScsMdyUzM1hKzgw28jPDg96U+5KrGfYmXTMMkbEFOnYvaTMM2FvWr7YbkzUM3RPvhW8E59cLf0UBeob3K1yfqRYWWzk9GwbBkMxpUxGRoxyA9S4zgydpYN1A5MYR93Z6GGAIvOCG4SNE3REGuz8ZY5zlFKPpFaME41pQjyQwM0tBCW0CZGluwlWx8qIgXuTLNuFPg9JDcLjS0s+WdIwWQXfOQ/G1LQHoV8MwDN0O7SqZEocOhyCJF8JrKhcceP9WaNXT1Fl0ay2NdzjjgEYxmn8GafLEgs9oUuBQPjtxc+KGzG+9Q8olprIuFHmSTX0gSE/Y8ocsUhbK/DXMqKEEgXPoHYSMHSd89GHPTufC0K95YeiOQGMYMefe+UbcfSQH6B7bo+U6G+kKamoe/kgqO1qMzg0duQS4nkuAa4JLgFsBlwB30wm7BLjNiHUJcBW4BLguAa5LgPuQEuC6DLIug6zLIEvgMsiGLoOsyyDrMsi6DLICXAbZry2DbNkVQdxD4scjFkEl02YkO0UJtSjFvvillsTPZiJXdFJQzi2mepLzsjZ8XUPnw046+0BT8zZ4uhlRSML3Qa9538qVFcg8lM+l32qIkYl3JzCxE97EG+TdHZJqVzbgcuO63LguN67LjUvgcuO2tOpy4/4BcqO63Lh/7PV3uXFdblyXG9flxhXgMom5TGIaXCYxCS6TmMsk5jKJuUxiLpOYyyTmcuM6jtZxtI6jdRyt42gdR+s4WsfROo722+NoXW5cz+XGdblxH2xuXHbj/mvgR/ny5TKYNnguNA6wO0turVUZiqC27JE3CzOV4wQpWQoyYUebRki72W7Jc6IxAZLKt2CBMDukIfAsulMFDEsU8JqPshglee37TTPWMawymF/Sj9xPF0FuuOZ35fxFOJ2z6+dz733S1JX0nxYdWTWIhzoLcplB4AmI4hZN42xDom5SWCG5rdEzuwRixQ3qXkqjxCNqGoDRFYXzxhgLt8mE87QIWiaJSTB0jCbsfaNpdUmRfM7bF7vv6XCCBnrE1iXvwEuSqGEIdI6ap0rzDKVjti9D2LqzI/QFcEhY+Tef4iX11hoMygCM4YcGhZYJI+s0C/rdO8jCDFdykVIQbhpwEKnAHQnYMo0JHlA4bUmWewfvDCwc6DhUzsJDue96Oj2QCXsOZKooTzTXvUwlXgzQNkrSEWPkOW2Ljo8x5vAcaEZerNEHOCla/AkkDMPi+1rrxh1AARmU2IMzwVAEPZKx+u7t6SZPVEy0JpdeIdeCqWg58xqODBYzfpwbZKOvm2WaFAtMI3ZJ+fA+Ch3m6SuVFK+PVCAboh22g1xpdIzg7hVwSzo/HSfQocyVfTlpRpKcPM6qSliKfTQzKUh/b+9Q5HenmGRFFvoSvYzKXgrUIbQMVAxdf3fZj1jNfUxJd6Xy8ilvetV67xKbro4nT4HdjTGQsC8LDdwht0kBxD9bUoiv4ItMDvtInRhWhcoAeVb3PbWh5L1k0iB1FyKb/y7pwVm9+Ua7hElxLaoKIAiDAqcmjdtD+/pPaPU0RgGmD1B+QEe8r+ZwTQezow6WVMirPf0xK4A4iINrKYkot285ebNwAsXswv+hQDUvoUrINjLBbaM/nAm+MUzWeUfhFabCLHIkpoYDdHduCYF/y5R8fSYcE7Yz55gwIAVgj5mndXxWmQL3Yf4x4f5MQSbcp1nIhD2biEzYo7nIhH2ZjkzY0Ixkwn5MSqX1sScQ7aYmE4bThiEmKBPu2RxlwgAs2mTd3ASLQ8xXJuzXlGXCQKR1mLhM2Axzg0xfJuzVDGbCAOxZmcdMGI7DuzKbmfBATWgmDFiUVtOaCcMXYoDJzYS9mt9MsMaYdVrjISY6E5Ti5GVHFkwThi3Op3rzkhEyy3SUspSJjCAqn01PFzJ9nk/6rUrOPDU9yspu9sHZv1YTWUfB7+kGLWRT4EY+nMHpHQdjcYQbRs9VAVhalEPS4+jspjcuDGHo8aivgRla5bN6zNCt3Ipk47KeESXTz1ml19uZUVcJ25b6r7EouyR5bFNvtPQxF3KgjDkLkEu7FNCiI87SQB6HIMsGlJZR5OZE3aOMYe/eFf2KBuvc893p+UyATf2WMmE/905shIkhCe1zG8XuJu12JPkz4e7mZpNnGaEjj135Nbst3Zr7zgRrMt0Xssmg9ucZCje7pMcDTB3lTOFNFo6SDSMzTRg9o0DRnqV9urFJgoM+Dj6V5n0ANBtE/wz9QqbBjBgovII90/bSd4JfL8bewS/PRj+AQD1iUXgV+PKOMVEgTYESBSp7Z9+GO/SfiPRVFD8sidEzwyihsHcIhLVPOX04qbRHFqcfGprrVtL5OabzeO79199/+eXp6Kd//PuI//P3f/zL9upjix1/H2V4S24UMsvru47avB19hvW3LxpUtOUqV6qClFTMcm1bYSgH1qGLPqB6XMxHqmeqI7ifWsJtPbrKvK4yrwBXmddV5v36K/OisMD53DhPWicrbb/k7+vNqlxEmJIXC8FUkiEyP4J3+GqdcyZoNE7SWySxqWq54nrr6B7TLsAGm3NxHvUFX1PpF+FRNhMDHHsvtN8CbIinPBQkQLfqJbI1kJdR0JUhvWYizzCd56xji1gcOFqk1A93vkJGm5LRyBNMRuqvkiJmTQXfruVCxWq5QPpFrX7szbApNolQpu+OnslNhJGki/o8PSI2ldNEiM5IkBVUgdo3yvqgJoKGFoWrUJDVrk7Zvbhp0rrMKPECl3g0p3nEPXqjkZCaLrddwM+YRBIORQ57ccfr2ND0lst57YeU8Y20DfDginroIkns+zejMSD/Z73Komm10KKFDVfaYjFcMXIEV4x8J8XIPeg4DZG9tN1Pn+X7VYZnCgJIskKOZ4DMJt321sjXdG0xO8lFuqkP0Yl/kN/UODjxoJIatQ0itOFodN6D4liMU65QzwIJ56HqCnivgX7VmgqzWtbYPgW8p7ZKyb+5IQDgkhWAl7bIG6bn1Z2/gQvSRie6SYnRV6VejNyM7LzCYfoKCzJJrIlfvL7H1Xbg98swjoB3uFQVsazGU3Ypb1QTeJec21dh/dITcQrSq8bnXdFVvtpqMKIjscUuDZxw+xh8JUVpCkmSpYbUr9Y7g6HsKLiCNn0Ql1Qma9kamTIuNcqzl6J2C7tmX1JRm4adqlH2yz/aGSsNgzT3dq4XlV1q+lXIwdmgatDI6I66qwP0mS7ADaaAPGQePDf4D3mLisAN45rGd8w8zVW9mrnY8mxaDWGjGuHm6H8O2LMLy79gvaJ1iHs/Ru+E7OpkjC6BJc9DQc3JV5BW8UjVOtIsz4j1UrjL+6k1wtJP0ZVgptNZEwfdNBj2l5iqHMZwZmfFVPr4cqFbrt4U+rUh9ZeURWCzrartt04yrjoqveDihHuwKnrPgBlbTL+MZTGh0lSGMT4LF9lxdcDHkyiZHM+eBk+f+Sfffwf/mM5mP3z/08kPPz0Lfvr+JAhOZj9Ofpj9dDKb+D8er78sjqfp7JgKdf1f8tEaL5I/vT15+uPo7cmJjaWt5CAglX2jgmt/jWjKWW8ECYK9Ha6noim/REdsn+a13sZ6XsBlBBHjBWpTtgkTPzPa8YD7QBac3OP5d0lQhEOwDAJNSAZZAYGhmmW5MM23HYCyFDEPU5QtYhEBJ00UM1UxuCOE8BW6DFBi3Ofmdbgkw583L+IpMQc+p01fJMLleYK2klVypW/7GM6+4RfenYS0uwhmz23TI4rYLZOtfFJmf1saU0wxKexX8AlHHShTT+n66BkR3QlB1sVNNSO3U1iwvWsfinCwe6HARhiwFwKG8C4Phel/EMz+3pj8B8LcW7HOfcz8Vky81Qh6mfYhG34DJv0emfMNmPKHwIw/DCZ8h8z3w2e6t2a2+5jsTua6m6m25H/bmOgr62xTaPJoqBYlz2J77pteSoT+19DaNmzdz9xEPUmPtn+hwyh5fAiDPFUNxVe4ezZitDRvkeFnQLaWV5pBt9Sqv6t9yLG30uG6gfXv2M7i6u6cDL3Xp4UecjfUpiATHVUK1egFW/spHAoq28WJSKkI97y0XnIu3bl9JHDoHLciPs9U3iSkifVRSqPUNYbZAb7nwfR2GgWVD02muKsAogZbFXVHkiQNwy0BwqutGiNZmz6/qaQAlWKpaS36VSyMf/ZRYlcVUcCcWWGF82m/KGSjPkBYcXCMbuRS1mOgPBDU1qWdishaGVoqPb3rtSuV05VrWCmja0SSZ/VMPa2l4TW8Q1GWV8gn5zjRaKWWr+Esl5RoimW0qDVGh6S5YhiK1rtIeSUmuXXiq9qp3KX9yyYRFsMmavt7SIrFsPPUWKrZPSfIYrjnNFlq8vtNlsWwt5RZDLaJsxjs02cxWCTRYhiSSqv8hXV+iU0O9L0k12LYNMUWwxaJthiGptti2ATHe0q9xbCnBFyis+3TcDHcaTIuhj2m5FId7iUxl+xtb+m56h1uk6SLYbNUXQx3nbCLYRAxHpy8i2ET6nKHibwYdpXOi2HfSb0Y7jO1F8MuE3wxDJEKaAQDkn0x7C7lF8NAfmZQ+q+GEVseIIR9pwJjeBgJwRgeSlowhntMDsZwTynCGO4jURjDDtKFMew/aRjDYBJjl0CMYVPqsmkyMYYHlFKMYTCObX1cETbF8aapxhjuL+EYw0YotUw+xrANXjdORMZwb+nIGAbjdnBqMoZNMbyPNGUMX0GyMobBS2aVuIxh02XaMIkZw72lMmMYiE9rh16GTZObMQxOccawyTLuId0Zw56SnjHsJfUZg1UcG8Nmx2yvydAY9pYSTXS3j8RoDEMVBEOSpDEMTCfGMJi4D0qbtnkflinUGPYzc9tgDgbL1Gry5SHHxCrNGsPAy8Mu5RrDkMRrDHdsErvDJGwMe0zFxrCHhGwMu07LJlrdTXI2ho1TtDEMOO3WZ6Y/aRvDYHcZywRudX86mcVNLVab61n//tt/gjSGIfekdbI08foGOa0Y9mL732cSNYY9plJjuKuEagx3lVaNYdBVapNijeFBb8p9pV5j2FsCNoYhadgEOnafjI1hwN6yv53C+Ax9Dc45i9jOL6kwJhcZzXGJdGUkTbGqjAy8wIhINz1ppeWD39vFRHhL9C+O6bDw1DuU/ShXPC21Kb8KZACzBG1iWXeiUQbS+cFY+jgfu+RADPY+aDY6+6EL+F6YzfCCLuLwV0weNUMFIojfaYd/7IVVNADChZmViggEXVgcGlXrMjOc4BtiBR5nNOLeTg+DMXDNU+VdhKg78oJ8+mTsnQKR8LNAGyjRrZJ6JNOkcAMVLLT0AYtIsuzPmqD8WVh1tPSzJZHEBWmfduatPSjrIsPgnXG/GRgZ7jMPI8PQbIwMwxbSKjMjw0areC9ZGhnuJVejmPrdZWxkGLTIg7I3Mmyy1g8hk6PAzsPI5ygGY7tU/bkdGYauTXuex1KsHXCKQFaFx1MuYun6t3pr8se6csA69aMnwy/EaE761T3NKSHRMUvKlnjN57feIboeqUgmv8iTbOrD1nvCHBYqETjWWYaocCAgTqB3EDLJAyGjD3V3w6jBPkOZpzdaYegmuijH8MluZJQ8/Ae3LzoGBDdhRgtnxKhZeDuRJ2a82+x/hoJyD/62Og6KQiglhhLDXxSwspHukfc3sj5mU4gIobARmoxkOi1S5ENCwSDpkFYdhwnE1YclFOfzPLDTbgw1HwH3ehq/icLF0tpQYx09gzA8gsb8apAtaFMfgXcaBdpizBzsCm8SuPDn/NTYqGotl/56jX74IjcGSgt49dh6ViOYm5MU8txmJuM59RbQqlRSkbPjBo7rKkTnE/TCDi2z4SEk0SxIzR3mHRZZAVf4rSfMt3KTqgRaai8/QemFok+EHES0hScyaPaczgNErkUQQ+ORd4jsN27/gLkQE+tPjppMDWQ2iK79W1vXCjwnYZIC24JRHWKOdMF4s+Q6No8smWRkj8mA4EcEc2sJZoVCGtAddx7eQN/yVkW3A+h0CnOGa8zeR+U1e/8+l0mIQuIfRCffPf3Xo+oOMpMtk+yVKYsLvD7E7ZTpFHkzK6ZoCHJ0GOdR1WRHfBvvKWQotU1pAqypiGqQXdrZmBDwU2YW/GkeXploeZwZDIQt9reOZhuoLMZlg8Y/rWd3GZnCnXgF9SIipDkNRDb2PgqyQGQqtNsrNQ7zXNy5F+gI8p+yR57WXdxxvM8/JrBdrMJD+ZvNLpNXRl9KGUIJtvgnUm+JZBV11hv2u1B03Qp2X6tI6IAjdUI6BfiypxGfKUDB0DkdnAGfkqyOvIP3wXWQ5Qfwrw9wF8C/rBv9mQOZtUSBqdPR6ngkc6qRHFfCBxBzgxIJZZ9ljwFQSnumgydo/Tqjwfp1xtUQF5UhnAywZOdFaucqgfCt8WMXRmBtg5+GaU3C3FuzIkJ9/SS5CnqT8FWGR1dXvYtBJ6tQOin4f3+SJVGRK2H5MLh57v3wpHq9D7ll5TD1HYhtnjz91ycD4jqQLcBRihRkT9ENhtxMtJkDVS32Lb6oTJTaj6aU82nGOjNjunhb48XN94p9LyXN6o54omeSJ0JJ1uSL5I4CJtA+4qhYe+FKML3Ck4adfsq3aIaB5JkIAlNqLFK3WXel92kScaQjzkBti1lCqxvcTDHzw8kz4uXk7rHuRB0B7wP5I0XGxqNgJfKg/CLCPOsotO5IoRpRKBy3joDIZ1IoRhyROrKBBKRFHA8J2fMNlaAhdYvFCTUHXEHbYIqwA45QZLNQB9PdAr23QGGQsdry7oOYb3zMNiHmm5NeZB63vzSINxl4XZTs7rsm5EiktibkJPZDq/+jmQDYUHnrvvg2ECS2RMR9mfjhaIezUtR1nghVDWwKIUQg9a1fhpoQD1AGmJda04k1PCpIacTZJuyn0kK32QO1ZdkeqiRv67a+CfEkqZpwoZw4vRdi4Q0ZsCR1EzvxIWZhzbZ8ixbyYCUGC/G28tyo3LTVF3Im1su2W39fi3JdDBsU7eqdUoNSwbZ+F8MQ7YplLa+G2e6qohfDoLpeDHceFfVQkvmX4e7qfTEMD18aXvtLfrcZY/lwSgK04eEBVANj2HtNMIYHUjygDBuIPkMyKOyoVtjGY7WuG9Yw2EGHb4saYgwPoJIYwxb1xMyZPIyqYgwPo6xBGe6gwhjDwy95UIadVRtjGBqmalF5TL5qU3+M4c7iTi0btkHCiFOhd77Rgxyr0fRPToi1H3EXDitaQJ80lytY86M+duVeChXgsIeXKMAZ7aBGgWyms0jBR3rpD1ieACfeWpigaQVcZQIBpcoEO1+3SnUAsYDy0JdrFGRmEDAv2gMuVGApsQ/W6PRfJw8kgBuPnAvIfmixry4g2wVkP7hN6QKyy+hwAdkKtgnIJhbBRWUTfE1R2aYctZd4bOzQRWIzfCOR2LikvQNpicYmKdlFZLuI7N6pu4hsF5EtB/NwI7LbQrHXVhJ6Xyy2pJYuClvB3TBmD8FRhxbbueg0gXPRcS46zkWnG5yLjgbnotM6WOei41x0nIuOc9FRrzoXnU1G0ze5zkbaJ9I2/JGs3Vh70tpRy4OmGhGlC0IQyHMudGEmLkgmwsJHxQyNkpflg9zOVU47SsSUx6CLnsgByAw3wtyjx2C4D9QJSqvg0Nyd6o1K5mFXShvpm/U9lb22ce1VzhjgqWiYTYSuj/eGbZBfpD7QcanKbdv2ttf7W6pVwmqjUhUW1YuMGkRnG1HoBPOu8AXRTq1Nb51JoIPiKMtKREZg3RtXB5yNWffhq6uCCCMpP2K4WmWAFw0XG2w/iPAWrgizoKJ1ErqmWIypi2GRqgRkREhr2PJeL4e2CrLMb0/TYLtAL7xlAQw0GaiIZxbtos6bLKQYuRnkfgjMgj+ReiC9fD0rxBhi3wIPdf2t+vPeCcMIs/YUbbbzRZ0it6S0RmqfPM7oBBizIwkBKHf00s86eFBsNJMl2XBj4ISnywQd8mRdpySlLVetUK6Ni96i8KHjHAPoO8v5VhAr2KvtkJsFQOvDvDVBjS16z0U7WtIjvR5XzuZ7BpGkKNwZLwVylEdexv5GaAnPEF8qeBM1I0YIbGvvdPiBiIj6Eop8h3nBPeITf5rjOU1SZPG77Dm4qmo+jO93n84vZBotVbzE42vrP9/4Ufsm6V+BzjpKJfyLa7JarOtIOixepFgOioZz5H1i9m/jcXUFi1ofOhEUqimyea6oWi4ex2QsqgkTl21x7t6hYn+sWh2zOKFtqqqKIK54CnKBukMzKi7svZAWfRCRilyJSdppSXMPrYPQart5EXmHWRB4Y7J0CWWCbuIJ69n9SRjhliKr51SoJJAahKt1ksLubfVF7FmsLl511HC5N77WWg+qtZ5TJ9vZzrMKqelj5McBeZz082fl9xXjFOoCzvCCt8Y3lNNFHZc8pAlIakEtZUifd6yt25XNySg5qKLDr7T0nGvJ2uT/Kt6zzZvkVKREzEy/JlIdaNqocktW/XF9ZWzBTZ2seaYROr9jRgo6QpvwlX7OtUHbdb7D3Nks1FflOvSqfw5CmKcBGY1W5BWJjLZ+oSOLTBjPU185V8orDu4pyrBYMCUTh7D7CHcIeuaxsKK75rkwM4iGQi1dXuT2yWEOtZB4V9p5OJ3JbeVQ9WU26DpavbMvzaruSO57WRRyTeHylKS3HxY6nzamp1CKuJYVbKMRjQMVnb9r47/7j/6bUguS05aekTnp0Hmf+mh/h1HCoqxgZ2Gx1zASckpDwyT4HRGXI5WeKuGnGtYV8IppiuwV9982+cbjJSZ/1sKLW89d8H37mXqefAEujZXB5h5vpmSL1F+BiAacPBpx03UasMfAIDyVN5rN9XZa/0LeByW1Q7nl5il0burm0yn1LH+hNLjNybDL9tnaByraAxc0Fwl1mdEX7zaMVoQmdYUkGdb3H79vmVSzvX29BPZxk136ET80y8ia4gS1Suys9EyYCvmiiSy+RvfCjwEZFI68M84dduRdEJkm+fqIDgVIfUE+HbDJGklU7UdGvKH1RR99pFvGL8VEscUSWUIa8X77/dFoNHrkr0NZ2bys7JeFwK9OHn2Bwwy3EdkezkR72vb2yIxiqQVgGBp02DZjVGNPihDzQ1Pjsuurp+OT78dPH5Ud5aUi7mYkBiNPwHP5aARjfiTMbZ4aPCeXzcYiXmVcbecRivTYxSJNivVzr/U9blmORjivy79HlUF4HiPqtRzGSxoGPcE4qb81PX0bioSfayCeflSfBC/kEsSH93ooI3yNn8DmKSI/rX0IT8l7/rnhTSHQTY2MSpwZEcSX6GwVqy5Kh+lC5LjjYw+9TkUslxD3mybtef8NV8FHH+vijlWQiPwKW4TNuFqLd3kNXywk5eMNr3Lz8OOrEz+CU8qWE7ZTyY0Nc42Bmf787Lz0c4UoVMbZwJjjn9W3SlqbZp7YOEilw9xNknDA/FVJNy4WStvipCeCIlxakxy3hLmdI31IlSoVdgX8mdOFu4gpPzm3ncloMEHdaSuwAZ+LT8dV6o66qTSg0NQiNtpj+bw6joZq94swl+RlmqxWBRCSW7a1IauepNnxDL16jrNwMfJTYEzzgO7EY0DyiCYSs6ffavYnReAaSGiNttIBHbA8eGQFh8oRL8xqqFWQiuWz1+cXZtRVKANFjZumbX0Qm4CeQHjWK44WLpZ1EsbCIzMKSd9VTFZhnpEoEmTkiFxt9qUyy3I6s5pd9LRD8XnHa0UW0BEugtVqNYdHtlmiBElvWdrKiTaFcpncrcSMNdMzhg6TFC0Tf9Kn9DBeLfnUo4MYIxovHB1TqUbUxCPTXqqzGN3i+9T/cxHP2lKBlkf7gl/lw/Dx9TvYnuws8PKFN+FH7BYgePQWMVK6wEmPjfLMxDweZ+If3hQHT1rlFrFbcpCT25asbD0KBWH/s8BAqxL0XJgQCTNpQM7k00AS1b8pu72yNdYumdblY2Bfkdc3wIxGt1ITfFmkEbmAXYpmL70VhktPlL0CT35b0YTTeeMISLXGfKysNK4UR8KYdpsU8kZBPYLqvXnw/S6B3Y5SdceohsQBYgjtymQLpRKxeWu/bSc0joXeNwfEP+xwVGtknewG1OmIhSyYiCGWqj/v09lbap+dtueqMIuw6KESUdx5axRohOdNh5oJWCBslEyxPjctkqqGuZLc6fz7VJt+Ht7IQ7JMki8jZWbDT7dDGzDLO0EbtCPXF9uU6QXkQUbNxuOMYpMkI2B7phHMaKLvv3/W9SqNRNvEfaafPCiZRfhk9OMPPzz74QjWCI9seBV0JP+183vv93jvdqLpcI4Z6RPTQbdbtalA/bah2bj5F4AhodZItNmyaRERpR4p2P10Rt8i+lqaPrwktjoA1gk3xnNco2Pc0pety3EHBP5C+j8G6qsD4ugOur+5xDFfyq2GjCTdaKxtk/teXhFhKdvG/8TD3aY9XhpXhTSSs2Nj+3heKCIiidbRjojVTglV6/A5BFJEz5DxkQzguKYTP4Pv/QK6piDVA3zwfO1n2XWSzv6fA+HG0jZ8jksde29Sf7EiLdbhwZ/G4/HBE0IQJVUw0xcdHvwv8bQzNYOMdw3Cdg+dTvLbcWjVaT8X0fqbKO/eVxtBMyv5IkhfDGSeKQe0WCx2YpUiMuK9UVeJoW2yhdJlzryan8sGVuwPL64BHkQTokzaTsIc+nB4b1G3Jcd+JBhm2SQOuzW7RTcjRU28vsFTofQ7dSjht/pJOYcXKeHUBCWVXzWJsRLY/Ua/R3vtxftXdQGUoTMIx97HqX2kQm6XTzg3BcitZHViVcUR5xVisuLL8mzi5dZO0yASho2AsrDoBBhtuLGJjIGWrJOcUS4kqZLH+eMPKmZSTZmz/XRHfdQVCKWnNtEEEmu7ytGmVsHQ0tM6Pc4Y97hfl+FaXkq0Y7sXgIHrVcnmeYeexkd4/+J/XmPlUs5n8ioJMviVftkaPzy0XWFHOMEwN0/eF0ZCFoEFKd8pTMLbpzFePDzV7h1hZi/A5iUDESfxiH3RmtoX2IM/TORt2JXohvzh+AnrPrHCrKqr6Msiq+G0sxdKTsVhS11raREVaBlc0++q3ud7PsLt3vpMor2N2epzROgeH90MbzvSFQ3x6OjFmN3WN8bEZF14d/yG1Jt20O+wwGGaYdYHNIkA92c+E5yq0UxrR2sKbYPlgU9F6Tx0dIz4TqH8luWb80jkZ0QarNw/D+Cvg6OOMEDz6Bycxgd8B9UOhLqwyCfxgJ4djAdfthaOXC0PS5EngJ2R2DwYwFo9dkCKkd3dwrmqc7v0b5VzMQClT9VJ0mh3iDwEyGfrIqDILzZtB/EYyw+CCAfvn7GV8LU2kTaxqCTLqYEIF0IR2TwLYqlD6A4ca12SZsIxKimerbTlfXEbVX05O6aGZXv5LjTmGwdxlEfSFMdRGZGL53DxHC6eowFcPIeL53DxHPYr4OI5XDzHHymeA27NGQYb9HBofxWvlTyZ5MlWvJh6SzHWDQOlRAL6m005t2qn1VT/4rYk/k1MsnE9Rfp/HxgyrIeZqkTYpGJOgwVu3VQmQLAyAvYxeMIdu7u4vO2pfmM2VnI2Ed1QGQMShKTCuo46xcExpkS5AhY82g++qQjHYaD1Bu9BoMsbE7oun4FWjwGRX9R0HKjOcQuGh9yx/gq7wWpcZ/r9Frc/c4O14pbtB8Sn1JcLd95WCuk2h8aOeRnejALr5GDLGnLxgHHfqWZDvGytdV12LEZt4LQSDa4ly+1H0q/q04hufaVjG/Rr+zjzY0/WZ2sGodRaaffmMkGs9BJGsikcFztpix31OHkqhcEO2mHj19Dn1dB9Obd4NIxMIrC7q7eigEP7HGnhMPN6U76PxtHVm+AOoaF+XZGLO+iNOwjX/myG6mCQmsIVfLD2V70xB80vbRRwcPrxBff/EvunBzreoPywFm5QGTsvn4opKD99pEIKlCEembctogrMXGeUA56VrsmUawd7onfSO4l9ZIQUcIY6+OwsmI+Nnc+rQgkwjUThNVpdGQv5eu9mLLgs9bH8Tf/aN5a+aAtc1PKCP8RYi/LWawm1KG8xF2lRAhdp4SItvrZIi/Kp7wy0gBNVfts29ZcgtD0KiY/8VotnPtF42gOiNgkORlL5Bg5OC8Aif/ZQLy1Ypr/Q3d/Il9ox4EDFqI2yfCVpqToXkwDPi5pya27E03mpRWKupXMpq8DUn3xCpYOGdP3EXYxqdBpHWy9vyAfvVhT6gLOXzkaoTLmlHZYdlcYgue8N3A+bqE4jeiWxIalFaDxbcbfJONo1FL0RDTscR1diQINFMX9ulB925CDQZrsWh9mK9PSZrSvEp2S1LiUcLITabzP6I6hEPwl6oV5soUKSqyRj57WvkvM3rLYqvjOtD7V7uAiWW7KV8pisuphFqxTecLk11MXCxA/BOs+O0TviKgyuj7GsJ2zkEcYejYQv7DEJRMd/ov+09Hfx4dUHwrWsJcQafs6LOjYYxiPa90deEc7+1/DztDNHmU2cHrJitfLTMAs6XDAaBEETnLuDBufuUAHn7rDphJ27QzNinbuDAufu4NwdnLvDV+HusK0RZI67m3/qtoI4Zfm3pSyfQDtOV+505U5X7nTlCpyu3OnKna7c6coZnK68Ak5X7nTlTleuwOnKna7cBKcrbxuV05U3gNOVN+HZ6cqdrtzpytWjh6Qr/8MHDAT3GCxAvzXECbSHCASt4QGPdh4Z8KKkW6raDsqaJ6GgL/3WZzSoG1MMATO8LyPK4DHszXhSH8dDCzLos5k4c0kJnLnEmUu+WnOJtaVkoJLSTkMpe9YmkAHFnTxWSfarQ1+K11qUoWwCpt2mSeC138T0CTUpkkSnCdXwtWlCF7CI135ftbm/8FvKVBLkiB/5sVwL+bPBcTTMTFCyQbt7Z+ZGkc/W3N8NQzTMAC1jdYbGRnCGxpZx/LEMjZ7IcN93XjkNviyGwX8JWtJzBzYlWmgzbzaRopG6MCs/N9lCR2JsO1VTtLj0beTE5+TaP4pcuyN/QCfWOrHWibV3v1ZOrHVibXWsTqx1Yq0AJ9Y6sbYMTqw1wYm1rUh4qGJts/V9b/Z2IF6whjEMhSzsYYxDHk39EdK7594UebTsNsuD1TH/G+9FuA/xQ25hjxZ74cU0C9ZRcst10Fpt9izNaGlLVCm6fe79HExUJs9r/rfcKs2VoxvKE/N4CCOiiZF4q/ISl7M18Wi8QJVlvWMheMkxqIGfBciCfDbM97wLr06Mf0oBV/go7MY94R0j+pVCND3Tbgq15zV3hfpS8SoskzR/rwc08lZMlLQ7Q+3LRzt3a6gNX7rLZgWG1WQg5vsRDOjT+lj861VyHR+fccXNY8ygHMyOhTtYgw6FvZXWSz+rqHCMX3pVJ3BQI1lWNplT3a8cy2rGxI4oh77cTxdBzomgiaFpXrumAWIpr3DqlxVdZ+Uf62S2Z5zo/Xq7o+FBS2fNY4Qnmw7QGpGz6hA9ZhuX/lVQEg6xwiiqRoh1ap2OELYbJ/SJn206pSL2pffdTjBvtNc8XP28dcgzVGsgvTFvvZK3yTM++Buo5UrMcv0wN+vq6hSJlXZm5dhXxqDJN5h4RVmNNg1WCUbjhLF0D2Vp5waVOFHgZ6Zqy+kAnQ7Q6QC/Mh1gjZaQLtA8czWFYO0TW62g4LzeNwqOFWWderMpPb4MbDI3FLDYSbxoLqhXl6XgLnwbxAu8Ak5qDzsETviOruLWrPb9Ko53IKasipVxmWUiqT3SbRHnDDT2OrpVqhhByQXNamiUaDWMq0mjYCazf+odyrYkjTfDSNSdCtQvSzDmIfPCpvT+RHKhvye1Z92Z8Lty4K/Rfb5BkC/rrDmyKMg8VXd4VroHuZU26XkCQm7gV4OzYMsuUFB+BVMC3jfYYnUv6N69oRWmWLAwLq2vbw4XFmTlfwlU/7Acc6I0LSg3loorSs6JL+e6nEa7WkLlVca/w7hAhWBDw9D7lHKmUGOeyS5QyIsReYE6YfjhYwVfr2+mAbAZTRtThEvJzZYV6Zxq6Qrl2qwqkIypkiUvrkILft2kgRLBSxkgmo6JKNCr4vD85r1ROhE/Pn3aoGvZfBdLEWOTzfNekQRJdCVvWx7zSdMxJ+6N7mS6Hrko/QykVJQzw2wJqMqvg8CIqPpnkCa0xCWd6G6RcRVSwY0QtT+3b0O4pTc9VZpeJhhMxYg5DxgjKUYZxjIb0LWHu3/iTxuLqNwdory+Vdock7K4+ibYe1uuVT83ouPGXD8bT42JUa4srAQrP20K3eEGDXFLHnIK5Kfv5vPyG7MWnoHhNGfdO1U6NiUYJW9SkCUq04baJarFky0U19VPeMugRgj3YFTGqVkUuc1EwNGj9sWTOwuD24foto9UcPDyCdFcVfiZhRYQc7CYMVeJRpFKlo/Gl1s7BdlQXNFcnprqMDUKQRJsCkNBS+0PKxjBXgXjyPPHHxTHoKbsr+GEt1o0GZrYR+NpXwgkgsSa9fA7FtRsz5CieJ0eZ4x73K/LcE30kONN5z0LwPDZj8KZap536Gl8hHcy/odoBXMFr5Igg1/pl63xw0PbFXZEDGdI4cNczhyZbENQzUQwf1Aqhw4CIPzj/2/vXZfjRo510f98CgS9HSP5EE1qLr4otncETWrGPCNRCpIabx/vdcZgN0jiqLvRBrpJ0Q5HrNdYr7ee5FRe6gKgUACazZsmK7zWUN3oQl2zMrMyv4+6Gl4RVzW2dH1jCI42SqX21c+jp/7hDt6ar+LX4FlG35AXZIraFStCib4DaNxSVcssLS6BnlwJvNBcBgUSt7fPdIeJp6h005ep5d76nR72lgeCl33d7cOT4a1zqVMvfWnn7asCI9Zv6TttIrE+Sxaw7P8F0htX0L+Ji36kjgS4elBGnvsd6+NONa0vwitsmB71U7ZiIE9/SmeKemf95NxhfQJksEEv2Fb/2sb795YXuVtn+2i+TWdQY0OYAwtT6rfxu+3R4MO2Rx7yBi6HzZXcmjpwxVyiqmD4Ie0clWDc/kpvZZXOKHBgt/kMqPQGFbWh2hRo13hZBI60u4R6nFBF7JKDubzILoHwNJmphfqBzjaa2eyipY6mB4tHBoED/qjfQY31T3639qFM+tNV0Y6YAhfNt+89YTq6xJ30f9XnOkRo//PQdUhYE8remaDSRygE4PeerMAHkJzndOMTPpLRRG1WGjpDfkJHMb8QzufzMp+ulsa8e5F+fh199zIi5tu0GINP/xI8fz2aYnqFtbza+/XLUFPw7ISWsB9hDzhi3yWfnbsekD17oTr2a83HGqdA1qsjqNxOKDOoyFfzCS35UL2d1r4ubwj04rUGMSLTFlQ+9ctv9n69wzc2N459Z+dbCXB/zA0ViFayyCkWJ6mobttymRRLJeXxLtko2Uu4sgtUXrXn0bpWrTRTOMlxXlJ0LUWvVFccv0igWmvZvocQuHzqLAu8xzwH0/6TMlUh/Ks5MIGqzZDBwFysCgj12onSeandTtDz2kWleXdBV+mB6tWvIYJsyRkE2pPFgwyHujKNc6X+1Qajx76rnFFKBMV5EZOEca4qfWPpboYvWva5F8qNwb8fgTZgMfcTaOsLo0kA5IcG0i8q8UzsFJKVC4i7C7Oq+6+3MIM+Qj2/82+ePpIuUDvJQBY6FUEGiifelezcqeVG3lzk4OEkp1pJsTogj5pi3oqmkCVWEde+XeJcCi3Bu4oCKuQyaZNdEC+wbBv+DcuuDguvHZeqn3DRmFSOPzM6IMCw6S37P9Uf5WoBoEx4ecraetY2ctsVPXW7bTx4L8GQ9lBs142k1/7WDjvlTIcB0afn7PKrClhzz7geIrP/stvbnNbpOgVUt6SYcGe/Kk2tA5InNnnhr1+/pjXSCGr1PjTACQFlw2fvvm0ju+JWc1X5Csdkgr4AChoBhwLcDqkP+XrRCRgBlQfxH0OiV4lSJQshUhjjc5Z5TpzvWCtqlkWquqVmxwFnMysAtIRblNKqwYHX/GOVFrckB1WNFj0UPbCIWYynxiyfZBcIIcq5M6EDr7bM/Ck6AGkYX66yiVpKdlBba+10bkXRZToH30rqj8TQpf9c/+DUx5OdLxhPlgLId8BHwfdAKcWGq6NMzZFuipp2taP+0aqKQsEQkPfHb/8aHX2P9eD7yKN0lZSsnKg54Jjq1pQQKEccOWYcUtDAHRtqopbMqpjTTbsTaaSlmZpkSr8Kn61zW+EiKUu6q8/4doUqS6ZlTnEYs3OI1tO7gIZDnSEXavzCyllqeswVw2jgQMOLr8GpT3FxhbLuy4i/tKMX8kHDYmcIVrV75xgqqOdxiiE0OiqHWmo8tya6wbjsQpYmdTafO+ujGqjYOX82i0f7CfXamtAEoFus3HHe0BZYoMvx+zNeB2o+vt37g7JQMiXElDK3E2W8FtIMM374sa/3XkUHHLSjNP7v9vZoOgmqNPAqinqDlG+AyXXwc81CwD6MUeqwFn4B6rv23FLAg1INl0tYxwbGFJdtSHqSIAMJeRu90NtWKS/JBYVYpTqOhQJvzAtP4BfxPj51pYYkLV6GZ2wfL9sm2p1nMoM6L9V1uedDWe2f2SJfpvPxbbAfjZBZVwIpPX0+NnCx6svLHJXhvBZOm1SiaNt73eNUngZuIqA8siLwji4i+P5Nnfulcx9ctcFLkhp5cZlA5Cw+pxM4/hkSHy8wXYIOZrzbfWlOX/X+W44o0Ne+JUXtY5wOQXybeKmQXUO1Y8rLRg/1aei6pdd53p6KB6X/VOGO1DeMLHZAfNF61akoo+jIpjCS0kOQFZjKx1HHSgJNl0q0XPruHXQp85lN6KSIXwrfSfRxi7caGNPrSnQb4p0sQFsuwGz35/XZkih5oNaBmnMl3UZG+qgfA2Y/iKS52vsTSuy2mB1WKvB6xDsKBvgI+qR1PlporXRGJbtl6MJS/6ekm5JORcmZ289JrNlcsg2tbKysEtpMn/AKT5XVSodsdQeMlClD1+22Se1mPJTq3Si8aHtCZvu2rYJAo+0XHK2iRGE+hzVaS2kIrYvjnBwzLPLY42S1MPQxKfk4oXgQ24vY6mYmk4Jm/aL17hzKEq9z9eu0Sswg8qE19o5HNokOj09/frv/pzdvH213mGF4Xtsiv1Ei8ERnTAcO8v6b4y3HtOkJnaQLEoQ6bI8TaTCV/u1b8xwrghgSB1crwauTFDJ5pumSjCwbt69Xz6UyzcEtPYZzGIIGR0bF5yczOCEgbxcbljindsh+WcL5BPEJc1BwM3YrY5vx1ZxLktPnTp2kuBMCgAmnpslnjzR4HzsMswJ3NC/iGaxQNAohmQr7wlQjXH148zzoSuyM9RkSkfW+smZtyEY6BwUBNy3ExULrVYPVIolu81XEx9ctuhNuOi7PIrNI9/XTet3U8BzQJrYyMNFZLrjm58udKCj68BZQpxCTVNXcEwVbM07lOEOhJdIn7hFKWxZds1QRdj4c6Zy5vrAxuvSM5FLjMc3Hn3CGD2F/D21ix9KBAnIAWSn2jw/BcET/OrzQ+Dm2IW3iEq+zdCO21eArk0fZDQWR9HS+xlZrtyyLLJt9puyXmA5M8i6u1BKdouzorN/ismCoHm7JrlkAx0DaC7+nYt2yMI1ZmKrh2P2VHaJ4wmPU+XLQhK+UPo66d1VAI++G2gQJqQAoKo1MAhmUwq4es6ZlXx7pl3d33b03vAjxo9hylpNwNk2BAGY49JXYSycl6FswodtwETrLSndj4NSHozGhIMDLTab0n2+//jp68XHO6TPoGX6jVsPy9qWTP0tOxH6bzZ+cVC32sBi0y8wW4mxZvRLx9DOZrvpI6hwE98jaVM/acW1a+tRDcriIkH0F36NlezZLbxkcdgBQGTp2Q7DGbNk86lgQdEyX3iOlVP9ND9THo8MnMU6qaxsapq7gayixo5MEH/OiMLkPdPhtYpizTndl0D8GZUiYbr3y9kD1jpc3k6916XlxzbxwxuXlJmSfp8royvJCf87X7o90pQ1djdW5H7dyQPXRdtVBsYRYiRYAuf4jB+VPujIPLl4SKbUV6S7hSprTrtWXyaLEeKnQTiJIQ6hFOwPpkotDb/77P/+rtB1ZYCB2CjyPWenB0+s/NlDohV5AwPXGCMqBrtQ7TqYn+pJR2T2arjDIKmoLgcjkMGgV96kmh9Th+o5+bO6PvSnLbiGPMfL+7drMJbj+x1be2mUwOkyWCeqq+SokKqjJKaqMxKTaV9/pa84NMeg2Z9INOCZ5kSNIzrD29Tgw0aLDRhfso0iiRZaONdys9vfQVSt/CKKm0E5H1mN7dQSKxXrBNOGE7sSj//v0/fHuD7k2WsaYBo84FzP0BGhwLJa4p0iNq5Tk7CItlyOuTc3F377+j+6xJ4xIJincMXashkNx1j4OiKnd3sAscu07u8HuLOF2PefurFJkJeyerSjaRshz2/x/wQn87+3oxQ06Mbbhn9vUJGMauPAbtmkUPVhkl5dpOJBVFwRwgWMDA2IzwKZyqpvznYy9yq83VY20amd1bHq8Vqkg6efoa+P+UyP5kiMxyltVF0IxjsGrPafradVrDBbHG6qbdDqN6d5gEhHqa4936imlS3zAAg3CEvkKQepy5rQ6hOf6uhxdG3zHX4mBWNFygqMJiYW10+tiBef2RgVEH3ttHdmwns32hKy2QaPYx3JbZxTXs94eHjXaloGD1nE1qMt6I0fe2ycxfHhDtbvJ0dNK23r6R68xPK0riBrMTQkmUrVrfii825nQsZjMA7zKttzzfoc5woju8W3M6h+aN4YWeNxOJa3LgEnp4ZdYZyLW8k3cjxTo4Z4YMGI9rf517f4oao85N08Mmg20PczNF0yINazgXVbbHE/z1SSG4BFtH0X0og7wBlSr59l0xzVGbXzfDDRfVgc+pJT3g7pu+NYR2+7cPJ6quYX9m2OPTtNxkSK8bbhtPed1Uqly08Nva/aBypX4Lam0eLfjmyWeifuaiFCdvYawx7YIovDpckc0vmAkAOL0BWFVguh81a4GxwMQzZR4P8xhyDfhUfrerVCPBb8lmtCnLm5RLfdFzXowgsWCHyWEYEO1Vd5augkTHC/NU9ppWfQYMiX0i8TkaQQdTf2H7aheqXY0cYxSzeM0RmD3Ps6lHIPwKR5kXmu7cVfd1efW11WzGTdNT0nZ0z0zTEg+pFvm8V0yT8Ed80iumEdwwzy0C+aO7peHdb303PTdLpdh+30dV8sTcbP0HLFu98qwEVvHrfI4LpUBA9TDlTJ8lNZyoTyK+6T3pfgAt8mw8bpvd8kTd5X0nIBOF8mwQV/DNfIobpFN2X3ruULm+SQ9LNQpz6mJG0nGqNVpaMoQgiKZ5SvCkcO8QwNQUQe1LiFgF/StCVRFxzy0titVljMuWEkD7JKdaJYmcwvhAzqWqkinpWH9nJcLrTUgPVOAM6Zs7GB6xvuzN6+9nTZJxBRf+neYnvFySm+M4nhJj/79LgadtoKODjcxdR9MbXrSdJIRx6jYTaVtYJOazEnD3WZZ5Ia31xCB9a/hRQBSn6K6aOeMFfhxruRRucjJu6Kj+zsiZGpvdoj6oO1X2SUk+k5BLCIS+2qWUiqhwyg10hg2iMk3TkpcYdo+hxQ0RHsJRZhjLK1TJXTTjFl0AHGU8WoRTfNLdWCwjmkrhjRypeympYPCkePQUBgtanzB6AcL/LK0o02nkM0+vkzBSLoE6Y7EAWX0oxEt9LZR9BdPR/yIF1QwuU/1STUvzi/iZZE6043Y+aaXOzXl250nZyww+yFk2UPMrrYzEvsyENp6GWvAZ4srtj8nkkf9DQ2uagUgRGSVYPHfl+A9oGTzUDsoWXuOdiZMXwaY+SAgIFHEmTbklTGjbmcKwJkL2HLFJ85fpDjnnivdoPMTkgauKHXaMwYwJT3Ccm/uA9j74D9BY7cy9Br6JegKpBDyiwStNN/C12uiW2j0EIXXXZpbfznoIyfScXnOTuA39hc4cBAtOWvHycXX4BnNWKzAydM5IuEwz9i+reV7x5Pc8kTDm+h9bj3s1TbSy7ZWxSb/u/axBjuqfNzGpoPBjYP4dIhnz10o+TkDxtydUqfBWrYWsmwN+stDrfaCSO5QCmskrxoXTpMKJgoxzG2SHEEP6A8mPbwLuKqWS64nhIWfl0ol2ODffjuowUiU2MURC8+4CO+oBBPIGFVAsYltJHdueWHoHXcih99xJ2KCx52IGB4h+S1ilkcP1GBAolSoC7tGfyCB4v0smrsQtWySYdGZJTXDWcF4Ho7Oq+WWZ0Yeh1DkVPMnZA7MUOLSLRiGhXNEs6GnCAGEmoxe9es8gzsxtcHAv9ySkaaGjsAgOEyYq9E6i5vVyVVzSxCwK0YwaXYx+85KY9MD6LFqbLX95SAMj1/hf2Lz4yEbyMNAuYmV2Y8oM8zLoglzgjCRqPCBElouYWaMRu5HEqhJWa2Dv9rb+7Vz/IyThVINiecgvUV8EIJb8i2TOu4goiCQeMNVCGbLrVJwbfUOD463iRgIAJ3Bthl0sVYgw/U3Y40p9emIpB70r5sbh2HE4pgRSp9oZnHnI5danOtCy8QOLe5VLcmqbLANRRH6qSdHPwpdr/EJa/2w/qiXfJhVSeA9H0znzCEXXJNLZ4v3dA0NmFhoq7/qpGNmHGpSkcoMM/c1Ko5PZ222xmAs6t9Bnarfs0WlXfuXVVJdA7UrJNZCYi0k1k+MxJosHSGxDncPipBYC4m1kFgLibWQWAuJtZBY6yEXEutKeXYk1vhWn8QRfmvhtxZ+a+G3Fn7rZhF+a+G3Fn7rAa8Sfmvht25pk/BbC7+18Ftvlt+awkU/5MoeCCgh/U+pQ6e+iiNuQR+5bGDNmwA11wb824QuUxOJbwQYMZn7soObNZvY7ZRG2ydqj+WznWj7OL1RJrfadNvvpxP4K1DNX+CV89xmDACvI1AZ7bD5TwkFlT5bFyMwfTK9WOs7UmX8hfhzqdmBB6g7gQeol60P9DjXhALd1wShQBcKdKFAFwr0L0D2CQX6OqJSKNB1EQp029xfJAV6y5PDKMvbVeG4+vOWZ97PSQ8PjInwoQsfuvChCx+6KcKg+8tm0BUWD2HxEBaP58Ti4UC5Cp+H8HkIn4fweQifh29+hM9D+DyEz0P4PNwifB7C5/GL5PMQagl/EWoJX1eFWkKoJYRaol+bhFqiUp6CZ0CoJYRaIhJqCaGWEGoJKEItIdQSrUWoJYRaQqglKkWoJYRaQqglhFpCqCWEWmL4iAi1RCTUEtEXQC1hYMO6un9gHjQToskaOOTVzok367nZ6lY8Cv+LzXsTzWhhcUTNTQo4j4Pebwq+o6i91qujLu/2VE3iWZEoG02jPt8V5+ctLAvW2lMHzG1p3qJPRzjXGBcakRvwRG0XZeQmNNHrJu1pNVcicIqB6/Zt5H6bMPxJstSeO0SU3qGDdlVW4NugwnY5qp6CGSEhzbXjDcYY7DzYKG0t10saUmFQm295rlNUK1OxTNrTuvsDMV2tZmrlwW6mDU71gncWNXjIsaNAUWZawCEy09cxQ6yxY+4Dg8Os22FC87trfynWFXEBNVSxWScI4wXr1fQOtOlWYNZqpSYsFxYGdHh8lQO6iFpIqBuql8GSq2qpLv5ldLlK1IuXEO2KUMk9B1YjEd5pcEuluxXZshVEou/wnnI9WhtBqWYA68ZqeMtKSP0JTcU4B9dVSbcZGE3ssjyg2e0kOba+HTd/udSALEaQZ6C5whtRLVbGoNqneQGG4DTgKYNZNf2h8X738fRMq8V4JYFyhw70P34PNAbrz4BHj2gZf1Yg7IUPLd8djZN9VgBGNDZnR9MCrd2u9oTDAZuOkw6tRHb3FV44wXbMR3z5NlI2z26PffcOHC8jU+sI8cMd3BDjboQZL/KyNGcomyf7Wq/ZQa6R83QMKJ1OepXVI1obYXN4LlbT6EWpbNQRep0YVNRW8ZLCP5LzbApLCsFRICRfbQ48krLZIi/U6m31OnZMVkh7j6PW1BBKXvfpat1auA+LSmi9hNZLaL2E1ktovYTWS2i9hNZLaL02QevVttNNQvIA3iHPYFGbDiu4Posiy9EoVJKg0sz74H8SIi0h0noCRFrPkbvuyTH+Ne+71FCV+TjDpYu3eoNklV6p9C+ustKynyqfNUZMM6Gdq35S/sA6RGh35T7TlQpZmZCVCVmZkJUJWVkXWZlbhe7frBeHGQTXMelViM7MkJdp+it9I6M3Jiub1k69B5YzeA+2V5jNhNlMmM027R4O0JcF3Gt3p+HaCksK3y3Nb3TWmaNBOyF0M1j2Gh9O7Qf9DwtRiC6/tCUmO4baM8CNTFzAVXs+7WCMqn5Lex2OYNQ30XzgODixVTX5f5pq7/El/8sMCr+E/7XRl/Aee2H7o1/zMiogEmQn+pSmBGtL2p7RyFSd7w69047RLjdZSVHCvhRn2MCv9fpxXe7Fao7X0HBT7esPx7q0rIrfRPv+tYCSkc9MFFCmWq7Nt3l+E72f041/lb3NJYlotvAG/ypKrBbXNrb5BqA2/e85Q+IWCKamJZ/itsPASOCGvoaQSW2NEeowNMa/qXRYtvfuvdfwEDQnd8nqFbNknlzaa8xgqLd6T3DUSK1Rms+SeqmGbP6VcyT1e0vktA6MtWJYBUK4+PiEi9ChfLXcv1DtXWcET5zfU+dpDwJ3CyuBkIdPT7nwsGkBjfZqI8nFkkWPzQ9GTQESinUuMQbJuUQGkK7GngOf8t8dZ+mgrh+RTP7r/ru3Vk/RIOWmTSy5T74/+Oabb/7Ak+BdGRa/cMlQ6mbMyD8Javs7sFajP+xEX+99/c0ORMH+IUpm0cezA0+VIGW24cF4T/3vD2d7f3i9t6f+9/9st6+O9hjBgOEljJzCyNnaVGHkrI+IMHIKI6cwcgojZ+j1wsgpjJy1aRBGTi4djJwpBe235lj25OO01WiLtdRBjNQ3jODgh4BVaH6VJtPllY3oaKkZVsoV2InOj00qlTHm8/F4Vbh+0Gmm9NXb8dRctKjxTucTcDs42vG6rJ6z5PPR/PtpdnkVAFd4qsxl72zjIXEII1bA7suBWGqOCHYX9K2zOMxIXylFC7KelzaMFAwgvzNVF3d54OamWkoNA+AQV3HsQUp0dDp+W7snQP5k0yC83BSywV0L6MWqXKFLhhUsvUy0CW1X00sQLeC1SZgGC3ciZ7WEe0jOP6V3UJj8NHoB4Fmw5FiSumP5csez/lGsJdOb5DakxHLEF17Gcz/QF0REXs7GACCTSL+DJEOo/e6i0GY5caOB/+Gzw8VZ5Zpbm3Lta0255pKW2fsbyoW3vIRfI7VXSA9x7ne1qy/cZQD8JEfpjjs70EZECaH5B1Yym1J7Dqx2ZAXrl/hyaHXBdCedm59du50Fbih0P4YYvu6HoUxYmNueEhZmYWF+due5e/UuLMzVkfFTiwoLsy7CwlwpwsLc1vLnL/uEhVlYmIWFWViY12ZhjvZ5WhyNu2Kd4BGnaZJDV4cTIW4W4mYhbhbiZiFudosQN7d3WIibhbhZFyFu7hM7IsTNXY0X4mYhbhbiZiFuFuJmfxHi5tYixM1C3CzEzULcLMTNQtzcLELcrIsQNwc7K8TNQtxcLULcLMTNQtwsxM1C3AzliVj8QtwsxM1C3CzEzW4R4uZ7Im6GWC3G990kd3O1WpO0All/YCMaBcfFz0uWEOa1dNJTDBCiiSpkizvweqVmQNKugaDRNjruqyr5qWogJDUbqGS1ZPaoKRCfc2seQgXnAsCW0hA/VC3Kfk8jEt7JaBN27WfOrg09+QnIAtSmWKq1uOF59FR9x+m8SbIlM8FgeO41viEkyAglc4JtsDiZPWaZqzYTzTWsOdNCdS5U51XEOqE6F6pzoTr3PyJU59UiVOeRUJ1HQnUuVOeZUJ0L1blQnQvV+bDhFarztWdAqM6F6vw+qc6bh7v3MWFEF0Z07+gLI7owogsjevUrYUQXRnRhRB/AiG6wZQwhuv3kWfGhx3G85QTOglMfsC7mCNmtI0+uX21hSFt0gBG/J9y9Q7pHB8npAqk0AETGabGMCbG0gOqyOYxnPE5i8Ji8hp2WxeWtUnBnu/Q3eKzmlzH8kGowilCsNKcRiMPzVQZwvdg83fjrvdGrb0dAZ+6CULDbdPQ55u5oD/Nr1ye/pYmEebES/u34Kh1/Kkf1KrY0igHx5lrfu4H2jv6SnivD+RN+ekN/6wVAJwqlmNtFwW46d/tRg3BIuIqYn6o9RJFh7kA6DyxwKewyxa9ug2n4SQqXQrwAzIqNo+tXzp+aW/myyFeL140h5cHTA84YGfrfcW2cOUBSK49/xpE+gJHGL+H26ceWB95mDNW5mK6KZOqdLZqIK2WCHNs2xdHsamz/4oeADGqaFL5qtmDX5rD9TZQcROteO+MUV7BM8MLnAC7B5+adNQd6HWzOh+RMQFE89HWubMTc499suWvkXfOLLmbx4+Yxygr+VLUnVxs7L7wNIZGSfl4gq8+76iFGzXnj/7KTkf2ALQxjE7UgvTebw03/s2dsDnxfNZsyAWMHlq4r3jW3eDJVRs83tGjWIBevHJrNVR2mGnfXNnnUXGjqQ6fZqCuh88DwB6az/JrYsdipQtgNn5fIpQfMeEJdbopQlwt1+XOjLm/gIenoJBIbEcoNBhev1PJlM5Q752GzDy2QtF1QtB0QtN1m0v78VkN11mkD0AuvuSMgWpzhfLfdk33bHtUO7Z7nRdvajNjW2HP6JG0O8UAITXAJnwKe6WrRGv3Yg/5d94M4N5Slx+lGJn7XhA1S9JuHbp3tdk/tTMsNtyTOQUjXLq085y2eRTNLZ/1gK/3EnM1qvMBS7qLwBm9QcQMPQ/mUPgqLs9rFHdxTIKytDsrZocugCwbBdoIFXI3FWmSed5CTQjNR88Y38t8Y8KbzNFVqDUzgNqhCeFKPufRiX7kYVOQ1mGbXsLhWS1gsUIcTgDAUJLQrr/Ru+aQddyEd+aP9bq4eIl/08fJEHzM/9IHzQh8wH/Sh8kDXzP98mLzPjs3ZnufZb18Oyet85HzOjpFoz9/sNxJD8jUfNk+zR8cDeZn9ez8oD/NB8y87b+t75FsOw3bddH7lE82r7BjY1jzKfoM5IG/yQfMl14WNH8ix2e+GuUaKrtYZ3XxbzkzkLGVbmo0JT7fSz2kxznxEVsJI7i3CSC6M5MJILozkwbcII/mg9gkjuTCS2zJEWzIX0Qd98428E/6xWY0dB6ujVKK9OWDKsEl7qtWpB+wKruYbmKaPSJNxKqbQ6dk5OiHA1eOpG5ONk2n0/kQZEaN0xJaEp5mYw7jcsQnZQF06b3Wr98ueatk3zYGsHqmIo+FkId0y2wg5rJjphgEPvC+wLiJIXTZe9xFTumo31cR5yZV6EkPQeEteZtctqUWc/lRJqdMJSeDS1/ev4en0+72DUiuce9ADrbI7iyAM+HCnLIS7ty8cOB+KiG9dKutFy6uuHOH6b721a55hG8t69QizyhNrJ8DCfVyRjilCppLqSlksnmsSb65j4Ob1ntM9naZJvqfke0q+p6dIvqfke0q+Z/8ZkHxPyfe8z3zPB0vkrIYQdyhg9VSkRiD3GJDanEyXWSvYoRuo1/g6nM6i9GwIKX8d7bX00x/KVo/dHtjXrj5yjzxdfcA+Dk7Lfd/4gfXUY/ywJ2fX00XO4r2f1F0nMKpkSuk7hqPpakz4ppllT6CiSU9omXEONj1PVQ99K92NyqQMjWicFeMVYRTqUD26/GiO7b0sE8pI60wapqegzTfVXOg6iJobrNax12HIb8Al6ZOKrcZYj+vTpnAbltx2AScwfaKz25yPfOltNp9scFYMW4pcUz3hpWn8c05H5VddqS5gEdrIUmUwjZnqg7W5lkSkSnMMpbP+IVSqOj5bVBq2f5lWGmXI1SUZ6MtKBiLBLclAXR2EIslAkgwkyUCSDCTJQE6RZCBdnlQyEJEC5nCPovMeDOw546DT617twYJcLf2xS6qS23yl3lheocMkKwmSGYWfUiCV7NhBd5wJHDDuRoql35M8JclTao6n5ClJnpLkKTlF8pQiyVPqPRKSpyR5SpKnJHlKkqdU/0bylLxF8pQkT0nylCRPKfgWyVMa1D7JU5I8JVskT0nylCRPySmSp/Sk85QcKXQC/rl1BNCAu79qUJ7vyq9ywVe693ueN4P3mBzKaHCjg1HVu/2x0ic4AJJPKdCzpkofQh8GWNOV0CLfyn9zOYq2//ZN/N1/bKspQe0KiB9ZeLpdNdF+3FUTlu5bFC+Sl9DeIkVZaTbrN76gqRdKwPgY+16c1+rAK9XvPFU0bWNgMy/UZP6//+dvf9uL//Af/1dM//k///E/WtaNZ+1LgpskuEmCmyS4SYKbv1WS4OYpkuDmG2dJcJMEN0lwkwQ3SXCTBDdJcJMEt196gttTTN96Yhluj5lN9gTTEXUumyZ2Wy+V7S7Za87+rVhVkngmiWeSeCaJZ5J4Joln95x4dtyohTqPMlsnZ81Yj0HvM5xnrcezW5a58SEq8cY/cTQgGFz1hFIfygX4IZSkO6Zb5vlXQCJe5mNMUPNVfVXkq0u4Of87bLvRB86jOjr8O3nD2hKqXKUjXZqMiUqSVcLJdHhzTulRoP77PRe8s74q66ld4LS+dW8VtHISvcC4hQn55wwbtu++LoabGDAxow/TZJ7iS1RtyRQPw7vWzTNyX0231WspazU8U6N3mg4px7CUFENJMZQUQ7dIiqGkGNoiKYa6SIqhpBhKiqGkGEqKoaQYSoqhpBhKimHtW0kxlBRDSTE07ZUUw0hSDCXFUFIMa0VSDCXF0BZJMfR8JymGkmIoKYZR65KXFENJMTRFUgxrRVIM1+2wpBj6B1ZSDE2RFENJMZQUwxZ7p3m4DzaLJBNRMhElEzHUK8lElEzEoZmIJrTdJCLaT8J5iHEcbznhmBCamX5Wxx2683U8x/WrLQzMig6UKZnPTri+Q7A68SjYcpNAMLUlcUznsTIYY2UhqIYVUF02hw7E4yQGs+21Ov4WWVzeqlN2tkt/g908v4zhh1SD2Zux2tMjcMOfrzKgecHm6cZf741efTuC5TR17mzYazH6HHN3dDjva/1VrF66pZPZeCks8nxajuq/3dIJLJSoZcNz+Prt9nX0l/Rcqe0kM2/obz3ulB+kzPaL7NKuFPYSuEuHWoJjwVXE/FTtIQqUckfQeWCBOX67nFOm22AafpJCyAnPvFkbcXT9yvlTJ/ZdFvlq8boxljxqeqRhCPLCOAfi2gBzfJ92gXxQQ4yfwpb8sf7NW/UhfruYropkWp0YGnOQR8f29XHEaYtgh6+mSVH5zRbkJuawgUxwGEisa6f/A1NyncbihawySviE5QFsJoHqx7bceT6pftiVguq+lt0dOub3DG980OTe/ZBiPsgu5nVAF+EfJ6s5/vd7ZDMyayVdjlubvLhKympS8Qfnk67G/mhuzEwQt81KoXsVPJbqS6KZxauD3OlfXFmlXT9VPmu0rJuM8RtaPRsiY8QJCuax4lIW+kXJgpUsWMmC9Qp4iN+t7DbO6rBXCs7D1RH6olNigY1PTdxhPoNIiI5efF952NiIbAdwVdGEv245jtxiLw2S5VI9ibmOA25x1rIIcLBOIK3wFFw+k7XiSd6RzeUYjSVVhkcTRYRjjtn0lnPOJsZihHSmZA6OL+q/z5TmxEef98nNSNyLXtRr9bExmuxI0G3KHHUHNaqeyvG4US9uXqeGbdCQobkwCbGgiq4z2h8qNaA/EVae+kjJGePDPjos3VR3O8xuUiL8zqYhNl/levQhcJCCrt1f4XtgHFPML7JRNxxmXksjxoBS3SZQVL4qm028/zWvFea18rLNItdSU9v8o2p+bOuA4nGKJ1tacHIsnKMryJVVltENDKW5mvhnWuR4PYC0nzocKOhMGrgijZG5xmBg3rYazPwWg/d0VdAr8Fer/3BMqeoQ9dKzIluy2zAnde5bDuHrYjDp1Ys+4uF/l8yME6qI1QgQIcrChtS3ZKbm+gNpNXTdkrWlzbHIPzRjdMpDhFcPf9TvoMb63evdse2z5PPpqmi/c22Fc9ClC9ah/lxHgG7/aOszB8PA41imlAK6xwBdfbJCttxzZaoEIj+5Cbg3m5WGIpR/QuWWXwjR3+elstSXxh36Iv38OvoOkzrVDk4LCBVJMIKoR1NshA7U8mrv1y9DTUFJAS1hXXYPgqEw/MieX+oJT5q8Lfu15mON0/Fqiicw6tlOJ9R5UOQrktOrRajeTjGnyxu6NnutwyBI+GHafx59s/drjtJUG533yWnqzHcybU2whbJauHevNtKiqG7bEjA0Ss5gNikceJcRqNyum3xKae/QSjOFkxznJf08hlvxV6orzoEQqNYeFe8xpmzqLAvMysXIzU+c098cmEDVZshgYNhpv6NsqJJi+annbTc4BXlwAtWrX8Ol5pLhwbTdx4MMRxpHlNUGo8e+GwivYsfS3QxftOxbOZu+Mfj3I9AGLOZ+Am19YTQJhAnQQPpFJZ6JnUKyYkHcXZjBll5DmEEfoZ7f+TdPH0kXqJ1kIAudiiBLNKrMzp1abuTNRW5vBuGn1DyPmLeiKVB3VVz7doljzCE+EgHYhJrbIrsoorZl+Dcsuzryh9ojW/oJFx3VYhXzkQaDnJLNhzpruVpAWAe6fVhtz9pGbruip263jQfvJRjSHortuhnGy34IPwbBhz49r17KsoA1/gFySwy1NfwOOm9z2rPpIS4sKSbcWQeW6ZHy5PXr17RGGje13ocGpLhB2fDZu2/byImeq7lBZppgphk5uiFdrUSAWp2u4zi5QeXBCNKQ6FWiVMlCuP7GO4Ul3s4AhBvUipplkapuqdlxwrvMCgAt4VYj1AVe849VWtySHFQ1Wlci+t4xjB1PjVk+yS4wCJn9M6EDr7bM/GgDEBQZX66yiVpKdlBba+1MnYx0fE3q9yTr0n+uf3Dq48nWGFowPBfZ5x1wVhiHGI6XOsrUHOmmqGlXO+ofraooFHRhvz9++9fo6HusB99HzrMrzktB7V474EJDf3RRC8iFBu5YV7laMqtibtHw+HZESzM1yYQkET5bbQJZtEjKEgLRUZfS6WmqsmRa5uQ/5fw83gU0HOoMuVDjF1bOUutypIphNHCg4cUIP0Uuy0JZ9+hMrI5eKMMZFjsHcavdO8frTT2PU7wC0LcK1FITikgQEp9SmxAasjSps+zepPXhR21rnT8nkY+DgPXamtAEoH+s3HHegBMQeMfx+zNeB2o+vt37g7JQGBtsJ8p4LaQZx27hY1/vvYoO2P+uNP7v9vZoOinYOfAquqnTMJROBL5ZCNiHMUod1sIvQH3XSYhoNkLQ2HIJ69gEQuOyDUlPEmQgIW+jF3rbQobYBV0RcdXcpNS88AR+Ee/jU1dqSNLiZXjG9inaTLvzIi0tOtyuttzzoaz2z2yRE0hNqB+Na35XAik9fT42Aefqy8ucvfLVEICkcvPf3usep/I0kOcO5ZEVgXeU5s6X2+rcLx20kaoNXpLUyIvLBG778Tkdm/TPkPh4gRFCdDBjRttLc/qq99/yrYpOdsNrG76goCQhE6YWsmuodozm2uihPg0l8/c6z9sxx6D0nyrckRq/gsWOAQc0YWuj6Ki0Uh6VHgI3VdNrIiWUBJourwCoNiR7cjxodVw+HDMY9grohHTc4vUGxiG4Et2GpSQL0JYLMNuxgaHpU/JArQPIcZ/ejoz0UT+eJUUGImmu9j6coXClauBarVTg9Yh3FJwlHvRJ6yDL0FrpjKRwy9CFpe8r1bJmWLfnJNY68OSgDFvZhCvnBmXQJ7zCU2W10iFb3QEjZcpQipVtUrsZD6WKvAEv2p6Q2b5tq6C0E/sFRzcoUZjPEYehGoYVWhfHOTlm9IUweZysFoY+JiUfJ3Q5bHsRW93MRH/RrF+0IrNAWSJYiH6dVok5DS20xt7xyCbR4fHpz2/3//Tm7aPtDgv296y2RX6jROCJxv0LHOT9N8dbjqjREzpJFyQIde4BB/+Bzr3/9q15jhVBDMiBq5Xg1UkK0YcAsKwhZjnuSK+eS2Wag1t6DOcwpMyMjIqvYXnhhIBgdEJ7dk7tkP2CGb4E41vcGgxXbDO+muPfcvrcqVMHuboZJjz57JEG72OHYVbgjuZFPMsxkCShAFDsCycrmwSWJ7MSO5GkhuB9va+sWQuEk84RyR42LYRWZIRvqRYJIpvz8YXA3mrVh/3YkVmk+/ppvW60OOflijaxlYGJjs/DNQ9AzEHRh7eAOjqepKrOXi3YmnEqZzz+9sr6oOpB6ULetuVuGNy29MQJU+MxzcefcIYPYX8PbWLH0oECcgDzWvePDw2sNbzQ+Dm2IQ3qEq+zdCO2Cf9Y2Q0Fpfl3vsZWa7csiywbMavsl5gOTPIurtQSnaLs6Ky/AtbKW7JrFsAxkPaCIq1YtyxMYxamajh2f2WHKJ7wGHW+HDThK6WPo+5dFdCYuas2QUIqgM4HYHRzJYNS2NVj1rTsyyP98u6uu/eGF6EMa1vONHGHbgqAK8Ghr8ReOilB34IJ3YaL0FlWuhsDpz6M9QcFwSluMqX/fPv119GLj3O1hQHKHT3Db9RqWN6+dGL+yYnYb7Od57mSyuFZsYfFoF1mtlANNhhPPxOdr4+kzkEI5Vyu27N2CPGWPvWQHENgxW15ZIBxW3rL4LADgMrQsRsCRG7L5gGUA4jktvQeqVYoaVuGDtQAeGlb7mGcWnGmbek5TF3QnlBiRycJPgYLPfhAh98mhjnrdFcG/WNQhoBA1itvh0HteHkzYUSXYTDwFQIYHTpxniqjK8uLGjHMI11pQ1cR670VRaKPtqsOiiXESiw2Ydf+SVfmZRhSaisCZsGVNGdQqC+TRYnxUqGdhIpFyRxf6AxMXYSw//7P/yptRxYYkZ0CUlRWztoFQz9LgF6oTKmwEBsmwg50pd5xMj0xGQlxWWcn6BI74OS/ymHQKu5TDS+lwWAd/djcH3tpjtxCHmNEDtq1uNhw/Y+tvLXLYHQIRFwgOdvAQN0mp6gyEhZbX32nrzk3xKDbnEk34JjspFtqbV+PA/NhaJjc8niUTG55THomtzwwVZNblg9H2+SWh6JwcsuadE5ueRhqp8r89BcQfey1dWTDejbbE7LaBo1iH8ttnVFcz3p7aEoptwwctI6rQV3WG7lBFFRueVA6KrcMGL1eNFVuGT6G90Vf5ZYnSmXllgGT0sMvsc5ErOWbeGAaLLf0HrGeVv+6dn8UtcecmycGzQbaHubmCybEGlbwLqttjqf5ahJD8IiB36UXdVADoVo9z6YVplob3wcoCVodYIwhDRcdunXEtjs3j6dqbsfIOAw9Ok3HRYpYTuG29ZzXSaXKTQ+/rdkHilHit6TS4t2Ob5Z4Ju5rIkJ19hrCHtsiiCKiyx3RRIKRAIgzEiTt6sH/0Gs8Kmgjm/AoVRBJ9FhUgUhcV1w990XNejCCxQJAJMSPRrXVcFCchAmOl+Yp7bQsegxZlUE76GjqP2xH9Uq1o4ljlGoepzGiFfZxLuUYhN/J/t32837umr6ums24aXpKyp7umWFC8iHdMo/vknkK7phHcsU8ghvmoV0wd3S/PKzrpeem73a5DNvv67hanoibpeeIdbtXho3YOm6Vx3GpDBigHq6U4aO0lgvlUdwnvS/FB7hNho3XfbtLnrirpOcEdLpIhg36Gq6RR3GLbMruW88VAkhzh4U65c/CfH+DkjFqdWpDiiAokhkgMePUEHkUA1Q4UdhoVpUQsAv61gSqomMeyTcCbyYwNUJQICUNsEt2kEHOQvhogD1OS8P6OS8XWmtAeqbZLONs7GB6xvuzN6+9nTZJxBRf+neYnvFySm+M4pjJCP9+F4POoiFuYuosMqKetAYoYi0cZRAaoi69UBEDoIhNTESXQ6HnmzMny021/Sq7hETfKYhFBLtczVJKJXTA0kcawwbB+cZAcQNqLdvnkIKGaC+hCHOMpXWqhG6aMYsOII4yXi2IrlXrmLZiSCNXym5aOigcOQ4NhdGixheMfrDAL0s72nQK2ezjyxSMpEuQ7gVRpzqA4fi2UfQXT0f8iBdUMLlP9Uk1L84v4mWROtONFKqmlzs15dudJ2csMPshZNlDzK62MxL7MhDaehnXaScgwQBjgM03NLiqFYAQkVWCxX9fgveAks1D7aBk7TnamTB9WUmcKBNIFHGmDbGwzajbmQJuqwK2XPGJ8xcpzrnnStduKkbSwBU1BuIsZJinpEdY7s19AHsf/CfEqeQOvYZ+CboCKYT8IhkTK0lzveg10S00eojC6y7Nrb8c9AGq67i8JnR+f4EDB9GSs3acXHwNntGMxQqcPD1o9UJhnrF9W8v3bbSi9omGN9H73HrM3sPJTjWqUeXjtalMHbBvInNw10KF2nRdvG+DvHXSD0z3rMIqZHG7DMfFC8Qhq9BReyakBlf9ktkPqujam4THNesMX9vRyT9VHtZaSIWptblLmq0N5SWsTyFLimoPFln/EAp9rC1CH1srQh+7boeFPtY/sEIfa4rQxwp9rNDHttDHPhgvLEdSvGs7oLpXzfeVGgxoWWk8e5Skj7a+mrwZUlXNx9lUH+GoAfmygEEAuHYy3gqbBl0rMVoUIHnozW0KZ4gU56TlmOrdaxaJ63baw8IFpdHpZf5JiS5Ogl9lqLTgkaiqvyySGYIskWW/KNI2+JrAeNStxm6joB5g0mYZVGv267lrGAywaZVx22UuHPNjDeCRtOavPCaP0oWfM2cJeKUIZriuBdEicN/jfh2O0zEHDWaJ5y6Cn9o7FYxRCty3A4up7/PjFDO6SoNKhPIZBPMkK8dKDhMKDAtdAGLOLpRysJoq4chYxDCOQGO2QkGAp22qTOPJhHBQlJ7U5jp5pbT9yznGV1Gm3yiKjiDuZTxdTdCxOr/VOYDMvETgsQxPBg6bqxwrGFGUiSZi2YlOahd8IFW+16E8WM+5Ml/Ab3QbqWMEsMgpLgYiTsAlN6UOtTT9a9X0Of2A+n2VThfcfDollBbFTs9kMrGqJzyHexiEh9oB9kVI5oa0A2b48AsC0ixoViC8AoY/afdyquWt9vqYrGU4QneibfTt40IxIR94/69sCxiYP23DmtqGizoYXR5T+rAC1KXrVl+GlLK8dNF4IKTEAFdPqiukpZZvYHgd1cAiq6ph+hOvRlJEYYR4wfIdDx3hTTBW9xnw8eFvd3hlAYAqUGdFVwBfDRNEOq4aKSVbJxmmrmqQ7atksUjb9LVvKcmS161ZaWpNqNMA4CxgxOHGcgoqOH40suSEMGaJ/hwiEBcmROzjyduRJQhQAnSyAlid2Xl2qQ6HdpWbYeKr5wSjNaM2oupGzkN+m7MS4V6FgVw1bs8YBT7fBCHp7Y6FkV4pzbC1HVrnr0Xr8W7j/GDYPQWAJl23K1nfjaK/mAWmjmLAFNShQMvKAtECTf3XlUkoWCAtGTfJDoOeleb6qkXZokJYwmodqdbO4WoqB35ZYt9ULz9URuqS8HiBJQDEH72bkLnB+jHRXmCHYvvwpGEiFr5+bQsWP7JRgdofwi3e4ehXnXI9vbVXgjD2hPpJryMHCwZ7XeRj/EbNiDpkChv84B/9SjDfKXneLEoauTwnGvGF7lCYq94NibhanaMFYe/JId5h93yan+8yZFb8avTqd7umLreq3etXuyi/Rpf5r95+98030TqutO5w07sGmnZabp3BpX3Nt4cJKH3MUNLHDSJ98PDRBw0cfbiQ0bWDRR8qTLRzy4ZCQ/vu1mHhoI8eCNo5JqHgz75jMizg86FDPXsNQTC8c8g4DAzpfOBgzh7XAL0COHs7rO8taPPJhmt2DnEgRLPvsA4Ky3zggMyO/ncEYQ4Lv2z3kurYgh8MGHqH3+l94weGSxvsi2UFVp2f9bSfI4NCWDhODMBvv23pUgtp85XSrdfiaoYfWrDssnJ/g7U6IXoc1tRy+/hmpIxMzsjciU6IsHEnOgOoyDleaO6gq1XpE+lyPMiliYEXa4VxUMiGCeHwxmJE+57eGBbgymUhVWcuvTFmElBUEaBZpykShLCnzm10rXqcLOsHf/QkitZjp1cu+gGKdEyMaybcxh03+sEm2+qQRPacSz+lc41qz+WebHI3L5PiMjWkOzaKFcm9fctYM2DbkOoGq59bPSj+4A4ql+BBMJGUfgT4SmCver9RuV/t7f3aCTkaJ+qsVmcUs2vBbTMR5fjkirfXulnMm4q3bKBY36ZL5z32rtf+1ttsTOomJ9l1apmiWknp1l0k3jOg8SGt1teEakufqEMc7rzcj1bn5tJRLzOMrrRrDqwrvRLRXo9GaHDpxW8fxCu8+qN0zVh7mK+To3/9ewtRHh32GPTVHeTT1UyHRsU10cXctXSWlBneImgmjWoQHL/t/yvzOTfHMLLpX0BtqjUzHX+I+ny0f6mdYDSshpiz1hbnXVZ8jiG3oPlq/0jQ+06qHzaEfOC1HJWkHQ3OQbLLx8wuBtSD2gj/4CNnlw4ZM3nqsGltMp5wlfZ+cD7pamwzVFW1s8zHGR4DFtU5OG+44nRsJf3ruoILSu2qYoU2WjZxMCYMrSf98vpVMlX9JIWCXJp6C+SLdL7/4einb04rH4eksDtBLCXpxyashyXKAnkEMaDG9Xk2YPjRd2kRnw3UPsdUEJKgxdx3TiS/K7DNARg+WGAUPEHJPBMQiUqd1DdqVXqRoLuDuMlKx8+m/omnb34JPE26buNiYrUSxQW4QdCV5btfhnOhSNEhApHtpj6KxKi3457tIiNsPQK9odQ1/S3h6dEXKYkmwiL3npkFfRWPNx4OAaalv7Aqbtv8wGiq4dFQHCYNQYkavmy+MjyG6nCZwfUosyv58Dg62VeOAiFuj+QdapktP4lsW+h3A7S3NfBbPelNAbhL1HcQn+WOuCwafcWnInnwWII4LN0BLQxY0tGLGrqJtkw5uaYKrlK2HUdusbG9yXKpnkTeowGhEj1Ik31meS1sfh3D4F02r3HVl1QZHk0cawD3d3CzyLZaU3Wm/vsVbTT/fEZDhaM9elGv1SLZOHGnlhhcvTRH3cEfsYLHjXrxyw3aYjavEeiL1vIcVGpAY8Ob0Fj6DacheY298hnLQEJj2cxoTCqG2Fdls4n3v+Z7Gu/e4T82i7zBBV9Zja9CNm5CYVSU6zdR06jav8rKK7VUlzcwlCaC+J9pkaNjo4NudP0VKaTpQpruLUKa/iWQpgvN7i+bZleoPjKh+hCqj44XPCWqDwfvVUg/hPRDSD+E9ENIP3zzI6QfQvohpB9C+uEWIf0Q0o9fJOmH8E/4i/BP+Loq/BPCPyH8E/3aJPwTlfIUPAPCPyH8E5HwTwj/hPBPQBH+CeGfaC3CPyH8E8I/USnCPyH8E0vhnxD+CeGfEP6JwSMi/BPt9Qv/hPBPCP+EKcI/IfwTtSL8E8I/EQn/hH+chX9C+CeEf0L4J+q9Fv6JHuMh/BPCPyH8E8I/IfwTwj8h/BPCPyH8E9Ui/BPVIvwTwj8h/BPCP1Evwj8h/BNOEf4J4Z8Q/gnhnxD+CeGfEP4J4Z8Q/omN809w0BHXVOcoaEbmEb9A9VddnAn13WPu+g1Y321DQrY0yMs3cUjV8GeLIssxvEGt8EoD3ckX5ovBzBdPiankCbFwaMKNc9VDgj5Yh29jHYoNXZFwYggnhnBiCCdGpQgnhpsKJJwYXzQnhs3Y1El2GDoxxWsjTq9ynPpoLC+1ywFiPxK4AtCY0auwm0RYN4R1Q1g3hHVDWDcoMkxYN1qKsG74irBuCOtGy9AI64awbnAR1o1w44V1Q1g3hHVDWDeEdcNfhHWjtQjrhrBuCOuGsG4I64awbjSLsG7oIqwbwc4K64awblSLsG4I64awbgjrhrBuQHkiFr+wbgjrhrBuCOuGW4R1455YNwDBnXMbNkm8Ua3WhApf5TcR2Ii1HE/GlVlCmNeSgAcBWB6fguoiQ5nBFnfg9UrNWCoL5ILMVmuj476qItcjpNK+TRBRS2aPmgLxObfmIVRwVAcyQPcMLaRKbN2ejmG9k9Em1CjPnBoFevITZLOpTQFB2RueR0/Vd5zOmyTDpAxEM1JfXOMbQoKMmAQmKcWcj/rPMldtJpprWHOmhadGeGqWwlMjPDXCUyM8NYNHRHhq2usXnhrhqRGeGlOEp0Z4ampFeGqEpyYSnhr/OAtPjfDUfDE8Nc3D3fuY0NlEQmcjdDZCZyN0NkJnI3Q2QmcjdDa+InQ2QmcjdDaVInQ2QmcjdDZCZyN0NkJnI3Q2QmcjdDZCZyN0NkJnUxkZobMROptfKJ3NsljV2GzsJ49OZgPOeccZAY4JwIGdl6hIsDZy/WoLTY/oALPhtX/7kHJM1JNbLshwA1x3nBZLdRbOVd8LqC6bwxjF4ySGCKDXsI6yuLxVsnu2S3/DCa5Obvgh1WCOo1gdYyM4Ys9X2XRC9enI0Oh6b/Tq2xEw0rgArXwsjNTRTN3R9z+v3XjVLU0zYkKF67/b0rCeRKth1Ut0DaWXt6+jv6TnV3n+CT+9ob/1TBKbA2EuOrNLTixXwFArcBy4ipifqj1EKr87es4DC5z/XWYA0W0wDT9JQUXiWTdLL46uXzl/aroV9LS+bowjj5geZQaN1f+Oa4PL1mslIQpisH90PwXwdfxmMV0VydROBo3zVV4gZIp5xYwi0sEXCfcS5vkt2EY57Edj0oCyc+30dyCH0webucAjVGe5sakaW+5Efqh/3JOwqA9ZUZWf6B55iQZyAbWM0BrMP3HzcpUcUN7Xz1pfT4PAV7ijeZ1rC+p1Qo4dequ2hk1AF4U17wp4zVOUTNVwf0NLcw2iooo+4aQDLlsZi5ityPXaHzoNPDOXEfqev0hn+TVdSHDwEOGdfgZ9C13gjk4l5EdCfiTkR8+T/Kg38VHftIYAVHe3UbRpaO6NQnKH7+w6ILj7eb7uDXL7XqC2B0JsdwBrDwPU7sHh0QMK6+4wWH2Q3brhrwbAkz0Q7NXjQl49NtzVI0BdPTDM1UNCXN0B3urhoK16bOQwpFX/PTwUyurRL1n74UL0B+kMg0AMhK16eMiqnoPRAVU1bEQGQ1Q9ODxVj1HpDUvVf2zuE47qyV7B9hrsIARV/wEeCD314LBT/RKVQnBTQ6Gm7kqWh7qwCatv4jZbLWo8zVeTGHzoJteSXtCKC7AumLM/nrPqJTpVcwP7Ka8BVPvb0jEvfdCz+w/n/aNlbxIluweBpne5fml8wnfIctowqvW9oVkPSHDyOA66h2PjaNVrolSHzfEuU/xuZniHpOkwv/sJmYcwux/P5H5Mc/uBTe0HNLMfysRe07x+GNO6Y3O2m9T99uUQU/qRzeiOkWg3n/uNxBCz+WFN5h4dD5jK/Xs/yER+UPO4Mz+/h1k8jBl20+bwEzWFOwa21QTuN5gDTN8HNXvXtR+GmbrdQL3do/jwwLwPCsh7D0C8gbkNYb32CJG+X2zXh8d0fTws18fCcH1w7NaHw2x9bKzWB8VofTxs1o1gsgZEVCsGa7d8ujvm6uaxVlt72oZO6sdUDaGWhjFU7whfOgS6tDds6WSiZFfpc/R0T/K+/jG5qfS+NXVC2KayRAELIHePou7pHueLyoZv8VyFEAT6webwcHFPrB/fxcXR0Zcgj77y63Dc5bWwAeinvXLszpzjPPBKKJtDfHtXfSEDQHAc6Z/zcgkK7o46fymu8uhD6+WOGsejuX7qXtDPuI3e7zaLa/bl4OCWvUBwBQBXAHAFANdTBABXAHAFALf/DAgArgDg3icA7vNFtnW9B+xnwrvNqI75uqTkwKkGf/WOURUO1ijxGvLW3kvPwNmttv85iHHOA9IYsJ6a4TiZ5peX6LhVtdG5So6NBR2VvvAjR5qzOsMCHXqLRxSfRhp2V+eLO/5jX2uSSma5EsEpYEayp+Ai+wxHzmqZI4Atugxyv8sItaEXuFu0Gqy0AIB8fEmbRocDaCheDkDKZylcm1/6wRUulKhO4GIfX31T5NpN48zJV3RBHdlj2kno8F4TV73qO+zuSsBNOweAQ3QK8YWM670zTlJfU0HM6nXFE3Cj1c6MAUiVvDrHrFSwHtQP1NyB5lTycvXUCj3b0bLKTNNKLZYFCAHrjXb7QyPhv1pbgKxDOAJ7rZAty3R6oRqK6rA6x3iqZwAsy4lCE/+y3Ie7AVx5sNHchZeP1bmqES3p0oi3lDnV37npytXC0jJBHMikpI1sIh70bmRnuZq/Xd5VlKTp773tsVoyanEuVsNClDaMSf1I4qpcjcfZfLysoVW3SCqLJFGFrhYRZZonIkpE1FMRUc8OJh4M6Y+UiNzR0Lf2SXNXm5bWo2NwrZzR9zSzZrmHcG7afS+BGWDQhH6w971Q7wn0ntDtPe5qiTWVWFOJNa0WiTWNJNa090hIrKnEmkqsqcSaPplYU0GzdUs/NFsT1vFIaLYbiPXSqk+1h45C7gR+MQSoz8ift9gRI4OC6gaDJfgvNPXPV+fn05btvNCX7iakCE2TqrHrG3KiWSKNHFwzHHtGDhe+DAHfkJqUGG70oo//mwweRCPiOR8wE8PARi/g8os+0Wijzkc+uFGLBToYFJGDNLimOtxfMyiO8PGqv+qC/INgDPBo0F4vM+Qsg2TPqj+j2QYNpjXST0NNqrezRaU1+5dVEMSJphgXAEgBgLwTACSdJgIAGVWKAEAKAKQAQAoApABAfnEAkA5Ki0BB9mqHQEEKFKRAQVIRKMjo0e8Veo6OQEHWBkOgIOtFoCAFCvLLgIIUFENBMQx0QlAMBcVQIsskskwiyySyTCLLJLJMIssksmzYwEpkWa0IiqGgGAqKoaAYCoph/f2CYigohv17KiiGgmIoKIZtLxUUQ0ExFBRDQTEUFENvERRDQTEUFMP+MyAohoJiKCiGWATFUCDCBCJMIMIExVBQDEVEiYgSESUohk8BxfAIIh/WOB+O+becF53ibUA2KXdXEPwAK2s1z/6xAjQQHoFb41j3xvEOC8PA+0L8/7u/gl81auwIa3WiWnrEmYDZvO/8BPK5K+ICGtJuarabN+AJ9gUFNFoAXmW4hve9eK3wPRMHebKaw7rpH8F0UPuluf/ztU39UeSry7ZAy4KrAOSFJTkgX6QA32OaN1EL4dXo29HXL9eLUoQVNO3fuR/x+XCX0Lf71QojTuPiq5auUT++Gb367Wgv3hudL/LRt3Eym/z22zV7onbDhyL/fDugM/onwf6s3ZppuhzWFvWDzbeEtb5eu6jVn/NOV+JvF4ZZkzyzWmYlBqel3qyaa1D1lC4oLh0UobdpUszJOsfVpTSnF9+9bKmUWxBnE5KVaoeo5383yovLXaVVrz7DP+MFKIvw13e79gej70ZXy5kvvqBznPk2Zn55eqv6MuspNd/rX0X0s41Jzrw8mrXeFVRh004jfDSwmXfT5Xg3L2NGeQnu6MP0PFPa1A/HH3ffwmBHv8OA9/Sfty/X29glDszHj3dbwaemlg0vYbs1qku2eolvrgrUwX+iXv1nRF4ol20+Rn3GU1LESNWolFz0kapzfjXT0Da76Txelbvq65/V9z+Xq3MzFj+rpa1mFR7dfbULq3q3uCpnqH8Mn4Z2P2NcURY8X9MZ7vmi5Yj1PFk5pXzf12R/yyNWIHseMHLS811tb/ueoO3m+cYu3xbV0+tsFQBtWyTNSdKcbJE0J10kzUnSnCTNSdKcJM1J0pwEQFsAtAVAWwC0NwSg/UCQyV3N+GXjZz8VFPNHw/HWyNjnqj+ExbMOMPYQLGxdgYBXC3i1gFcLeDUWAa++gwkm4NXUWAGv7soYEPBqAa8W8GoBrxbw6uDoCHi1gFcLeLWAVzsPCHh1JUxfwKsFvFrAq7FIVJdEdUlUV7VIVFckUV29R0KiuiSqS6K6JKrryUR1IXg1pDLwvf5d8Kur1ZhLs6v8JgKroxbGRUp7slwC7hRB2QAOrBPGoxGo21N2MeclSi7IzEndy/k6wCwEX0X7NgBCTfkeNUFZjcWteQgPdNXwDHCifAvhkECzUU15tQdmZ64Og0FGgSCGPzHEcGjxTxAkpRbxUq2hO86Lp6o7Ts9NkmHoAGJJqy+u8Q1+Ox6HHd9NiWM9Z42rNBPHNQycOYFlF1h2gWUXWHaBZb8SWHaBZRdY9taffkGw7DutV24WlN0+f3h86uK1q38KYPtmAdth9aFemJZvPi+y4vZQ/bnOfj/w1qQbneInGOheVz3dJrRufqOOo19YQ+GxDRAtpsncBpRvGItKMO1tEUx7wbSvFcG0F0z7SDDt/eMsmPaCaf/FYNo3D3fvYwJ9D0Wg7wVXWnClBVfaLQJ9L9D3nuaJiBIR9VRElEDfC/S9LQJ9H2yBQN8L9L1A3wv0vdNjgb4X6HtbBPpeoO8F+l6g7yVJUpIkJUlSkiQlSVKSJCVJUpIkA+Pz3JMkBfreLc8B+n4Y4PqyWNXw1u0nYbj1OI63HJUe1Pv0s9qkJW5nlgnXr7bwcI8OEJjlhOs7pDRTMKJc3FpE402c2FyIJY7JBi2gumwOHYjHSQwuhdfRGKQIGUe79DfsKLWT4IdUg1lAsVp4I1j456tsOqH6dNJLdL03evXtaG8L7gOUjadfTy6lkdow1B19p/HaTb3Z0vjaOjwtVbZR/adbGnKXoKWthIdob7VGb19Hf0nPr/L8E356Q3/rYSdEY0KAteuWLy3dhUwNwaHgKmJ+qvYQnbXuADoPLBBtfJdRsHUbTMNPUpBaPPFmacTR9SvnTw01flnkq8XrxlDyoOmBhiHIC2M4xrXxZRXRJMek1ChIQvmx9sVb9Rl+uZiuimRamRUa8Ku8QCQt864Zf6EWzmqaFO5PtgApPYe9Y3QLkFbXTt8Hkg6cYRbsfDU7hxhQsDzmMV/CLt20tGVSXKbGwWTzKctUT0gTJV8Jpmk2TvR5QYvhpPphUy52NDDRIXG2bS8KvBbENMJlBO68JQBm4WXhKSWFv2xtpKnvxNdaE4C3bnOpaX2GcRQYR1WHt3nYxdamTeBgGOPdpRWjGns/maoD4htaaWuA71fOI7vcO8D41aKn2GH3IvzQaSYaohgmqcNP4Jromu6kOXwUjW0l2yN23TqeH4H3F3h/gfd/pvD+6bI3wv9pWttT7a7eLwDEkfK/P+RK/neFy3jNhEPn95XhXdBHmMmsJI0J2jAQAgwEg0Esk/xmDonhqn1dYCzbJ0oy5bPtURT9hO5iJ+adv9uJto/TG7VRttVf75UCrP5q1Jqqc9R3O0NVeL6gKj1f0BuGDHpNgVhn3N9Vq9CLStWczVYzR0lg5Bo8LskhkqgT7mZ6a2A0tQ1nM8pQKeiaiL3oRQOY00npMaoUoGnkSP8D9yl4mKnam5fRjo37zdeDbFytC64zjlr1MbvSDJyWD7r21gRPPChQZhN0xESp5aBfZ+WVGpTlDUCJmDSgf6ZFjq7m1dz43Dvxh4IOgYGDVaptN1YCfJ3BOuXfcl48mI8IYkFhp44mirGjtJwsxAoPJKCA+P1Kb7HCT+ktgUq4YZUOWgsoa8VEo3RYq9fqvW2CnMrRso79opcxYFSBNoS5cGAabyCwLOz4otfs/gr/G+upacr88G0j9uTNZ9A4KmZqYHrrP6kiHdDM6uboy+yZT53RhXIL7XMoj/ePD/2rO5Ao3GhqMIGzvaU6kJC/wVVkYBBoae0QQDBFGINCzeQt+HDrS5VlABozrhyAF7ZLtW1suqlZILCsNf+wMSIIaqwdjbxlTOS87XKyUPstgNoPxadKON92g6pHZtR6Nz+Irm7rc32POE9flTT2sF6vsgVdznKkaHgCqJC6YBl6YIUezXei43wJ/3mDN/04nYd5WqpP8ZM7jw81bVOjw0Ixw+RSTC3DQ94xU0pO9U7tSKqnj0BqclfDK+LKSSOE6lFYnqfovaFEW1/9PHrqH+7grfkqfg2ervQN2cBT8EnpoPVE+xO9mPS2zNLiMgU/3/gqNJdBgcTt7TPdobQ/XULJilAggqftt7EZ9pYHOuH9w+3Dk+Gt4xmuF9cF2CXXOkes39J32kRiHcDb1bL/F0hvXEH/VhOcFQC2hb5NpXa63xkceVNN64uQcg2mR/00pfggCG2Z0pmCNx7Vk3NHadWQ/Qgy2EQObKt/be+0JDpAcbfO9tF8W2e51DaEObAwXGIbv9seDT5se2SpbuD+TKtP62iWZ/xbfa6xDYyHGv36nI9co6xpALEKI4AvZESN3+riQmnfMINam8chm6RLzKfyjdr7WjgQ0edVMfepliW/HFxq3I3BAWN+n0f/8YNyCsn/STHhwfuqNLU+0iW3fr337T346upXZN6HBkgjKL1keP8Ded+2kc9kZdfpTKEJCgXyHTp0E5ghl7h+Q8xtu/VjDurC2Hspw0up1ZhPiWUQakXxARC3WXrt5vCbFQAy4xaXq2pw4DVozpHdPp84LgFUxRCSDR02s3ySXSDSDJsyAyhw/BYTIF/EymieqKVkB7W11s5TLtK372k7KQ2U/nP9g1MfT7Yhh4RA5uzzjgHuI0UcPL07MEe6KWraKWY68Br0C74/fvvX6Oh7rAffR0fLVVJyYqmaAw18Ghr6o4taTBs0cMf6H9WSWRUOkh07nLVcNSi8oR11lcxthYukLE04Ny19QoCelmyuQ46l3QUcQo4S+nOQ+O7KgXqlimE0cKDhxRg7StcjxWqKIH210Qspo7DYGalH7d453hjpeZyiX9UQEGFLLXKoGrgZRH+aszvwFu4s48rS+vAnbrbOnw3U1AqDXlsTmgAKWN5x3tAGs6nL8fszXgdqPr7d+wPiPWJg7w547HD60gyBfPixr/deRQd86ikd5ru9PZpOyu4OvIouPwxYsoVZMgsB+zB2M6gv8tVcp41SHjMQri6XsI4N2g0u25D01PROAAL+wkHatKjiWLVOfzYvPIFfxPv41JUakrR4GZ6xfbS6J6SxZReRlhbQm6DHT5d7PpTV/pktcoowC/WjcXPqSiDI/B4bVCH15WXOceLVW9Wkcpl6J67JacAkgfLIisA7skjYEPf6MC1YDkqNvLhM4AKVAHQ5KuSfIfHxAuMz6GBGJ89Lc/qq99+yR9N4ESlEANVdQoIz8UEhnxDVjnE0Gz3UpyG7q9d5vlE+Te1qYLFjIvtNwNAoOnLwoVHpQSsDptfo/0oCTQE3vTUhFQpGt1uTAY4ZooxO9HGrVgNf7boS3d70JwvQlgtAAMMGhqbPRYMYGemjfjxLigxE0lzt/QmjP1OPIG7RSIVUAzpbmIag60pHt4XWSufltFuGLiyTEF+UHJP9nMTaPfGiujex9Amv8FSZz3TIVncAwJST3802yQ/6oUvVSQIv2mYGgm1bBYGL2C/YvFeiMJ/DGq1FtoTWxbFaQUCKwCIPbRlXCwOwFZCPE3IM217EVjczATU06xetTjQoS/Tr6NdplZixBkNr7B2PbBIdHp/+/Hb/T2/ePtrusJH6z2pb5DeQ52h8L5vYHG/5cktP6CRdkCDU14YcTwU69/7bt+Y5VgTxbgyylQKvQLOM4hp0fhg7svTquVSmOeQOj+EcRteTUfF1Th2cEBAFTKQELnJMcK0CKwDm4BW3JgEL21xPdiToTYNGY/B6HMQZBjJK6RfFKjCXaJgVuKN5EWPWORqFOSIbq74wIq0Jb38yK7HT6T/kauZ9Zc1a3206BwWhAr2uGgzgBbf5ygbGwIDdzMNXC5FZpPv6ab1utDjn5Yo2sZWBiY55wjUPWZRB0YccDDoumaSqhigt2JpxKscZCi2RPhegULrSZm25WwKtLT2vdNR4TPPxJ5xhTYA1qIkdSwcKyAEEL90/PjQ5qfBC4+fYVgsohSDz+UQ3YpuSF5XdUBCWc+drbLV2y7LIcohI0tuYMdLQuwgJ51OUHZ31VzKteEt2zQI4BtJe4RQV65aFaczCFPL7f2WHKNZcX50vB00Y6MtQ964KaIRnVZsgIRVgeeWqDyCDUtjVY9a07MstG1nn291In4sQjK4tZzkJZ9MUiGSAQ1+JvXRSgr4FE7odLSDavnQ3Bk59+FoWCiKQ32RK//n266+jFx/nagtDHjZ6ht8AqcvtSyeMmpyI/TabHwyrWuxhMWiXmS1Uy/nD088EPOsjqXMQQhlZ6/asPf+3pU89JMeQnGBbHjk72JbeMjjsAKAydOyGZBHbsvnsx0A6sS29R6o1D9SWoQM1IDfUlnsYp9YkUVt6DlNXFAaU2NFJgo/BQg8+0OG3iaM2nBkqPfxjUIbc19crb49Y6Xh5MwZfl2E53Mbl5Ybnn6fK6Mryosa98khX2tBVTNRuhQrvo+0a6ptN2LWGaodCY+yph24QpbYiKwpcSXP8t/oyWZQrjFMI1IuKBUU9aJTRyMGX/O///K/SdmQBlsgsBZiMrJy1C4Z+lgC90Ivns94YQTnQlXrHqclGFJd1aIEusXOFIFUwaFWUW+YQ0XE7jn5s7o+XTcTJaiGPMdJD7NoQRrj+x1be2mUwOkyWiebz7GxyiiojEe701Xf6mnNDDLrNmXQDjslOrKTW9vU4MB8GQ8ktj4en5JbHxFZyywPjLLnlATGX3PJQ+EtuWROLyS0Pg8tUmZ/+AqKPvbaObFjPZntCVtugUexjua0ziutZbw+NB+WWgYPWcTWoy3ojNwg/yi0PiiXllgGj1wtjyi3Dx/C+sKfc8kRxqNwyYFJ6+CXWmYi1fBMPjGHllt4j1tPqX9fuj6L2mHPzxKDZQNvD3HzBhFjDCt5ltc3xNF9NYggeMRyL9KKOLC5Uq+fZdMc1Rm183ww0X1YHGHJKc4KGbh2x7c7N46maW9i/OfboNB0XKQLphNvWc14nlSo3Pfy2Zh/SQInfcoYu3O34Zoln4r4mIlRnryHssS2C0Ay63BGiIRgJgOANwfzKIGRDtavB8WBupsMchnwTHqXv3Qr1WPBbogl96qbiNLJwgrde72zydUKprFRb5a2lmzCRV1HvuyyLHkPW4LPfxLDV6WSMo4ljlGoep1ouUaDiHIPwKR5k3sYZf1efW19XzWbcND0lZU/3zDAh+ZBumcd3yTwFd8wjuWIewQ3z0C6YO7pfHtb10nPTd7tchu33dVwtT8TN0nPEut0rw0ZsHbfK47hUBgxQD1fK8FFay4XyKO6T3pfiA9wmw8brvt0lT9xV0nMCOl0kwwZ9DdfIo7hFNmX3recKAVC6w0Kd8pyauJFkjFqd2pBaIoprMgMULJwayDs06D1OFDaaVSUE7IK+NYGq6Jhv5zajcobhExhVyEqaevXeTjRLkzlBV/LLkLGK09Kwfs7LhdYCvTw2bZrNMs7GDqZnvD9789rbaZNETPGlf4fpGS+n9MYoRppJ9ejf72LQaSuojfQKSv+p+2Bq05NWpbaK7KbSNrBJTeak4W6zrEIaXEMk07+GFwF+Xorqop0zVuCrrEU6ur8jQqb2ZodAF9p+lV1Cou8UxCIzs6eUSujAVBumXQhIUAuoxBWm7XNIQQMwRy8RsS4YS+tUCd00YxYdQBxlvFoAaaw6MFjHtBVDGrlSdtPSwZzLLbTkBWp8wegH8zu1Fcxo0ylks48vUzCSLkG6FwTw8aMRLfS2UfQXT0f8iBdUMLlP9Uk1L84v4mWROtONMNOmlzs15dudJ2csMPshZNlDzK62MxL7MhDaehlr5Dc9LJBggDHA5hsaXNUKQIjIKsHivy/Be0DJ5qF2ULL2HO1MmL6sJMaECSSKONOG8MJm1O1MAUpbAVuu+MT5ixTn3HOlu6TjvEuJtgDBwCjpEZZ7cx/A3gf/CRq7laHXIDRBVyCFkF8kaKX5Fr5eE91Co4covO7S3PrLQR9GtY7Lc3YCv7G/wIGDaMlZO04uvgbPaMZiBU6ezhEJh3nG9m0t3zue5JYnGt5E73PrgTD5W9/eqtjkf1c+bkNPJo6LyqNt+Mn4aGUpaE6Tu0AoNyDyO9CjzioYrRZl1uA6eQD7PdNRh/BnNPkO8ND1UVfZe/4OUih8LKOBVcw/JWyNdbC1jubWE2Z0P0rjSiLmYwAEm1yN48zywBPGuac+PdQ7ausoWfa92z6Uo99XOuvK3VH1aU/l+uFFvsAIVQMUU67GSn6OtUZbrpRSChMPEzdrpTxHybsoUlJgAastm6beBloXLSYwKpl2nnupWxniodIA4LZH3Vz1/mo1S+Z8liwoBch386gWcpnqIFt2E3M6FhxQuB6Zql0d22lRYLwnzJ5Pu3CTN5OxRpyA0zL9vMBEUxa3F9ln0GRclAAE7/XUidr/CzzyGBACDmegAX5Jad3aR65BU/hWMZ+l4Du+9KePX6zmkwQJWeHVN0Wuz0TnFvHMAvGCSzZipodqVK3XN+qq5G6WK+keiLM1X6nVjuuCrXtXtTKara/poCvp7cITcqPxsbI5efYJ34gRwRB+ewmQETqN2LeeVA93KkAhCWbclatFlXfX1y8aGe8mBbugzBwyE3eRZEt1TFyohmNqbpHppTDLShPtPfEv3H0wDHFlgjxxF2Y+Hq8KDc9JHgeWJSaynyfYN7pshyaTCanaKK/MdYBDA8LGj5rSXd56Bq4nuDPUalLrd7HyCPaQ+F2pcUHQyHSy1hllTiaKDwclnLBQyN5rl7P8VM3Q1BCD+vP7Oa82wYVWpBdTzKBvYppgh3LvyazWjJp3kEpau+jZw4HEaBXim4ETCgqGmVaf5hDth86k0gXKp9oQX8aY95Dwi1gC+kads923UWfZ3uRE98TOr8Pkw+R5pqq56p8idL3Jj09cEG2Dm01HGz1FZz01Ga9Ir/MMhI0SKSC3W9KLlcAmZB/O+eBqtG7jpuhz1dwSRF+MlWmczPi+MAhBr0x7MJer7S8HATJ1Qs9viHwPM5vpE82+53zko98DC9vONDZTT2KVwqph8MDM6AWrH4Wb3RpnmDZ/6o96CcYcNsDBPGgcOsQ1uRxceN/csOSIRqv6q8Y01LnBQFmbaN2ozBCBQqM7VSyzZjMMSKj+AVSmOjxbVBq0f1llKgOsGm9ThPbtF0z7Rqew0L4J7ZvQvnnmR2jfhPZNaN+E9k1o37jcj+mK7fXtCWGEE0a4ehFGOGGEE0Y4LsIIJ4xwtT5dCSNcW3uFES4SRjhhhBNGOGGEE0Y4LMII93QZ4YRD6JfNISQ4poJjKjimzwnH1AGzEURTQTQVRFNBNBVEU9/8CKKpIJoKoqkgmrpFEE0F0fQXiWgq4Jr+IuCavq4KuKaAawq4Zr82CbhmpTwFz4CAawq4ZiTgmgKuKeCaUARcU8A1W4uAawq4poBrVoqAawq4poBrCrimgGsKuObwERFwzfb6BVzzgcA14S1ZS1R49RbCPGiGmqyOpUE4NKPdha3Wmh3kf6N5IbqP4G0W08Ncf4DHN+iypog5CrVrve/pcklP1aydMbQkYf3cNevyLcDjsKqd2ukwAJaIbYJHGhxGtC8ojwaPwXb5Q749E3JuUNJWcyW3phhtbt9GPrMJJ6MlS+1u+zTPb+Y7dDquSg3igc2FCtuFn3oKZoQkK9eO1w5jMM5gZ7S1XK9lgORAFbzluU75OmsDjKXSPy2WUElh+xLQEUOfMnQnDIpmYSRMMRwiM30dM8RqNiYscKreuh0uWmBuh/WXAlQRkPbCgofSOsFcblivpnegAreCpFQrNbG0sDCgw+OrHHK91EJChU69DJZcVbV08RGiy1WiXryEEFWELeo5sIzycrfBLZXCVWTL1rzivsN7yvVoFQKlmgE0GKvhLStx8IwNPM7B31TSFQSGAEe5gxEAtnI2UypipnbNtN3fg5u/XOr0OCPBM1A3M8YgTgAhdKxsOLDepgH3Fsyq6Q+N97uPp2dal8V7BJQ7dEb/8XtArVt/Bjw6Qcv4s05gb2lo+e5ozKqzAvCasDk70cc5Srm124UP3HXTAcYW2LJGIrv7Cm+JYDvmI74xGylDZbfHvnsH3pKRqXWEWF4O/IvxEcKMF3lZOtl4aFMYxDWCLT5PxwmY1jYnyioQrY2wiTcXq2n0olSG5QhdRQyoZqt4STEbyXk2hSWFkDcQR682Bx5J2QxgfZN2V2HHZIVU7jhqzeeIsV7PFz1UZ19msCCaC6J5tZwJorkgmuN6EkRzWsKCaF4tgmguiOaCaO4UQTSnIojmgmjeBXtt/AQmo74PbLhnlKgxh1QLf7Yoshw9I9GrvUr7BuByP3mc88cEDn/mEOxPB12/eTWoRG2ZjzNrWtbO7pZdodUu+hfXVWnST5XPGvtVw76fqw5SjsU6qO/Dgd51NYLMLsjsgswuyOxOEWR2QWZ/jsjsENlJmk4/kHb1x0VeWOR1654iQG2j/twDmju8B9v70JjuzwO43edgdEbcd2vzG5065uh2ThycWkJK5WSQt1nyWf/D4gzCVlP6UVsQlqo9A/BHXFyOVN3BCFNdffuPnZWlr6RZTObTSU2B+5+mvvuo/X+Z/nPt/K/N1M5ejBe2B7r+l1EB0R870ac0XUQGlNUqCaqyd6feqcUIl5uspHBeXy7ycb5EexTXiOtVKVZzlMZwO+3rCMe3tMz8b6L92nyjn44FCxoKpj6uxrcvfhO9n9P1Pu0Ftz5Pm27wr6LE+rSXbw6QX/OWF5whWC7EOdNCTnEzoe8e2JiuIZpR2wIXOcCHQSv8W0VHTHtv2MMDQnCZ3BcrbmfJPLm0NxbB8Gv1Av84kZhXJ8GS+qUGaf7VskFU0FF95DQLbIRiWAWP76UUggghiHDK2UDMaiGIqBYhiKjXJwQR7bUJQYQQRAhBhBBECEGEEESYIgQRQhAhBBG2CEGEEEQIQYQQRLhxqEIQUS9CEBFqvxBECEHEI8BAQhGCCCGIaJsfIYgQggghiBCCCLcIQYQQRAhBRKAIQUTrQ0IQQUUIIgYPmRBENIoQRAhBhBBECEGEEERAeSIWvxBECEGEEEQIQYRbhCDinggiIPmQk+M3yRFRrdYkRF7lNxHYiEbBcWkhkiUEZS2dnEiT82ZCpt+1guHootQMCLO7WHLyjrbRcV9VQdYBUi3atwADasnsUVMgPufWPIQKzgXkkaQhSMtqit+rPZ1yeCejTVg8njmLB/TkJ8B0UZtiqdbihufRU/Udp/MmyZaMVQRRAdE1viEkyCi9Z4JtAOS73rPMVZuJ5hrWnGmhVBFKlWoynlCqCKWKUKr4HxFKlWoRSpX2+oVSRShVhFJFKFWEUmVAh4VSxT+wQqliilCqCKWKUKq0UKo0D3fvY8K8IswrwrwizCvCvCLMK8K84hRhXhHmFWFeEeaVjTGvLJWZRh9o4hX7ybPiXYnjeMuJ/I6uX21h+CVi0isdaX+MwJdbLtSPC1HCTvXR55jDrPT9w2v3xmZLUzWMIa6KAE2LLTcsj74pb9UvZo1GFefJeKSUvCtADkGpq4O6THNP8mm60UZOlWxSn+N0qBfGRY5cHS0tLlZTmO0YbvV+KPLVAt8cR9sAMl5ZDjFrAlt47XTOn5FkbP5+nKOvw+1zs0Lw2Ke1Ci+RdCPGu0j84wZOZ/dd8CfxAuCfC/M93RDSJFxeFuklvv1kRSuYBwzG+9RsUfydB4OtMfC6wjRe5nodvI62YfNsD53yA9uSjc68aeNEt5Amn+Y4+tt/rLM+12pscLTuuPvcPvVbtzbQtNdSa9SpVGGIWam3ufmir37zlXd3OIvT+167hJ11fdfG8BPm03RZ7mJwfPZPAhjyP2JcMZ6BarSz2bpFBpBZc8Tqa933lECkP+SwPPZ3rTM/K7hMWbKHt/Wty/xTOi9SCIXoKcR8O6NZL2cWUC7MoPrNdbRvOmNtMikzY576n6jeRj+RFdrRqyfZ5t7bCW8T6oLkaTSo/lFwK99vo9bcyIPqt/9oEWv+AXjMuXqqzWMbeaKU7fx21qrkPYFG+T6uTv/DrfU1G+h94qkthas0mS6vxlfp+NPTbZX385bBrjzyCIKRm7EAGNGnM6C6OdUPWoaQvntqK7XSxLamP/lm+5oXatOdX5/WZfx9vaLy70cW1d1Nqn71QIvGZ7PS7c8sWfQfqAG1Bzw5m3sJRpE/yuARVMxd393ywmyRzHpYLeqxyQRQ65U2ns3W3GzFag63vz1eZ6xuWjil98O7H3zr+Tf/lGHWyr27Oc/5Pe3eznyqMVP0SAc6scUZ/eSj7XaysiMA3VJeX/S9O5MdZ919jLnrgdNjveaQum7FXk7Mex7c+vXBRsftJj2/yvNPMYdvtLdKg2RDwAFvT/jzdfTtt9/g24l3/AN+5taKXa3ey/VsaH0gksWitAvq0Ngodx8QEwMQo0frtRMSUJsvHpTW7wMjZ+5REZmqOiJ9/Pztje/X/CorR51noo6RP+j1/RpQRVq3kDD6E3XGFJdOE+IorkizyheTLLmc5+UyG5cxH2d//B//Otj/cPTz4dH+D8fvT8+ODk5/3j88PHlzevr6j69/rxbqvytVZHN1Gq+K1K1L13F0fPrm4OPJG7ey13+8gBjSaiWrUv0e+KnGKBjQhRizpharFaEEka7z46mq7s2HkzcH+2dvDtUrvj/Z//nd/sGfj47f/Hy8/+7o+AfvKy6UdgDNBNFT/pFjCD4ok0dV/OZ/fzBVfHj//u3rP8JNxr93tBDjo/g0XfLDB28/np69OflZjcr7jycHb34+fXNW+9FZvsin+eUttJufPnv/4f3b9z/8Vbdv54SO/9PDH7nek4/HZ0fvVHWHP5qHbLjDB4j0yC6vlgdo5tYarprwsxqW798e/fDns58P/vzm4MfmYAPWROKC2MTRrru2oKTza/d72rAf3h/C6L45/bB/8MZ8ywRa3xd5jZ4Y4+086GUWNstyaZgd3/rSzb/P+6qPR4ebfdMqs0BQ2Qxv4ykZsrg14B9WDLh/O7Lx9fWr0e9G31Ur+rCaTpkHOzq6OM5hbQC3m3lqmikTQG3nD0V+XomDhZiFH+qsqAts9y45Uf5Z/QrPovo3NGj1lWOONT22RjzRifYHfcy5lTSOOVNbkS/zcT59HZ0dfAhWuteotNmTnrX93tfEGTDBjMvO2iDGKBs86hiZ1GfQUdBmy9sD1WSl+ruVITPAhyK7zqbpZfoGwjoomixCAeA8qQ5VihVvJGxNirzGRRFH+2/fVnrNL5g061WmzH7J6uFvv/uuEnKE330s4dirfkXYAu9Av6usG4RDoM20u5wtdtVmiavrZBd1rfllPE6LZdmYMfjUbYAa4vfz6a0TDRMYTmzucT4/yfNl5Rf4G8h3VvN7kU0rM0wROSzRGWPEvMhVZI99WizWQDGvMG0/FEocfkiLLJ9o2vXolV7lS6UuF1UiJ2UKXlyowx0QNE4BnWE1tW0GLkw01lHRHlWjlWYJiJw7V1PRXLbcyXXa6JkasuTdcSwt/KxXucYJb2i18KEezqrFBKmJmBy0WZXfXX7dWutkXiImF3sqPN0aOT8bldfj3g8a3wGSvGxB2GO5Ap2FTygahiP8cMvZINSJ6QVg64HKpR/oN/6RvhWnlzCVkrsoY8ASiAG+So/hNFNr63Y8TfvPHjd7sxPX7HPH7MFPTvEn3si0ZDLLkLyQz3a/6f5utcTEx7/QcB64MfaVDjZ42uqjk81h4ONxEkOOa6XJu761eWevALfcrIRKfsAWf0rBOnooTjBMgoeIl/31K/7Pueot/E2xmzQS1DxeY1oeBE1s/YBn4uhLPl6x+alZhdjzOMtjbof+YstkAGm9CrJXttiq1J+9MVSWZowYRMfsQ58vj4KZ0DhzHYAtzm0X8tY8Z4fNycs23x6cvFHmEP/j44dD/Y9awGflphoio9+gvC9B4M/T5z2BGBWxqVnEyp7HVNoAkS9lQm1I/93mUoMnPe1pdC4Mv7AJtAEQm5pKW+PzmNRq7MgXNr1OyMWm5tep8nlMcC1i5Qub4TLd2M6FpORnMaMcQ/DMZpIvkn0zmkwXV2pKa3fFd57XWn0jfZUdiF8PzHXgIrxlzqlbd510z7X6M5v5rj0MUV2b2sRQ1/PYxTrw7ZlNJm2eTlPHSei489Q2q1xzC7f/6gGMIDfFxT/tazltfgKsgWfqtrk2bX+mjhvuwD26bvQQqZl/kt6bODp88/bNF+TK6T2ld3PmNOf1Cfpzek3u83PudE/xXd07zuyKh+exZ3EDPp7mfIqb50nN8SYcPc1JFl/PE5vmu1gTzekVh889T+fDuXycyW3z+oi758ls4zs5fJr7WHw+9z6jD+j1aVpGX7zj50ube5sEdQ9LgCt/5iuBe/EsFwSkH7YvB5N1uInpN5WNWnMeA5Pd9psHc5GY5j9Py7rnRGN66UZnG2t85lNukm6b0/7/A7AalfZPogoA
+data:
+ metadata: |
+ # maps release series of major.minor to cluster-api contract version
+ # the contract version may change between minor or major versions, but *not*
+ # between patch versions.
+ #
+ # update this file only when a new major or minor version is released
+ apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3
+ kind: Metadata
+ releaseSeries:
+ - major: 1
+ minor: 7
+ contract: v1beta1
+ - major: 1
+ minor: 6
+ contract: v1beta1
+ - major: 1
+ minor: 5
+ contract: v1beta1
+ - major: 1
+ minor: 4
+ contract: v1beta1
+ - major: 1
+ minor: 3
+ contract: v1beta1
+ - major: 1
+ minor: 2
+ contract: v1beta1
+ - major: 1
+ minor: 1
+ contract: v1beta1
+ - major: 1
+ minor: 0
+ contract: v1beta1
+kind: ConfigMap
+metadata:
+ creationTimestamp: null
+ name: v1.7.5
+ namespace: capi-system
+ annotations:
+ provider.cluster.x-k8s.io/compressed: "true"
+ labels:
+ provider-components: core
diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml
new file mode 100644
index 0000000..f5a5409
--- /dev/null
+++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml
@@ -0,0 +1,4390 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ pod-security.kubernetes.io/enforce: restricted
+ name: capm3-system
+---
+apiVersion: v1
+data:
+ components: |
+ apiVersion: v1
+ kind: Namespace
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ pod-security.kubernetes.io/enforce: restricted
+ name: capm3-system
+ ---
+ apiVersion: apiextensions.k8s.io/v1
+ kind: CustomResourceDefinition
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert
+ controller-gen.kubebuilder.io/version: v0.13.0
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ cluster.x-k8s.io/v1alpha2: v1alpha2
+ cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4
+ cluster.x-k8s.io/v1alpha4: v1alpha5
+ cluster.x-k8s.io/v1beta1: v1beta1
+ name: ipaddresses.ipam.metal3.io
+ spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: ipam-webhook-service
+ namespace: capm3-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: ipam.metal3.io
+ names:
+ categories:
+ - metal3
+ kind: IPAddress
+ listKind: IPAddressList
+ plural: ipaddresses
+ shortNames:
+ - ipa
+ - ipaddress
+ - m3ipa
+ - m3ipaddress
+ - m3ipaddresses
+ - metal3ipa
+ - metal3ipaddress
+ - metal3ipaddresses
+ singular: ipaddress
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Time duration since creation of Metal3IPAddress
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IPAddress is the Schema for the ipaddresses API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IPAddressSpec defines the desired state of IPAddress.
+ properties:
+ address:
+ description: Address contains the IP address
+ pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$))
+ type: string
+ claim:
+ description: Claim points to the object the IPClaim was created for.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ dnsServers:
+ description: DNSServers is the list of dns servers
+ items:
+ description: IPAddress is used for validation of an IP address.
+ pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$))
+ type: string
+ type: array
+ gateway:
+ description: Gateway is the gateway ip address
+ pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$))
+ type: string
+ pool:
+ description: Pool is the IPPool this was generated from.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: Prefix is the mask of the network as integer (max 128)
+ maximum: 128
+ type: integer
+ required:
+ - address
+ - claim
+ - pool
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+ ---
+ apiVersion: apiextensions.k8s.io/v1
+ kind: CustomResourceDefinition
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert
+ controller-gen.kubebuilder.io/version: v0.13.0
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ cluster.x-k8s.io/v1alpha2: v1alpha2
+ cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4
+ cluster.x-k8s.io/v1alpha4: v1alpha5
+ cluster.x-k8s.io/v1beta1: v1beta1
+ name: ipclaims.ipam.metal3.io
+ spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: ipam-webhook-service
+ namespace: capm3-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: ipam.metal3.io
+ names:
+ categories:
+ - cluster-api
+ kind: IPClaim
+ listKind: IPClaimList
+ plural: ipclaims
+ shortNames:
+ - ipc
+ - ipclaim
+ - m3ipc
+ - m3ipclaim
+ - m3ipclaims
+ - metal3ipc
+ - metal3ipclaim
+ - metal3ipclaims
+ singular: ipclaim
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Time duration since creation of Metal3IPClaim
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IPClaim is the Schema for the ipclaims API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IPClaimSpec defines the desired state of IPClaim.
+ properties:
+ pool:
+ description: Pool is the IPPool this was generated from.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - pool
+ type: object
+ status:
+ description: IPClaimStatus defines the observed state of IPClaim.
+ properties:
+ address:
+ description: Address is the IPAddress that was generated for this
+ claim.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ errorMessage:
+ description: ErrorMessage contains the error message
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ ---
+ apiVersion: apiextensions.k8s.io/v1
+ kind: CustomResourceDefinition
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert
+ controller-gen.kubebuilder.io/version: v0.13.0
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ cluster.x-k8s.io/v1alpha2: v1alpha2
+ cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4
+ cluster.x-k8s.io/v1alpha4: v1alpha5
+ cluster.x-k8s.io/v1beta1: v1beta1
+ name: ippools.ipam.metal3.io
+ spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: ipam-webhook-service
+ namespace: capm3-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: ipam.metal3.io
+ names:
+ categories:
+ - cluster-api
+ kind: IPPool
+ listKind: IPPoolList
+ plural: ippools
+ shortNames:
+ - ipp
+ - ippool
+ - m3ipp
+ - m3ippool
+ - m3ippools
+ - metal3ipp
+ - metal3ippool
+ - metal3ippools
+ singular: ippool
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Cluster to which this template belongs
+ jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+ name: Cluster
+ type: string
+ - description: Time duration since creation of Metal3IPPool
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IPPool is the Schema for the ippools API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IPPoolSpec defines the desired state of IPPool.
+ properties:
+ clusterName:
+ description: ClusterName is the name of the Cluster this object belongs
+ to.
+ type: string
+ dnsServers:
+ description: DNSServers is the list of dns servers
+ items:
+ description: IPAddress is used for validation of an IP address.
+ pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$))
+ type: string
+ type: array
+ gateway:
+ description: Gateway is the gateway ip address
+ pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$))
+ type: string
+ namePrefix:
+ description: namePrefix is the prefix used to generate the IPAddress
+ object names
+ minLength: 1
+ type: string
+ pools:
+ description: Pools contains the list of IP addresses pools
+ items:
+ description: MetaDataIPAddress contains the info to render th ip
+ address. It is IP-version agnostic.
+ properties:
+ dnsServers:
+ description: DNSServers is the list of dns servers
+ items:
+ description: IPAddress is used for validation of an IP address.
+ pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$))
+ type: string
+ type: array
+ end:
+ description: End is the last IP address that can be rendered.
+ It is used as a validation that the rendered IP is in bound.
+ pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$))
+ type: string
+ gateway:
+ description: Gateway is the gateway ip address
+ pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$))
+ type: string
+ prefix:
+ description: Prefix is the mask of the network as integer (max
+ 128)
+ maximum: 128
+ type: integer
+ start:
+ description: Start is the first ip address that can be rendered
+ pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$))
+ type: string
+ subnet:
+ description: Subnet is used to validate that the rendered IP
+ is in bounds. In case the Start value is not given, it is
+ derived from the subnet ip incremented by 1 (`192.168.0.1`
+ for `192.168.0.0/24`)
+ pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))/([0-9]|[1-2][0-9]|3[0-2])$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))/([0-9]|[0-9][0-9]|1[0-1][0-9]|12[0-8])$))
+ type: string
+ type: object
+ type: array
+ preAllocations:
+ additionalProperties:
+ description: IPAddress is used for validation of an IP address.
+ pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$))
+ type: string
+ description: PreAllocations contains the preallocated IP addresses
+ type: object
+ prefix:
+ description: Prefix is the mask of the network as integer (max 128)
+ maximum: 128
+ type: integer
+ required:
+ - namePrefix
+ type: object
+ status:
+ description: IPPoolStatus defines the observed state of IPPool.
+ properties:
+ indexes:
+ additionalProperties:
+ description: IPAddress is used for validation of an IP address.
+ pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$))
+ type: string
+ description: Allocations contains the map of objects and IP addresses
+ they have
+ type: object
+ lastUpdated:
+ description: LastUpdated identifies when this status was last observed.
+ format: date-time
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ ---
+ apiVersion: apiextensions.k8s.io/v1
+ kind: CustomResourceDefinition
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert
+ controller-gen.kubebuilder.io/version: v0.13.0
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ cluster.x-k8s.io/v1beta1: v1beta1
+ name: metal3clusters.infrastructure.cluster.x-k8s.io
+ spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: Metal3Cluster
+ listKind: Metal3ClusterList
+ plural: metal3clusters
+ shortNames:
+ - m3c
+ - m3cluster
+ - m3clusters
+ - metal3c
+ - metal3cluster
+ singular: metal3cluster
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Time duration since creation of Metal3Cluster
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: metal3Cluster is Ready
+ jsonPath: .status.ready
+ name: Ready
+ type: string
+ - description: Most recent error
+ jsonPath: .status.failureReason
+ name: Error
+ type: string
+ - description: Cluster to which this BMCluster belongs
+ jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+ name: Cluster
+ type: string
+ - description: Control plane endpoint
+ jsonPath: .spec.controlPlaneEndpoint
+ name: Endpoint
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Metal3Cluster is the Schema for the metal3clusters API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Metal3ClusterSpec defines the desired state of Metal3Cluster.
+ properties:
+ controlPlaneEndpoint:
+ description: ControlPlaneEndpoint represents the endpoint used to
+ communicate with the control plane.
+ properties:
+ host:
+ description: Host is the hostname on which the API server is serving.
+ type: string
+ port:
+ description: Port is the port on which the API server is serving.
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ noCloudProvider:
+ description: Determines if the cluster is not to be deployed with
+ an external cloud provider. If set to true, CAPM3 will use node
+ labels to set providerID on the kubernetes nodes. If set to false,
+ providerID is set on nodes by other entities and CAPM3 uses the
+ value of the providerID on the m3m resource.
+ type: boolean
+ type: object
+ status:
+ description: Metal3ClusterStatus defines the observed state of Metal3Cluster.
+ properties:
+ conditions:
+ description: Conditions defines current service state of the Metal3Cluster.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: FailureMessage indicates that there is a fatal problem
+ reconciling the state, and will be set to a descriptive error message.
+ type: string
+ failureReason:
+ description: FailureReason indicates that there is a fatal problem
+ reconciling the state, and will be set to a token value suitable
+ for programmatic interpretation.
+ type: string
+ lastUpdated:
+ description: LastUpdated identifies when this status was last observed.
+ format: date-time
+ type: string
+ ready:
+ description: Ready denotes that the Metal3 cluster (infrastructure)
+ is ready. In Baremetal case, it does not mean anything for now as
+ no infrastructure steps need to be performed. Required by Cluster
+ API. Set to True by the metal3Cluster controller after creation.
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ ---
+ apiVersion: apiextensions.k8s.io/v1
+ kind: CustomResourceDefinition
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert
+ controller-gen.kubebuilder.io/version: v0.13.0
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ cluster.x-k8s.io/v1beta1: v1beta1
+ name: metal3dataclaims.infrastructure.cluster.x-k8s.io
+ spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: Metal3DataClaim
+ listKind: Metal3DataClaimList
+ plural: metal3dataclaims
+ shortNames:
+ - m3dc
+ - m3dataclaim
+ - m3dataclaims
+ - metal3dc
+ - metal3dataclaim
+ singular: metal3dataclaim
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Time duration since creation of Metal3DataClaim
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Metal3DataClaim is the Schema for the metal3datas API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Metal3DataClaimSpec defines the desired state of Metal3DataClaim.
+ properties:
+ template:
+ description: Template is the Metal3DataTemplate this was generated
+ for.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - template
+ type: object
+ status:
+ description: Metal3DataClaimStatus defines the observed state of Metal3DataClaim.
+ properties:
+ errorMessage:
+ description: ErrorMessage contains the error message
+ type: string
+ renderedData:
+ description: RenderedData references the Metal3Data when ready
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ ---
+ apiVersion: apiextensions.k8s.io/v1
+ kind: CustomResourceDefinition
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert
+ clusterctl.cluster.x-k8s.io/skip-crd-name-preflight-check: ""
+ controller-gen.kubebuilder.io/version: v0.13.0
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ cluster.x-k8s.io/v1beta1: v1beta1
+ name: metal3datas.infrastructure.cluster.x-k8s.io
+ spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: Metal3Data
+ listKind: Metal3DataList
+ plural: metal3datas
+ shortNames:
+ - m3d
+ - m3data
+ - m3datas
+ - metal3d
+ - metal3data
+ singular: metal3data
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Time duration since creation of Metal3Data
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Metal3Data is the Schema for the metal3datas API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Metal3DataSpec defines the desired state of Metal3Data.
+ properties:
+ claim:
+ description: DataClaim points to the Metal3DataClaim the Metal3Data
+ was created for.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ index:
+ description: Index stores the index value of this instance in the
+ Metal3DataTemplate.
+ type: integer
+ metaData:
+ description: MetaData points to the rendered MetaData secret.
+ properties:
+ name:
+ description: name is unique within a namespace to reference a
+ secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which the secret
+ name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ networkData:
+ description: NetworkData points to the rendered NetworkData secret.
+ properties:
+ name:
+ description: name is unique within a namespace to reference a
+ secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which the secret
+ name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ template:
+ description: DataTemplate is the Metal3DataTemplate this was generated
+ from.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ templateReference:
+ description: TemplateReference refers to the Template the Metal3MachineTemplate
+ refers to. It can be matched against the key or it may also point
+ to the name of the template Metal3Data refers to
+ type: string
+ required:
+ - claim
+ - template
+ type: object
+ status:
+ description: Metal3DataStatus defines the observed state of Metal3Data.
+ properties:
+ errorMessage:
+ description: ErrorMessage contains the error message
+ type: string
+ ready:
+ description: Ready is a flag set to True if the secrets were rendered
+ properly
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ ---
+ apiVersion: apiextensions.k8s.io/v1
+ kind: CustomResourceDefinition
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert
+ controller-gen.kubebuilder.io/version: v0.13.0
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ cluster.x-k8s.io/v1beta1: v1beta1
+ name: metal3datatemplates.infrastructure.cluster.x-k8s.io
+ spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: Metal3DataTemplate
+ listKind: Metal3DataTemplateList
+ plural: metal3datatemplates
+ shortNames:
+ - m3dt
+ - m3datatemplate
+ - m3datatemplates
+ - metal3dt
+ - metal3datatemplate
+ singular: metal3datatemplate
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Cluster to which this template belongs
+ jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+ name: Cluster
+ type: string
+ - description: Time duration since creation of Metal3DataTemplate
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Metal3DataTemplate is the Schema for the metal3datatemplates
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Metal3DataTemplateSpec defines the desired state of Metal3DataTemplate.
+ properties:
+ clusterName:
+ description: ClusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ metaData:
+ description: MetaData contains the information needed to generate
+ the metadata secret
+ properties:
+ dnsServersFromIPPool:
+ description: DNSServersFromPool is the list of metadata items
+ to be rendered as dns servers.
+ items:
+ properties:
+ apiGroup:
+ description: APIGroup is the api group of the IP pool.
+ type: string
+ key:
+ description: Key will be used as the key to set in the metadata
+ map for cloud-init
+ type: string
+ kind:
+ description: Kind is the kind of the IP pool
+ type: string
+ name:
+ description: Name is the name of the IP pool used to fetch
+ the value to set in the metadata map for cloud-init
+ type: string
+ required:
+ - apiGroup
+ - key
+ - kind
+ - name
+ type: object
+ type: array
+ fromAnnotations:
+ description: FromAnnotations is the list of metadata items to
+ be fetched from object Annotations
+ items:
+ description: MetaDataFromAnnotation contains the information
+ to fetch an annotation content, if the label does not exist,
+ it is rendered as empty string.
+ properties:
+ annotation:
+ description: Annotation is the key of the Annotation to
+ fetch
+ type: string
+ key:
+ description: Key will be used as the key to set in the metadata
+ map for cloud-init
+ type: string
+ object:
+ description: Object is the type of the object from which
+ we retrieve the name
+ enum:
+ - machine
+ - metal3machine
+ - baremetalhost
+ type: string
+ required:
+ - annotation
+ - key
+ - object
+ type: object
+ type: array
+ fromHostInterfaces:
+ description: FromHostInterfaces is the list of metadata items
+ to be rendered as MAC addresses of the host interfaces.
+ items:
+ description: MetaDataHostInterface contains the information
+ to render the object name.
+ properties:
+ interface:
+ description: Interface is the name of the interface in the
+ BareMetalHost Status Hardware Details list of interfaces
+ from which to fetch the MAC address.
+ type: string
+ key:
+ description: Key will be used as the key to set in the metadata
+ map for cloud-init
+ type: string
+ required:
+ - interface
+ - key
+ type: object
+ type: array
+ fromLabels:
+ description: FromLabels is the list of metadata items to be fetched
+ from object labels
+ items:
+ description: MetaDataFromLabel contains the information to fetch
+ a label content, if the label does not exist, it is rendered
+ as empty string.
+ properties:
+ key:
+ description: Key will be used as the key to set in the metadata
+ map for cloud-init
+ type: string
+ label:
+ description: Label is the key of the label to fetch
+ type: string
+ object:
+ description: Object is the type of the object from which
+ we retrieve the name
+ enum:
+ - machine
+ - metal3machine
+ - baremetalhost
+ type: string
+ required:
+ - key
+ - label
+ - object
+ type: object
+ type: array
+ gatewaysFromIPPool:
+ description: GatewaysFromPool is the list of metadata items to
+ be rendered as gateway addresses.
+ items:
+ properties:
+ apiGroup:
+ description: APIGroup is the api group of the IP pool.
+ type: string
+ key:
+ description: Key will be used as the key to set in the metadata
+ map for cloud-init
+ type: string
+ kind:
+ description: Kind is the kind of the IP pool
+ type: string
+ name:
+ description: Name is the name of the IP pool used to fetch
+ the value to set in the metadata map for cloud-init
+ type: string
+ required:
+ - apiGroup
+ - key
+ - kind
+ - name
+ type: object
+ type: array
+ indexes:
+ description: Indexes is the list of metadata items to be rendered
+ from the index of the Metal3Data
+ items:
+ description: MetaDataIndex contains the information to render
+ the index.
+ properties:
+ key:
+ description: Key will be used as the key to set in the metadata
+ map for cloud-init
+ type: string
+ offset:
+ description: Offset is the offset to apply to the index
+ when rendering it
+ type: integer
+ prefix:
+ description: Prefix is the prefix string
+ type: string
+ step:
+ default: 1
+ description: Step is the multiplier of the index
+ type: integer
+ suffix:
+ description: Suffix is the suffix string
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ ipAddressesFromIPPool:
+ description: IPAddressesFromPool is the list of metadata items
+ to be rendered as ip addresses.
+ items:
+ properties:
+ apiGroup:
+ description: APIGroup is the api group of the IP pool.
+ type: string
+ key:
+ description: Key will be used as the key to set in the metadata
+ map for cloud-init
+ type: string
+ kind:
+ description: Kind is the kind of the IP pool
+ type: string
+ name:
+ description: Name is the name of the IP pool used to fetch
+ the value to set in the metadata map for cloud-init
+ type: string
+ required:
+ - apiGroup
+ - key
+ - kind
+ - name
+ type: object
+ type: array
+ namespaces:
+ description: Namespaces is the list of metadata items to be rendered
+ from the namespace
+ items:
+ description: MetaDataNamespace contains the information to render
+ the namespace.
+ properties:
+ key:
+ description: Key will be used as the key to set in the metadata
+ map for cloud-init
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ objectNames:
+ description: ObjectNames is the list of metadata items to be rendered
+ from the name of objects.
+ items:
+ description: MetaDataObjectName contains the information to
+ render the object name.
+ properties:
+ key:
+ description: Key will be used as the key to set in the metadata
+ map for cloud-init
+ type: string
+ object:
+ description: Object is the type of the object from which
+ we retrieve the name
+ enum:
+ - machine
+ - metal3machine
+ - baremetalhost
+ type: string
+ required:
+ - key
+ - object
+ type: object
+ type: array
+ prefixesFromIPPool:
+ description: PrefixesFromPool is the list of metadata items to
+ be rendered as network prefixes.
+ items:
+ properties:
+ apiGroup:
+ description: APIGroup is the api group of the IP pool.
+ type: string
+ key:
+ description: Key will be used as the key to set in the metadata
+ map for cloud-init
+ type: string
+ kind:
+ description: Kind is the kind of the IP pool
+ type: string
+ name:
+ description: Name is the name of the IP pool used to fetch
+ the value to set in the metadata map for cloud-init
+ type: string
+ required:
+ - apiGroup
+ - key
+ - kind
+ - name
+ type: object
+ type: array
+ strings:
+ description: Strings is the list of metadata items to be rendered
+ from strings
+ items:
+ description: MetaDataString contains the information to render
+ the string.
+ properties:
+ key:
+ description: Key will be used as the key to set in the metadata
+ map for cloud-init
+ type: string
+ value:
+ description: Value is the string to render.
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ type: array
+ type: object
+ networkData:
+ description: NetworkData contains the information needed to generate
+ the networkdata secret
+ properties:
+ links:
+ description: Links is a structure containing lists of different
+ types objects
+ properties:
+ bonds:
+ description: Bonds contains a list of Bond links
+ items:
+ description: NetworkDataLinkBond represents a bond link
+ object.
+ properties:
+ bondLinks:
+ description: BondLinks is the list of links that are
+ part of the bond.
+ items:
+ type: string
+ type: array
+ bondMode:
+ description: BondMode is the mode of bond used. It can
+ be one of balance-rr, active-backup, balance-xor,
+ broadcast, balance-tlb, balance-alb, 802.3ad
+ enum:
+ - balance-rr
+ - active-backup
+ - balance-xor
+ - broadcast
+ - balance-tlb
+ - balance-alb
+ - 802.3ad
+ type: string
+ bondXmitHashPolicy:
+ description: Selects the transmit hash policy used for
+ port selection in balance-xor and 802.3ad modes
+ enum:
+ - layer2
+ - layer3+4
+ - layer2+3
+ type: string
+ id:
+ description: Id is the ID of the interface (used for
+ naming)
+ type: string
+ macAddress:
+ description: MACAddress is the MAC address of the interface,
+ containing the object used to render it.
+ properties:
+ fromAnnotation:
+ description: FromAnnotation references an object
+ Annotation to retrieve the MAC address from
+ properties:
+ annotation:
+ description: Annotation is the key of the Annotation
+ to fetch
+ type: string
+ object:
+ description: Object is the type of the object
+ from which we retrieve the name
+ enum:
+ - machine
+ - metal3machine
+ - baremetalhost
+ type: string
+ required:
+ - annotation
+ - object
+ type: object
+ fromHostInterface:
+ description: FromHostInterface contains the name
+ of the interface in the BareMetalHost Introspection
+ details from which to fetch the MAC address
+ type: string
+ string:
+ description: String contains the MAC address given
+ as a string
+ type: string
+ type: object
+ mtu:
+ default: 1500
+ description: MTU is the MTU of the interface
+ maximum: 9000
+ type: integer
+ required:
+ - bondMode
+ - id
+ - macAddress
+ type: object
+ type: array
+ ethernets:
+ description: Ethernets contains a list of Ethernet links
+ items:
+ description: NetworkDataLinkEthernet represents an ethernet
+ link object.
+ properties:
+ id:
+ description: Id is the ID of the interface (used for
+ naming)
+ type: string
+ macAddress:
+ description: MACAddress is the MAC address of the interface,
+ containing the object used to render it.
+ properties:
+ fromAnnotation:
+ description: FromAnnotation references an object
+ Annotation to retrieve the MAC address from
+ properties:
+ annotation:
+ description: Annotation is the key of the Annotation
+ to fetch
+ type: string
+ object:
+ description: Object is the type of the object
+ from which we retrieve the name
+ enum:
+ - machine
+ - metal3machine
+ - baremetalhost
+ type: string
+ required:
+ - annotation
+ - object
+ type: object
+ fromHostInterface:
+ description: FromHostInterface contains the name
+ of the interface in the BareMetalHost Introspection
+ details from which to fetch the MAC address
+ type: string
+ string:
+ description: String contains the MAC address given
+ as a string
+ type: string
+ type: object
+ mtu:
+ default: 1500
+ description: MTU is the MTU of the interface
+ maximum: 9000
+ type: integer
+ type:
+ description: 'Type is the type of the ethernet link.
+ It can be one of: bridge, dvs, hw_veb, hyperv, ovs,
+ tap, vhostuser, vif, phy'
+ enum:
+ - bridge
+ - dvs
+ - hw_veb
+ - hyperv
+ - ovs
+ - tap
+ - vhostuser
+ - vif
+ - phy
+ type: string
+ required:
+ - id
+ - macAddress
+ - type
+ type: object
+ type: array
+ vlans:
+ description: Vlans contains a list of Vlan links
+ items:
+ description: NetworkDataLinkVlan represents a vlan link
+ object.
+ properties:
+ id:
+ description: Id is the ID of the interface (used for
+ naming)
+ type: string
+ macAddress:
+ description: MACAddress is the MAC address of the interface,
+ containing the object used to render it.
+ properties:
+ fromAnnotation:
+ description: FromAnnotation references an object
+ Annotation to retrieve the MAC address from
+ properties:
+ annotation:
+ description: Annotation is the key of the Annotation
+ to fetch
+ type: string
+ object:
+ description: Object is the type of the object
+ from which we retrieve the name
+ enum:
+ - machine
+ - metal3machine
+ - baremetalhost
+ type: string
+ required:
+ - annotation
+ - object
+ type: object
+ fromHostInterface:
+ description: FromHostInterface contains the name
+ of the interface in the BareMetalHost Introspection
+ details from which to fetch the MAC address
+ type: string
+ string:
+ description: String contains the MAC address given
+ as a string
+ type: string
+ type: object
+ mtu:
+ default: 1500
+ description: MTU is the MTU of the interface
+ maximum: 9000
+ type: integer
+ vlanID:
+ description: VlanID is the Vlan ID
+ maximum: 4096
+ type: integer
+ vlanLink:
+ description: VlanLink is the name of the link on which
+ the vlan should be added
+ type: string
+ required:
+ - id
+ - macAddress
+ - vlanID
+ - vlanLink
+ type: object
+ type: array
+ type: object
+ networks:
+ description: Networks is a structure containing lists of different
+ types objects
+ properties:
+ ipv4:
+ description: IPv4 contains a list of IPv4 static allocations
+ items:
+ description: NetworkDataIPv4 represents an ipv4 static network
+ object.
+ properties:
+ fromPoolRef:
+ description: FromPoolRef is a reference to a IP pool
+ to allocate an address from.
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ id:
+ description: ID is the network ID (name)
+ type: string
+ ipAddressFromIPPool:
+ description: IPAddressFromIPPool contains the name of
+ the IP pool to use to get an ip address
+ type: string
+ link:
+ description: Link is the link on which the network applies
+ type: string
+ routes:
+ description: Routes contains a list of IPv4 routes
+ items:
+ description: NetworkDataRoutev4 represents an ipv4
+ route object.
+ properties:
+ gateway:
+ description: Gateway is the IPv4 address of the
+ gateway
+ properties:
+ fromIPPool:
+ description: FromIPPool is the name of the
+ IPPool to fetch the gateway from
+ type: string
+ string:
+ description: String is the gateway given as
+ a string
+ pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$
+ type: string
+ type: object
+ network:
+ description: Network is the IPv4 network address
+ pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$
+ type: string
+ prefix:
+ description: Prefix is the mask of the network
+ as integer (max 32)
+ maximum: 32
+ type: integer
+ services:
+ description: Services is a list of IPv4 services
+ properties:
+ dns:
+ description: DNS is a list of IPv4 DNS services
+ items:
+ description: IPAddressv4 is used for validation
+ of an IPv6 address.
+ pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$
+ type: string
+ type: array
+ dnsFromIPPool:
+ description: DNSFromIPPool is the name of
+ the IPPool from which to get the DNS servers
+ type: string
+ type: object
+ required:
+ - gateway
+ - network
+ type: object
+ type: array
+ required:
+ - id
+ - link
+ type: object
+ type: array
+ ipv4DHCP:
+ description: IPv4 contains a list of IPv4 DHCP allocations
+ items:
+ description: NetworkDataIPv4DHCP represents an ipv4 DHCP
+ network object.
+ properties:
+ id:
+ description: ID is the network ID (name)
+ type: string
+ link:
+ description: Link is the link on which the network applies
+ type: string
+ routes:
+ description: Routes contains a list of IPv4 routes
+ items:
+ description: NetworkDataRoutev4 represents an ipv4
+ route object.
+ properties:
+ gateway:
+ description: Gateway is the IPv4 address of the
+ gateway
+ properties:
+ fromIPPool:
+ description: FromIPPool is the name of the
+ IPPool to fetch the gateway from
+ type: string
+ string:
+ description: String is the gateway given as
+ a string
+ pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$
+ type: string
+ type: object
+ network:
+ description: Network is the IPv4 network address
+ pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$
+ type: string
+ prefix:
+ description: Prefix is the mask of the network
+ as integer (max 32)
+ maximum: 32
+ type: integer
+ services:
+ description: Services is a list of IPv4 services
+ properties:
+ dns:
+ description: DNS is a list of IPv4 DNS services
+ items:
+ description: IPAddressv4 is used for validation
+ of an IPv6 address.
+ pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$
+ type: string
+ type: array
+ dnsFromIPPool:
+ description: DNSFromIPPool is the name of
+ the IPPool from which to get the DNS servers
+ type: string
+ type: object
+ required:
+ - gateway
+ - network
+ type: object
+ type: array
+ required:
+ - id
+ - link
+ type: object
+ type: array
+ ipv6:
+ description: IPv4 contains a list of IPv6 static allocations
+ items:
+ description: NetworkDataIPv6 represents an ipv6 static network
+ object.
+ properties:
+ fromPoolRef:
+ description: FromPoolRef is a reference to a IP pool
+ to allocate an address from.
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ id:
+ description: ID is the network ID (name)
+ type: string
+ ipAddressFromIPPool:
+ description: IPAddressFromIPPool contains the name of
+ the IPPool to use to get an ip address
+ type: string
+ link:
+ description: Link is the link on which the network applies
+ type: string
+ routes:
+ description: Routes contains a list of IPv6 routes
+ items:
+ description: NetworkDataRoutev6 represents an ipv6
+ route object.
+ properties:
+ gateway:
+ description: Gateway is the IPv6 address of the
+ gateway
+ properties:
+ fromIPPool:
+ description: FromIPPool is the name of the
+ IPPool to fetch the gateway from
+ type: string
+ string:
+ description: String is the gateway given as
+ a string
+ pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$
+ type: string
+ type: object
+ network:
+ description: Network is the IPv6 network address
+ pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$
+ type: string
+ prefix:
+ description: Prefix is the mask of the network
+ as integer (max 128)
+ maximum: 128
+ type: integer
+ services:
+ description: Services is a list of IPv6 services
+ properties:
+ dns:
+ description: DNS is a list of IPv6 DNS services
+ items:
+ description: IPAddressv6 is used for validation
+ of an IPv6 address.
+ pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$
+ type: string
+ type: array
+ dnsFromIPPool:
+ description: DNSFromIPPool is the name of
+ the IPPool from which to get the DNS servers
+ type: string
+ type: object
+ required:
+ - gateway
+ - network
+ type: object
+ type: array
+ required:
+ - id
+ - ipAddressFromIPPool
+ - link
+ type: object
+ type: array
+ ipv6DHCP:
+ description: IPv4 contains a list of IPv6 DHCP allocations
+ items:
+ description: NetworkDataIPv6DHCP represents an ipv6 DHCP
+ network object.
+ properties:
+ id:
+ description: ID is the network ID (name)
+ type: string
+ link:
+ description: Link is the link on which the network applies
+ type: string
+ routes:
+ description: Routes contains a list of IPv6 routes
+ items:
+ description: NetworkDataRoutev6 represents an ipv6
+ route object.
+ properties:
+ gateway:
+ description: Gateway is the IPv6 address of the
+ gateway
+ properties:
+ fromIPPool:
+ description: FromIPPool is the name of the
+ IPPool to fetch the gateway from
+ type: string
+ string:
+ description: String is the gateway given as
+ a string
+ pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$
+ type: string
+ type: object
+ network:
+ description: Network is the IPv6 network address
+ pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$
+ type: string
+ prefix:
+ description: Prefix is the mask of the network
+ as integer (max 128)
+ maximum: 128
+ type: integer
+ services:
+ description: Services is a list of IPv6 services
+ properties:
+ dns:
+ description: DNS is a list of IPv6 DNS services
+ items:
+ description: IPAddressv6 is used for validation
+ of an IPv6 address.
+ pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$
+ type: string
+ type: array
+ dnsFromIPPool:
+ description: DNSFromIPPool is the name of
+ the IPPool from which to get the DNS servers
+ type: string
+ type: object
+ required:
+ - gateway
+ - network
+ type: object
+ type: array
+ required:
+ - id
+ - link
+ type: object
+ type: array
+ ipv6SLAAC:
+ description: IPv4 contains a list of IPv6 SLAAC allocations
+ items:
+ description: NetworkDataIPv6DHCP represents an ipv6 DHCP
+ network object.
+ properties:
+ id:
+ description: ID is the network ID (name)
+ type: string
+ link:
+ description: Link is the link on which the network applies
+ type: string
+ routes:
+ description: Routes contains a list of IPv6 routes
+ items:
+ description: NetworkDataRoutev6 represents an ipv6
+ route object.
+ properties:
+ gateway:
+ description: Gateway is the IPv6 address of the
+ gateway
+ properties:
+ fromIPPool:
+ description: FromIPPool is the name of the
+ IPPool to fetch the gateway from
+ type: string
+ string:
+ description: String is the gateway given as
+ a string
+ pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$
+ type: string
+ type: object
+ network:
+ description: Network is the IPv6 network address
+ pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$
+ type: string
+ prefix:
+ description: Prefix is the mask of the network
+ as integer (max 128)
+ maximum: 128
+ type: integer
+ services:
+ description: Services is a list of IPv6 services
+ properties:
+ dns:
+ description: DNS is a list of IPv6 DNS services
+ items:
+ description: IPAddressv6 is used for validation
+ of an IPv6 address.
+ pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$
+ type: string
+ type: array
+ dnsFromIPPool:
+ description: DNSFromIPPool is the name of
+ the IPPool from which to get the DNS servers
+ type: string
+ type: object
+ required:
+ - gateway
+ - network
+ type: object
+ type: array
+ required:
+ - id
+ - link
+ type: object
+ type: array
+ type: object
+ services:
+ description: Services is a structure containing lists of different
+ types objects
+ properties:
+ dns:
+ description: DNS is a list of DNS services
+ items:
+ description: IPAddress is used for validation of an IP address.
+ pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$))
+ type: string
+ type: array
+ dnsFromIPPool:
+ description: DNSFromIPPool is the name of the IPPool from
+ which to get the DNS servers
+ type: string
+ type: object
+ type: object
+ templateReference:
+ description: TemplateReference refers to the Template the Metal3MachineTemplate
+ refers to. It can be matched against the key or it may also point
+ to the name of the template Metal3Data refers to
+ type: string
+ required:
+ - clusterName
+ type: object
+ status:
+ description: Metal3DataTemplateStatus defines the observed state of Metal3DataTemplate.
+ properties:
+ indexes:
+ additionalProperties:
+ type: integer
+ description: Indexes contains the map of Metal3Machine and index used
+ type: object
+ lastUpdated:
+ description: LastUpdated identifies when this status was last observed.
+ format: date-time
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ ---
+ apiVersion: apiextensions.k8s.io/v1
+ kind: CustomResourceDefinition
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert
+ controller-gen.kubebuilder.io/version: v0.13.0
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ cluster.x-k8s.io/v1beta1: v1beta1
+ name: metal3machines.infrastructure.cluster.x-k8s.io
+ spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: Metal3Machine
+ listKind: Metal3MachineList
+ plural: metal3machines
+ shortNames:
+ - m3m
+ - m3machine
+ - m3machines
+ - metal3m
+ - metal3machine
+ singular: metal3machine
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Time duration since creation of Metal3Machine
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Provider ID
+ jsonPath: .spec.providerID
+ name: ProviderID
+ type: string
+ - description: metal3machine is Ready
+ jsonPath: .status.ready
+ name: Ready
+ type: string
+ - description: Cluster to which this M3Machine belongs
+ jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+ name: Cluster
+ type: string
+ - description: metal3machine current phase
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Metal3Machine is the Schema for the metal3machines API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Metal3MachineSpec defines the desired state of Metal3Machine.
+ properties:
+ automatedCleaningMode:
+ description: When set to disabled, automated cleaning of host disks
+ will be skipped during provisioning and deprovisioning.
+ enum:
+ - metadata
+ - disabled
+ type: string
+ dataTemplate:
+ description: MetadataTemplate is a reference to a Metal3DataTemplate
+ object containing a template of metadata to be rendered. Metadata
+ keys defined in the metadataTemplate take precedence over keys defined
+ in metadata field.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ hostSelector:
+ description: HostSelector specifies matching criteria for labels on
+ BareMetalHosts. This is used to limit the set of BareMetalHost objects
+ considered for claiming for a metal3machine.
+ properties:
+ matchExpressions:
+ description: Label match expressions that must be true on a chosen
+ BareMetalHost
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ description: Operator represents a key/field's relationship
+ to value(s). See labels.Requirement and fields.Requirement
+ for more details.
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ - values
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: Key/value pairs of labels that must exist on a chosen
+ BareMetalHost
+ type: object
+ type: object
+ image:
+ description: Image is the image to be provisioned.
+ properties:
+ checksum:
+ description: Checksum is a md5sum, sha256sum or sha512sum value
+ or a URL to retrieve one.
+ type: string
+ checksumType:
+ description: ChecksumType is the checksum algorithm for the image.
+ e.g md5, sha256, sha512
+ enum:
+ - md5
+ - sha256
+ - sha512
+ type: string
+ format:
+ description: DiskFormat contains the image disk format.
+ enum:
+ - raw
+ - qcow2
+ - vdi
+ - vmdk
+ - live-iso
+ type: string
+ url:
+ description: URL is a location of an image to deploy.
+ type: string
+ required:
+ - checksum
+ - url
+ type: object
+ metaData:
+ description: MetaData is an object storing the reference to the secret
+ containing the Metadata given by the user.
+ properties:
+ name:
+ description: name is unique within a namespace to reference a
+ secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which the secret
+ name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ networkData:
+ description: NetworkData is an object storing the reference to the
+ secret containing the network data given by the user.
+ properties:
+ name:
+ description: name is unique within a namespace to reference a
+ secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which the secret
+ name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ providerID:
+ description: ProviderID will be the Metal3 machine in ProviderID format
+ (metal3://)
+ type: string
+ userData:
+ description: UserData references the Secret that holds user data needed
+ by the bare metal operator. The Namespace is optional; it will default
+ to the metal3machine's namespace if not specified.
+ properties:
+ name:
+ description: name is unique within a namespace to reference a
+ secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which the secret
+ name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - image
+ type: object
+ status:
+ description: Metal3MachineStatus defines the observed state of Metal3Machine.
+ properties:
+ addresses:
+ description: Addresses is a list of addresses assigned to the machine.
+ This field is copied from the infrastructure provider reference.
+ items:
+ description: MachineAddress contains information for the node's
+ address.
+ properties:
+ address:
+ description: The machine address.
+ type: string
+ type:
+ description: Machine address type, one of Hostname, ExternalIP,
+ InternalIP, ExternalDNS or InternalDNS.
+ type: string
+ required:
+ - address
+ - type
+ type: object
+ type: array
+ conditions:
+ description: Conditions defines current service state of the Metal3Machine.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: "FailureMessage will be set in the event that there is
+ a terminal problem reconciling the metal3machine and will contain
+ a more verbose string suitable for logging and human consumption.
+ \n This field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over time (like
+ service outages), but instead indicate that something is fundamentally
+ wrong with the metal3machine's spec or the configuration of the
+ controller, and that manual intervention is required. Examples of
+ terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the controller, or the responsible
+ controller itself being critically misconfigured. \n Any transient
+ errors that occur during the reconciliation of metal3machines can
+ be added as events to the metal3machine object and/or logged in
+ the controller's output."
+ type: string
+ failureReason:
+ description: "FailureReason will be set in the event that there is
+ a terminal problem reconciling the metal3machine and will contain
+ a succinct value suitable for machine interpretation. \n This field
+ should not be set for transitive errors that a controller faces
+ that are expected to be fixed automatically over time (like service
+ outages), but instead indicate that something is fundamentally wrong
+ with the metal3machine's spec or the configuration of the controller,
+ and that manual intervention is required. Examples of terminal errors
+ would be invalid combinations of settings in the spec, values that
+ are unsupported by the controller, or the responsible controller
+ itself being critically misconfigured. \n Any transient errors that
+ occur during the reconciliation of metal3machines can be added as
+ events to the metal3machine object and/or logged in the controller's
+ output."
+ type: string
+ lastUpdated:
+ description: LastUpdated identifies when this status was last observed.
+ format: date-time
+ type: string
+ metaData:
+ description: MetaData is an object storing the reference to the secret
+ containing the Metadata used to deploy the BareMetalHost.
+ properties:
+ name:
+ description: name is unique within a namespace to reference a
+ secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which the secret
+ name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ networkData:
+ description: NetworkData is an object storing the reference to the
+ secret containing the network data used to deploy the BareMetalHost.
+ properties:
+ name:
+ description: name is unique within a namespace to reference a
+ secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which the secret
+ name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ phase:
+ description: Phase represents the current phase of machine actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ ready:
+ description: 'Ready is the state of the metal3. TODO : Document the
+ variable : mhrivnak: " it would be good to document what this means,
+ how to interpret it, under what circumstances the value changes,
+ etc."'
+ type: boolean
+ renderedData:
+ description: RenderedData is a reference to a rendered Metal3Data
+ object containing the references to metaData and networkData secrets.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ userData:
+ description: UserData references the Secret that holds user data needed
+ by the bare metal operator. The Namespace is optional; it will default
+ to the metal3machine's namespace if not specified.
+ properties:
+ name:
+ description: name is unique within a namespace to reference a
+ secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which the secret
+ name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ ---
+ apiVersion: apiextensions.k8s.io/v1
+ kind: CustomResourceDefinition
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert
+ controller-gen.kubebuilder.io/version: v0.13.0
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ cluster.x-k8s.io/v1beta1: v1beta1
+ name: metal3machinetemplates.infrastructure.cluster.x-k8s.io
+ spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: Metal3MachineTemplate
+ listKind: Metal3MachineTemplateList
+ plural: metal3machinetemplates
+ shortNames:
+ - m3mt
+ - m3machinetemplate
+ - m3machinetemplates
+ - metal3mt
+ - metal3machinetemplate
+ singular: metal3machinetemplate
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Time duration since creation of Metal3MachineTemplate
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Metal3MachineTemplate is the Schema for the metal3machinetemplates
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Metal3MachineTemplateSpec defines the desired state of Metal3MachineTemplate.
+ properties:
+ nodeReuse:
+ default: false
+ description: When set to True, CAPM3 Machine controller will pick
+ the same pool of BMHs' that were released during the upgrade operation.
+ type: boolean
+ template:
+ description: Metal3MachineTemplateResource describes the data needed
+ to create a Metal3Machine from a template.
+ properties:
+ spec:
+ description: Spec is the specification of the desired behavior
+ of the machine.
+ properties:
+ automatedCleaningMode:
+ description: When set to disabled, automated cleaning of host
+ disks will be skipped during provisioning and deprovisioning.
+ enum:
+ - metadata
+ - disabled
+ type: string
+ dataTemplate:
+ description: MetadataTemplate is a reference to a Metal3DataTemplate
+ object containing a template of metadata to be rendered.
+ Metadata keys defined in the metadataTemplate take precedence
+ over keys defined in metadata field.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ hostSelector:
+ description: HostSelector specifies matching criteria for
+ labels on BareMetalHosts. This is used to limit the set
+ of BareMetalHost objects considered for claiming for a metal3machine.
+ properties:
+ matchExpressions:
+ description: Label match expressions that must be true
+ on a chosen BareMetalHost
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ description: Operator represents a key/field's relationship
+ to value(s). See labels.Requirement and fields.Requirement
+ for more details.
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ - values
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: Key/value pairs of labels that must exist
+ on a chosen BareMetalHost
+ type: object
+ type: object
+ image:
+ description: Image is the image to be provisioned.
+ properties:
+ checksum:
+ description: Checksum is a md5sum, sha256sum or sha512sum
+ value or a URL to retrieve one.
+ type: string
+ checksumType:
+ description: ChecksumType is the checksum algorithm for
+ the image. e.g md5, sha256, sha512
+ enum:
+ - md5
+ - sha256
+ - sha512
+ type: string
+ format:
+ description: DiskFormat contains the image disk format.
+ enum:
+ - raw
+ - qcow2
+ - vdi
+ - vmdk
+ - live-iso
+ type: string
+ url:
+ description: URL is a location of an image to deploy.
+ type: string
+ required:
+ - checksum
+ - url
+ type: object
+ metaData:
+ description: MetaData is an object storing the reference to
+ the secret containing the Metadata given by the user.
+ properties:
+ name:
+ description: name is unique within a namespace to reference
+ a secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which
+ the secret name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ networkData:
+ description: NetworkData is an object storing the reference
+ to the secret containing the network data given by the user.
+ properties:
+ name:
+ description: name is unique within a namespace to reference
+ a secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which
+ the secret name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ providerID:
+ description: ProviderID will be the Metal3 machine in ProviderID
+ format (metal3://)
+ type: string
+ userData:
+ description: UserData references the Secret that holds user
+ data needed by the bare metal operator. The Namespace is
+ optional; it will default to the metal3machine's namespace
+ if not specified.
+ properties:
+ name:
+ description: name is unique within a namespace to reference
+ a secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which
+ the secret name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - image
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+ ---
+ apiVersion: apiextensions.k8s.io/v1
+ kind: CustomResourceDefinition
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert
+ controller-gen.kubebuilder.io/version: v0.13.0
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ cluster.x-k8s.io/v1beta1: v1beta1
+ name: metal3remediations.infrastructure.cluster.x-k8s.io
+ spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: Metal3Remediation
+ listKind: Metal3RemediationList
+ plural: metal3remediations
+ shortNames:
+ - m3r
+ - m3remediation
+ singular: metal3remediation
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: How many times remediation controller should attempt to remediate
+ the host
+ jsonPath: .spec.strategy.retryLimit
+ name: Retry limit
+ type: string
+ - description: How many times remediation controller has tried to remediate the
+ node
+ jsonPath: .status.retryCount
+ name: Retry count
+ type: string
+ - description: Timestamp of the last remediation attempt
+ jsonPath: .status.lastRemediated
+ name: Last Remediated
+ type: string
+ - description: Type of the remediation strategy
+ jsonPath: .spec.strategy.type
+ name: Strategy
+ type: string
+ - description: Phase of the remediation
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Metal3Remediation is the Schema for the metal3remediations API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Metal3RemediationSpec defines the desired state of Metal3Remediation.
+ properties:
+ strategy:
+ description: Strategy field defines remediation strategy.
+ properties:
+ retryLimit:
+ description: Sets maximum number of remediation retries.
+ type: integer
+ timeout:
+ description: Sets the timeout between remediation retries.
+ type: string
+ type:
+ description: Type of remediation.
+ type: string
+ type: object
+ type: object
+ status:
+ description: Metal3RemediationStatus defines the observed state of Metal3Remediation.
+ properties:
+ lastRemediated:
+ description: LastRemediated identifies when the host was last remediated
+ format: date-time
+ type: string
+ phase:
+ description: Phase represents the current phase of machine remediation.
+ E.g. Pending, Running, Done etc.
+ type: string
+ retryCount:
+ description: RetryCount can be used as a counter during the remediation.
+ Field can hold number of reboots etc.
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ ---
+ apiVersion: apiextensions.k8s.io/v1
+ kind: CustomResourceDefinition
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert
+ controller-gen.kubebuilder.io/version: v0.13.0
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ cluster.x-k8s.io/v1beta1: v1beta1
+ name: metal3remediationtemplates.infrastructure.cluster.x-k8s.io
+ spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: Metal3RemediationTemplate
+ listKind: Metal3RemediationTemplateList
+ plural: metal3remediationtemplates
+ shortNames:
+ - m3rt
+ - m3remediationtemplate
+ - m3remediationtemplates
+ - metal3rt
+ - metal3remediationtemplate
+ singular: metal3remediationtemplate
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Metal3RemediationTemplate is the Schema for the metal3remediationtemplates
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Metal3RemediationTemplateSpec defines the desired state of
+ Metal3RemediationTemplate.
+ properties:
+ template:
+ description: Metal3RemediationTemplateResource describes the data
+ needed to create a Metal3Remediation from a template.
+ properties:
+ spec:
+ description: Spec is the specification of the desired behavior
+ of the Metal3Remediation.
+ properties:
+ strategy:
+ description: Strategy field defines remediation strategy.
+ properties:
+ retryLimit:
+ description: Sets maximum number of remediation retries.
+ type: integer
+ timeout:
+ description: Sets the timeout between remediation retries.
+ type: string
+ type:
+ description: Type of remediation.
+ type: string
+ type: object
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ status:
+ description: Metal3RemediationTemplateStatus defines the observed state
+ of Metal3RemediationTemplate.
+ properties:
+ status:
+ description: Metal3RemediationStatus defines the observed state of
+ Metal3Remediation
+ properties:
+ lastRemediated:
+ description: LastRemediated identifies when the host was last
+ remediated
+ format: date-time
+ type: string
+ phase:
+ description: Phase represents the current phase of machine remediation.
+ E.g. Pending, Running, Done etc.
+ type: string
+ retryCount:
+ description: RetryCount can be used as a counter during the remediation.
+ Field can hold number of reboots etc.
+ type: integer
+ type: object
+ required:
+ - status
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ ---
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: capm3-manager
+ namespace: capm3-system
+ ---
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: ipam-manager
+ namespace: capm3-system
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: capm3-leader-election-role
+ namespace: capm3-system
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: ipam-leader-election-role
+ namespace: capm3-system
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: capm3-manager-role
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+ - apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+ - apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters
+ - clusters/status
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters/status
+ verbs:
+ - get
+ - apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - kubeadmcontrolplanes
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machinedeployments
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machines
+ - machines/status
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machinesets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - metal3clusters
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - metal3clusters/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - metal3dataclaims
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - metal3dataclaims/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - metal3datas
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - metal3datas/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - metal3datatemplates
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - metal3datatemplates/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - metal3machines
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - metal3machines/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - metal3machinetemplates
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - metal3remediations
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - metal3remediations/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - ipam.cluster.x-k8s.io
+ resources:
+ - ipaddressclaims
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ipam.cluster.x-k8s.io
+ resources:
+ - ipaddressclaims/status
+ verbs:
+ - get
+ - watch
+ - apiGroups:
+ - ipam.cluster.x-k8s.io
+ resources:
+ - ipaddresses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ipam.cluster.x-k8s.io
+ resources:
+ - ipaddresses/status
+ verbs:
+ - get
+ - apiGroups:
+ - ipam.metal3.io
+ resources:
+ - ipaddresses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ipam.metal3.io
+ resources:
+ - ipaddresses/status
+ verbs:
+ - get
+ - apiGroups:
+ - ipam.metal3.io
+ resources:
+ - ipclaims
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ipam.metal3.io
+ resources:
+ - ipclaims/status
+ verbs:
+ - get
+ - watch
+ - apiGroups:
+ - metal3.io
+ resources:
+ - baremetalhosts
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - metal3.io
+ resources:
+ - baremetalhosts/status
+ verbs:
+ - get
+ - patch
+ - update
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: ipam-manager-role
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+ - apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+ - apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters/status
+ verbs:
+ - get
+ - apiGroups:
+ - ipam.metal3.io
+ resources:
+ - ipaddresses
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ipam.metal3.io
+ resources:
+ - ipaddresses/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - ipam.metal3.io
+ resources:
+ - ipclaims
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ipam.metal3.io
+ resources:
+ - ipclaims/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - ipam.metal3.io
+ resources:
+ - ippools
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ipam.metal3.io
+ resources:
+ - ippools/status
+ verbs:
+ - get
+ - patch
+ - update
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: capm3-leader-election-rolebinding
+ namespace: capm3-system
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: capm3-leader-election-role
+ subjects:
+ - kind: ServiceAccount
+ name: capm3-manager
+ namespace: capm3-system
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: ipam-leader-election-rolebinding
+ namespace: capm3-system
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: ipam-leader-election-role
+ subjects:
+ - kind: ServiceAccount
+ name: ipam-manager
+ namespace: capm3-system
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: capm3-manager-rolebinding
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: capm3-manager-role
+ subjects:
+ - kind: ServiceAccount
+ name: capm3-manager
+ namespace: capm3-system
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: ipam-manager-rolebinding
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: ipam-manager-role
+ subjects:
+ - kind: ServiceAccount
+ name: ipam-manager
+ namespace: capm3-system
+ ---
+ apiVersion: v1
+ data:
+ CAPM3_FAST_TRACK: ${CAPM3_FAST_TRACK:='false'}
+ kind: ConfigMap
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: capm3-capm3fasttrack-configmap
+ namespace: capm3-system
+ ---
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: capm3-webhook-service
+ namespace: capm3-system
+ spec:
+ ports:
+ - port: 443
+ targetPort: webhook-server
+ selector:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ ---
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: ipam-webhook-service
+ namespace: capm3-system
+ spec:
+ ports:
+ - port: 443
+ targetPort: ipam-webhook
+ selector:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ ---
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ control-plane: controller-manager
+ controller-tools.k8s.io: "1.0"
+ name: capm3-controller-manager
+ namespace: capm3-system
+ spec:
+ selector:
+ matchLabels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ control-plane: controller-manager
+ controller-tools.k8s.io: "1.0"
+ template:
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ control-plane: controller-manager
+ controller-tools.k8s.io: "1.0"
+ spec:
+ containers:
+ - args:
+ - --webhook-port=9443
+ - --enableBMHNameBasedPreallocation=${enableBMHNameBasedPreallocation:=false}
+ - --diagnostics-address=${CAPM3_DIAGNOSTICS_ADDRESS:=:8443}
+ - --insecure-diagnostics=${CAPM3_INSECURE_DIAGNOSTICS:=false}
+ command:
+ - /manager
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ envFrom:
+ - configMapRef:
+ name: capm3-capm3fasttrack-configmap
+ image: quay.io/metal3-io/cluster-api-provider-metal3:v1.7.1
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ - containerPort: 8443
+ name: metrics
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
+ runAsGroup: 65532
+ runAsUser: 65532
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ serviceAccountName: capm3-manager
+ terminationGracePeriodSeconds: 10
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: capm3-webhook-service-cert
+ ---
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ control-plane: controller-manager
+ controller-tools.k8s.io: "1.0"
+ name: ipam-controller-manager
+ namespace: capm3-system
+ spec:
+ selector:
+ matchLabels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ control-plane: controller-manager
+ controller-tools.k8s.io: "1.0"
+ template:
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ control-plane: controller-manager
+ controller-tools.k8s.io: "1.0"
+ spec:
+ containers:
+ - args:
+ - --webhook-port=9443
+ - --diagnostics-address=${IPAM_DIAGNOSTICS_ADDRESS:=:8443}
+ - --insecure-diagnostics=${IPAM_INSECURE_DIAGNOSTICS:=false}
+ command:
+ - /manager
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: quay.io/metal3-io/ip-address-manager:v1.7.1
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9443
+ name: ipam-webhook
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ - containerPort: 8443
+ name: metrics
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
+ runAsGroup: 65532
+ runAsUser: 65532
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ serviceAccountName: ipam-manager
+ terminationGracePeriodSeconds: 10
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: ipam-webhook-service-cert
+ ---
+ apiVersion: cert-manager.io/v1
+ kind: Certificate
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: capm3-serving-cert
+ namespace: capm3-system
+ spec:
+ dnsNames:
+ - capm3-webhook-service.capm3-system.svc
+ - capm3-webhook-service.capm3-system.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: capm3-selfsigned-issuer
+ secretName: capm3-webhook-service-cert
+ ---
+ apiVersion: cert-manager.io/v1
+ kind: Certificate
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: ipam-serving-cert
+ namespace: capm3-system
+ spec:
+ dnsNames:
+ - ipam-webhook-service.capm3-system.svc
+ - ipam-webhook-service.capm3-system.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: ipam-selfsigned-issuer
+ secretName: ipam-webhook-service-cert
+ ---
+ apiVersion: cert-manager.io/v1
+ kind: Issuer
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: capm3-selfsigned-issuer
+ namespace: capm3-system
+ spec:
+ selfSigned: {}
+ ---
+ apiVersion: cert-manager.io/v1
+ kind: Issuer
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: ipam-selfsigned-issuer
+ namespace: capm3-system
+ spec:
+ selfSigned: {}
+ ---
+ apiVersion: admissionregistration.k8s.io/v1
+ kind: MutatingWebhookConfiguration
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: capm3-mutating-webhook-configuration
+ webhooks:
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3cluster
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.metal3cluster.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - metal3clusters
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3data
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.metal3data.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - metal3datas
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3dataclaim
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.metal3dataclaim.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - metal3dataclaims
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3datatemplate
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.metal3datatemplate.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - metal3datatemplates
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3machine
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.metal3machine.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - metal3machines
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3machinetemplate
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.metal3machinetemplate.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - metal3machinetemplates
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3remediation
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.metal3remediation.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - metal3remediations
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3remediationtemplate
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.metal3remediationtemplate.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - metal3remediationtemplates
+ sideEffects: None
+ ---
+ apiVersion: admissionregistration.k8s.io/v1
+ kind: MutatingWebhookConfiguration
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: ipam-mutating-webhook-configuration
+ webhooks:
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: ipam-webhook-service
+ namespace: capm3-system
+ path: /mutate-ipam-metal3-io-v1alpha1-ipaddress
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.ipaddress.ipam.metal3.io
+ rules:
+ - apiGroups:
+ - ipam.metal3.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - ipaddresses
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: ipam-webhook-service
+ namespace: capm3-system
+ path: /mutate-ipam-metal3-io-v1alpha1-ipclaim
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.ipclaim.ipam.metal3.io
+ rules:
+ - apiGroups:
+ - ipam.metal3.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - ipclaims
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: ipam-webhook-service
+ namespace: capm3-system
+ path: /mutate-ipam-metal3-io-v1alpha1-ippool
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.ippool.ipam.metal3.io
+ rules:
+ - apiGroups:
+ - ipam.metal3.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - ippools
+ sideEffects: None
+ ---
+ apiVersion: admissionregistration.k8s.io/v1
+ kind: ValidatingWebhookConfiguration
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: capm3-validating-webhook-configuration
+ webhooks:
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3cluster
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.metal3cluster.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - metal3clusters
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3data
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.metal3data.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - metal3datas
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3dataclaim
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.metal3dataclaim.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - metal3dataclaims
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3datatemplate
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.metal3datatemplate.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - metal3datatemplates
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3machine
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.metal3machine.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - metal3machines
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3machinetemplate
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.metal3machinetemplate.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - metal3machinetemplates
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3remediation
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.metal3remediation.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - metal3remediations
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capm3-webhook-service
+ namespace: capm3-system
+ path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3remediationtemplate
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.metal3remediationtemplate.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - metal3remediationtemplates
+ sideEffects: None
+ ---
+ apiVersion: admissionregistration.k8s.io/v1
+ kind: ValidatingWebhookConfiguration
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-metal3
+ name: ipam-validating-webhook-configuration
+ webhooks:
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: ipam-webhook-service
+ namespace: capm3-system
+ path: /validate-ipam-metal3-io-v1alpha1-ipaddress
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.ipaddress.ipam.metal3.io
+ rules:
+ - apiGroups:
+ - ipam.metal3.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - ipaddresses
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: ipam-webhook-service
+ namespace: capm3-system
+ path: /validate-ipam-metal3-io-v1alpha1-ipclaim
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.ipclaim.ipam.metal3.io
+ rules:
+ - apiGroups:
+ - ipam.metal3.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - ipclaims
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: ipam-webhook-service
+ namespace: capm3-system
+ path: /validate-ipam-metal3-io-v1alpha1-ippool
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.ippool.ipam.metal3.io
+ rules:
+ - apiGroups:
+ - ipam.metal3.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - ippools
+ sideEffects: None
+ metadata: |
+ apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3
+ kind: Metadata
+ releaseSeries:
+ - major: 1
+ minor: 7
+ contract: v1beta1
+ - major: 1
+ minor: 6
+ contract: v1beta1
+ - major: 1
+ minor: 5
+ contract: v1beta1
+ - major: 1
+ minor: 4
+ contract: v1beta1
+ - major: 1
+ minor: 3
+ contract: v1beta1
+ - major: 1
+ minor: 2
+ contract: v1beta1
+ - major: 1
+ minor: 1
+ contract: v1beta1
+kind: ConfigMap
+metadata:
+ creationTimestamp: null
+ name: v1.7.1
+ namespace: capm3-system
+ labels:
+ provider-components: metal3
diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
new file mode 100644
index 0000000..7a42035
--- /dev/null
+++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
@@ -0,0 +1,2751 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ control-plane: controller-manager
+ name: rke2-bootstrap-system
+---
+apiVersion: v1
+data:
+ components: |
+ apiVersion: v1
+ kind: Namespace
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ control-plane: controller-manager
+ name: rke2-bootstrap-system
+ ---
+ apiVersion: apiextensions.k8s.io/v1
+ kind: CustomResourceDefinition
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
+ controller-gen.kubebuilder.io/version: v0.14.0
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
+ name: rke2configs.bootstrap.cluster.x-k8s.io
+ spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: rke2-bootstrap-webhook-service
+ namespace: rke2-bootstrap-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: bootstrap.cluster.x-k8s.io
+ names:
+ kind: RKE2Config
+ listKind: RKE2ConfigList
+ plural: rke2configs
+ singular: rke2config
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: RKE2Config is the Schema for the rke2configs API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RKE2ConfigSpec defines the desired state of RKE2Config.
+ properties:
+ agentConfig:
+ description: AgentConfig specifies configuration for the agent nodes.
+ properties:
+ additionalUserData:
+ description: |-
+ AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
+ generated cloud-init/ignition script.
+ properties:
+ config:
+ description: |-
+ In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
+ NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
+ Deprecated: Data is reserved for the arbitrary cloud-init data
+ type: string
+ data:
+ additionalProperties:
+ type: string
+ description: |-
+ Data allows to pass arbitrary set of key/value pairs consistent with
+ https://cloudinit.readthedocs.io/en/latest/reference/modules.html
+ to extend existing cloud-init configuration
+ type: object
+ strict:
+ description: Strict controls if Config should be strictly
+ parsed. If so, warnings are treated as errors.
+ type: boolean
+ type: object
+ x-kubernetes-validations:
+ - message: Only config or data could be populated at once
+ rule: '!has(self.data) || !has(self.config)'
+ airGapped:
+ description: |-
+ AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
+ basically supposing that online container registries and RKE2 install scripts are not reachable.
+ type: boolean
+ cisProfile:
+ description: CISProfile activates CIS compliance of RKE2 for a
+ certain profile
+ enum:
+ - cis
+ - cis-1.23
+ - cis-1.5
+ - cis-1.6
+ type: string
+ containerRuntimeEndpoint:
+ description: ContainerRuntimeEndpoint Disable embedded containerd
+ and use alternative CRI implementation.
+ type: string
+ dataDir:
+ description: DataDir Folder to hold state.
+ type: string
+ enableContainerdSElinux:
+ description: |-
+ EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
+ if value is true, Containerd will run with selinux-enabled=true flag
+ if value is false, Containerd will run without the above flag
+ type: boolean
+ format:
+ description: Format specifies the output format of the bootstrap
+ data. Defaults to cloud-config.
+ enum:
+ - cloud-config
+ - ignition
+ type: string
+ imageCredentialProviderConfigMap:
+ description: |-
+ ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
+ The config map should contain a key "credential-config.yaml" with YAML file content and
+ a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ kubeProxy:
+ description: KubeProxyArgs Customized flag for kube-proxy process.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables to
+ pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to be added
+ for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references a container
+ image to override the default one for the Kubernetes Component
+ type: string
+ type: object
+ kubelet:
+ description: KubeletArgs Customized flag for kubelet process.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables to
+ pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to be added
+ for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references a container
+ image to override the default one for the Kubernetes Component
+ type: string
+ type: object
+ kubeletPath:
+ description: KubeletPath Override kubelet binary path.
+ type: string
+ loadBalancerPort:
+ description: |-
+ LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
+ not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
+ type: integer
+ nodeAnnotations:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeAnnotations are annotations that are created on nodes post bootstrap phase.
+ Unfortunately it is not possible to apply annotations via kubelet
+ using current bootstrap configurations.
+ Issue: https://github.com/kubernetes/kubernetes/issues/108046
+ type: object
+ nodeLabels:
+ description: NodeLabels Registering and starting kubelet with
+ set of labels.
+ items:
+ type: string
+ type: array
+ nodeName:
+ description: NodeNamePrefix Prefix to the Node Name that CAPI
+ will generate.
+ type: string
+ nodeTaints:
+ description: NodeTaints Registering kubelet with set of taints.
+ items:
+ type: string
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ protectKernelDefaults:
+ description: |-
+ ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
+ if false, kernel tunable can be different from kubelet defaults
+ type: boolean
+ resolvConf:
+ description: ResolvConf is a reference to a ConfigMap containing
+ resolv.conf content for the node.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ runtimeImage:
+ description: RuntimeImage override image to use for runtime binaries
+ (containerd, kubectl, crictl, etc).
+ type: string
+ snapshotter:
+ description: 'Snapshotter override default containerd snapshotter
+ (default: "overlayfs").'
+ type: string
+ systemDefaultRegistry:
+ description: SystemDefaultRegistry Private registry to be used
+ for all system images.
+ type: string
+ version:
+ description: Version specifies the rke2 version.
+ type: string
+ type: object
+ files:
+ description: Files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files in
+ cloud-init.
+ properties:
+ content:
+ description: Content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source of content to
+ populate the file.
+ properties:
+ secret:
+ description: SecretFileSource represents a secret that should
+ populate this file.
+ properties:
+ key:
+ description: Key is the key in the secret's data map
+ for this value.
+ type: string
+ name:
+ description: Name of the secret in the RKE2BootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of the file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the file, e.g.
+ "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk where to store
+ the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions to assign
+ to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ postRKE2Commands:
+ description: PostRKE2Commands specifies extra commands to run after
+ rke2 setup runs.
+ items:
+ type: string
+ type: array
+ preRKE2Commands:
+ description: PreRKE2Commands specifies extra commands to run before
+ rke2 setup runs.
+ items:
+ type: string
+ type: array
+ privateRegistriesConfig:
+ description: PrivateRegistriesConfig defines the containerd configuration
+ for private registries and local registry mirrors.
+ properties:
+ configs:
+ additionalProperties:
+ description: RegistryConfig contains configuration used to communicate
+ with the registry.
+ properties:
+ authSecret:
+ description: |-
+ Auth si a reference to a Secret containing information to authenticate to the registry.
+ The Secret must provite a username and a password data entry.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ tls:
+ description: |-
+ TLS is a pair of CA/Cert/Key which then are used when creating the transport
+ that communicates with the registry.
+ properties:
+ insecureSkipVerify:
+ description: InsecureSkipVerify may be set to false
+ to skip verifying the registry's certificate, default
+ is true.
+ type: boolean
+ tlsConfigSecret:
+ description: |-
+ TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
+ which describe the TLS configuration necessary to connect to the registry.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: object
+ description: |-
+ Configs are configs for each registry.
+ The key is the FDQN or IP of the registry.
+ type: object
+ mirrors:
+ additionalProperties:
+ description: Mirror contains the config related to the registry
+ mirror.
+ properties:
+ endpoint:
+ description: |-
+ Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
+ one by one until a working one is found. The endpoint must be a valid url
+ with host specified.
+ The scheme, host and path from the endpoint URL will be used.
+ items:
+ type: string
+ type: array
+ rewrite:
+ additionalProperties:
+ type: string
+ description: |-
+ Rewrites are repository rewrite rules for a namespace. When fetching image resources
+ from an endpoint and a key matches the repository via regular expression matching
+ it will be replaced with the corresponding value from the map in the resource request.
+ type: object
+ type: object
+ description: Mirrors are namespace to mirror mapping for all namespaces.
+ type: object
+ type: object
+ type: object
+ status:
+ description: RKE2ConfigStatus defines the observed state of RKE2Config.
+ properties:
+ conditions:
+ description: Conditions defines current service state of the RKE2Config.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ Severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ dataSecretName:
+ description: DataSecretName is the name of the secret that stores
+ the bootstrap data script.
+ type: string
+ failureMessage:
+ description: FailureMessage will be set on non-retryable errors.
+ type: string
+ failureReason:
+ description: FailureReason will be set on non-retryable errors.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ ready:
+ description: Ready indicates the BootstrapData field is ready to be
+ consumed.
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: RKE2Config is the Schema for the rke2configs API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RKE2ConfigSpec defines the desired state of RKE2Config.
+ properties:
+ agentConfig:
+ description: AgentConfig specifies configuration for the agent nodes.
+ properties:
+ additionalUserData:
+ description: |-
+ AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
+ generated cloud-init/ignition script.
+ properties:
+ config:
+ description: |-
+ In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
+ NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
+ type: string
+ data:
+ additionalProperties:
+ type: string
+ description: |-
+ Data allows to pass arbitrary set of key/value pairs consistent with
+ https://cloudinit.readthedocs.io/en/latest/reference/modules.html
+ to extend existing cloud-init configuration
+ type: object
+ strict:
+ description: Strict controls if Config should be strictly
+ parsed. If so, warnings are treated as errors.
+ type: boolean
+ type: object
+ x-kubernetes-validations:
+ - message: Only config or data could be populated at once
+ rule: '!has(self.data) || !has(self.config)'
+ airGapped:
+ description: |-
+ AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
+ basically supposing that online container registries and RKE2 install scripts are not reachable.
+ type: boolean
+ airGappedChecksum:
+ description: |-
+ AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum
+ of existing sha256sum-.txt file for packages already available on the machine
+ before performing air-gapped installation.
+ type: string
+ cisProfile:
+ description: CISProfile activates CIS compliance of RKE2 for a
+ certain profile
+ enum:
+ - cis
+ - cis-1.23
+ - cis-1.5
+ - cis-1.6
+ type: string
+ containerRuntimeEndpoint:
+ description: ContainerRuntimeEndpoint Disable embedded containerd
+ and use alternative CRI implementation.
+ type: string
+ dataDir:
+ description: DataDir Folder to hold state.
+ type: string
+ enableContainerdSElinux:
+ description: |-
+ EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
+ if value is true, Containerd will run with selinux-enabled=true flag
+ if value is false, Containerd will run without the above flag
+ type: boolean
+ format:
+ description: Format specifies the output format of the bootstrap
+ data. Defaults to cloud-config.
+ enum:
+ - cloud-config
+ - ignition
+ type: string
+ imageCredentialProviderConfigMap:
+ description: |-
+ ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
+ The config map should contain a key "credential-config.yaml" with YAML file content and
+ a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ kubeProxy:
+ description: KubeProxyArgs Customized flag for kube-proxy process.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables to
+ pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to be added
+ for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references a container
+ image to override the default one for the Kubernetes Component
+ type: string
+ type: object
+ kubelet:
+ description: KubeletArgs Customized flag for kubelet process.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables to
+ pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to be added
+ for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references a container
+ image to override the default one for the Kubernetes Component
+ type: string
+ type: object
+ kubeletPath:
+ description: KubeletPath Override kubelet binary path.
+ type: string
+ loadBalancerPort:
+ description: |-
+ LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
+ not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
+ type: integer
+ nodeAnnotations:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeAnnotations are annotations that are created on nodes post bootstrap phase.
+ Unfortunately it is not possible to apply annotations via kubelet
+ using current bootstrap configurations.
+ Issue: https://github.com/kubernetes/kubernetes/issues/108046
+ type: object
+ nodeLabels:
+ description: NodeLabels Registering and starting kubelet with
+ set of labels.
+ items:
+ type: string
+ type: array
+ nodeName:
+ description: NodeNamePrefix Prefix to the Node Name that CAPI
+ will generate.
+ type: string
+ nodeTaints:
+ description: NodeTaints Registering kubelet with set of taints.
+ items:
+ type: string
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ protectKernelDefaults:
+ description: |-
+ ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
+ if false, kernel tunable can be different from kubelet defaults
+ type: boolean
+ resolvConf:
+ description: ResolvConf is a reference to a ConfigMap containing
+ resolv.conf content for the node.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ runtimeImage:
+ description: RuntimeImage override image to use for runtime binaries
+ (containerd, kubectl, crictl, etc).
+ type: string
+ snapshotter:
+ description: 'Snapshotter override default containerd snapshotter
+ (default: "overlayfs").'
+ type: string
+ systemDefaultRegistry:
+ description: SystemDefaultRegistry Private registry to be used
+ for all system images.
+ type: string
+ type: object
+ files:
+ description: Files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files in
+ cloud-init.
+ properties:
+ content:
+ description: Content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source of content to
+ populate the file.
+ properties:
+ secret:
+ description: SecretFileSource represents a secret that should
+ populate this file.
+ properties:
+ key:
+ description: Key is the key in the secret's data map
+ for this value.
+ type: string
+ name:
+ description: Name of the secret in the RKE2BootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of the file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the file, e.g.
+ "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk where to store
+ the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions to assign
+ to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ postRKE2Commands:
+ description: PostRKE2Commands specifies extra commands to run after
+ rke2 setup runs.
+ items:
+ type: string
+ type: array
+ preRKE2Commands:
+ description: PreRKE2Commands specifies extra commands to run before
+ rke2 setup runs.
+ items:
+ type: string
+ type: array
+ privateRegistriesConfig:
+ description: PrivateRegistriesConfig defines the containerd configuration
+ for private registries and local registry mirrors.
+ properties:
+ configs:
+ additionalProperties:
+ description: RegistryConfig contains configuration used to communicate
+ with the registry.
+ properties:
+ authSecret:
+ description: |-
+ Auth is a reference to a Secret containing information to authenticate to the registry.
+ The Secret must provite a username and a password data entry.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ tls:
+ description: |-
+ TLS is a pair of CA/Cert/Key which then are used when creating the transport
+ that communicates with the registry.
+ properties:
+ insecureSkipVerify:
+ description: InsecureSkipVerify may be set to false
+ to skip verifying the registry's certificate, default
+ is true.
+ type: boolean
+ tlsConfigSecret:
+ description: |-
+ TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
+ which describe the TLS configuration necessary to connect to the registry.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: object
+ description: |-
+ Configs are configs for each registry.
+ The key is the FDQN or IP of the registry.
+ type: object
+ mirrors:
+ additionalProperties:
+ description: Mirror contains the config related to the registry
+ mirror.
+ properties:
+ endpoint:
+ description: |-
+ Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
+ one by one until a working one is found. The endpoint must be a valid url
+ with host specified.
+ The scheme, host and path from the endpoint URL will be used.
+ items:
+ type: string
+ type: array
+ rewrite:
+ additionalProperties:
+ type: string
+ description: |-
+ Rewrites are repository rewrite rules for a namespace. When fetching image resources
+ from an endpoint and a key matches the repository via regular expression matching
+ it will be replaced with the corresponding value from the map in the resource request.
+ type: object
+ type: object
+ description: Mirrors are namespace to mirror mapping for all namespaces.
+ type: object
+ type: object
+ type: object
+ status:
+ description: RKE2ConfigStatus defines the observed state of RKE2Config.
+ properties:
+ conditions:
+ description: Conditions defines current service state of the RKE2Config.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ Severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ dataSecretName:
+ description: DataSecretName is the name of the secret that stores
+ the bootstrap data script.
+ type: string
+ failureMessage:
+ description: FailureMessage will be set on non-retryable errors.
+ type: string
+ failureReason:
+ description: FailureReason will be set on non-retryable errors.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ ready:
+ description: Ready indicates the BootstrapData field is ready to be
+ consumed.
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ ---
+ apiVersion: apiextensions.k8s.io/v1
+ kind: CustomResourceDefinition
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
+ controller-gen.kubebuilder.io/version: v0.14.0
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
+ name: rke2configtemplates.bootstrap.cluster.x-k8s.io
+ spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: rke2-bootstrap-webhook-service
+ namespace: rke2-bootstrap-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ group: bootstrap.cluster.x-k8s.io
+ names:
+ kind: RKE2ConfigTemplate
+ listKind: RKE2ConfigTemplateList
+ plural: rke2configtemplates
+ singular: rke2configtemplate
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: RKE2ConfigTemplate is the Schema for the RKE2configtemplates
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec details the RKE2ConfigTemplate specification.
+ properties:
+ template:
+ description: "Template references a RKE2ConfigTemplate, which is used
+ to include an RKE2ConfigSpec struct.\n\tThis is used to include
+ a desired RKE2ConfigSpec configuration when an RKE2Config resource
+ is generated by a MachineDeployment resource."
+ properties:
+ spec:
+ description: Spec is the RKE2ConfigSpec that should be used for
+ the template.
+ properties:
+ agentConfig:
+ description: AgentConfig specifies configuration for the agent
+ nodes.
+ properties:
+ additionalUserData:
+ description: |-
+ AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
+ generated cloud-init/ignition script.
+ properties:
+ config:
+ description: |-
+ In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
+ NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
+ Deprecated: Data is reserved for the arbitrary cloud-init data
+ type: string
+ data:
+ additionalProperties:
+ type: string
+ description: |-
+ Data allows to pass arbitrary set of key/value pairs consistent with
+ https://cloudinit.readthedocs.io/en/latest/reference/modules.html
+ to extend existing cloud-init configuration
+ type: object
+ strict:
+ description: Strict controls if Config should be strictly
+ parsed. If so, warnings are treated as errors.
+ type: boolean
+ type: object
+ x-kubernetes-validations:
+ - message: Only config or data could be populated at once
+ rule: '!has(self.data) || !has(self.config)'
+ airGapped:
+ description: |-
+ AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
+ basically supposing that online container registries and RKE2 install scripts are not reachable.
+ type: boolean
+ cisProfile:
+ description: CISProfile activates CIS compliance of RKE2
+ for a certain profile
+ enum:
+ - cis
+ - cis-1.23
+ - cis-1.5
+ - cis-1.6
+ type: string
+ containerRuntimeEndpoint:
+ description: ContainerRuntimeEndpoint Disable embedded
+ containerd and use alternative CRI implementation.
+ type: string
+ dataDir:
+ description: DataDir Folder to hold state.
+ type: string
+ enableContainerdSElinux:
+ description: |-
+ EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
+ if value is true, Containerd will run with selinux-enabled=true flag
+ if value is false, Containerd will run without the above flag
+ type: boolean
+ format:
+ description: Format specifies the output format of the
+ bootstrap data. Defaults to cloud-config.
+ enum:
+ - cloud-config
+ - ignition
+ type: string
+ imageCredentialProviderConfigMap:
+ description: |-
+ ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
+ The config map should contain a key "credential-config.yaml" with YAML file content and
+ a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ kubeProxy:
+ description: KubeProxyArgs Customized flag for kube-proxy
+ process.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line
+ arguments (format: flag=value) to pass to a Kubernetes
+ Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables
+ to pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts
+ to be added for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references
+ a container image to override the default one for
+ the Kubernetes Component
+ type: string
+ type: object
+ kubelet:
+ description: KubeletArgs Customized flag for kubelet process.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line
+ arguments (format: flag=value) to pass to a Kubernetes
+ Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables
+ to pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts
+ to be added for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references
+ a container image to override the default one for
+ the Kubernetes Component
+ type: string
+ type: object
+ kubeletPath:
+ description: KubeletPath Override kubelet binary path.
+ type: string
+ loadBalancerPort:
+ description: |-
+ LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
+ not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
+ type: integer
+ nodeAnnotations:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeAnnotations are annotations that are created on nodes post bootstrap phase.
+ Unfortunately it is not possible to apply annotations via kubelet
+ using current bootstrap configurations.
+ Issue: https://github.com/kubernetes/kubernetes/issues/108046
+ type: object
+ nodeLabels:
+ description: NodeLabels Registering and starting kubelet
+ with set of labels.
+ items:
+ type: string
+ type: array
+ nodeName:
+ description: NodeNamePrefix Prefix to the Node Name that
+ CAPI will generate.
+ type: string
+ nodeTaints:
+ description: NodeTaints Registering kubelet with set of
+ taints.
+ items:
+ type: string
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should
+ be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to
+ use
+ items:
+ type: string
+ type: array
+ type: object
+ protectKernelDefaults:
+ description: |-
+ ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
+ if false, kernel tunable can be different from kubelet defaults
+ type: boolean
+ resolvConf:
+ description: ResolvConf is a reference to a ConfigMap
+ containing resolv.conf content for the node.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ runtimeImage:
+ description: RuntimeImage override image to use for runtime
+ binaries (containerd, kubectl, crictl, etc).
+ type: string
+ snapshotter:
+ description: 'Snapshotter override default containerd
+ snapshotter (default: "overlayfs").'
+ type: string
+ systemDefaultRegistry:
+ description: SystemDefaultRegistry Private registry to
+ be used for all system images.
+ type: string
+ version:
+ description: Version specifies the rke2 version.
+ type: string
+ type: object
+ files:
+ description: Files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ content:
+ description: Content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source of content
+ to populate the file.
+ properties:
+ secret:
+ description: SecretFileSource represents a secret
+ that should populate this file.
+ properties:
+ key:
+ description: Key is the key in the secret's
+ data map for this value.
+ type: string
+ name:
+ description: Name of the secret in the RKE2BootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of the
+ file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the file,
+ e.g. "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk where
+ to store the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions to
+ assign to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ postRKE2Commands:
+ description: PostRKE2Commands specifies extra commands to
+ run after rke2 setup runs.
+ items:
+ type: string
+ type: array
+ preRKE2Commands:
+ description: PreRKE2Commands specifies extra commands to run
+ before rke2 setup runs.
+ items:
+ type: string
+ type: array
+ privateRegistriesConfig:
+ description: PrivateRegistriesConfig defines the containerd
+ configuration for private registries and local registry
+ mirrors.
+ properties:
+ configs:
+ additionalProperties:
+ description: RegistryConfig contains configuration used
+ to communicate with the registry.
+ properties:
+ authSecret:
+ description: |-
+ Auth si a reference to a Secret containing information to authenticate to the registry.
+ The Secret must provite a username and a password data entry.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ tls:
+ description: |-
+ TLS is a pair of CA/Cert/Key which then are used when creating the transport
+ that communicates with the registry.
+ properties:
+ insecureSkipVerify:
+ description: InsecureSkipVerify may be set to
+ false to skip verifying the registry's certificate,
+ default is true.
+ type: boolean
+ tlsConfigSecret:
+ description: |-
+ TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
+ which describe the TLS configuration necessary to connect to the registry.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: object
+ description: |-
+ Configs are configs for each registry.
+ The key is the FDQN or IP of the registry.
+ type: object
+ mirrors:
+ additionalProperties:
+ description: Mirror contains the config related to the
+ registry mirror.
+ properties:
+ endpoint:
+ description: |-
+ Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
+ one by one until a working one is found. The endpoint must be a valid url
+ with host specified.
+ The scheme, host and path from the endpoint URL will be used.
+ items:
+ type: string
+ type: array
+ rewrite:
+ additionalProperties:
+ type: string
+ description: |-
+ Rewrites are repository rewrite rules for a namespace. When fetching image resources
+ from an endpoint and a key matches the repository via regular expression matching
+ it will be replaced with the corresponding value from the map in the resource request.
+ type: object
+ type: object
+ description: Mirrors are namespace to mirror mapping for
+ all namespaces.
+ type: object
+ type: object
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: RKE2ConfigTemplate is the Schema for the RKE2configtemplates
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec details the RKE2ConfigTemplate specification.
+ properties:
+ template:
+ description: "Template references a RKE2ConfigTemplate, which is used
+ to include an RKE2ConfigSpec struct.\n\tThis is used to include
+ a desired RKE2ConfigSpec configuration when an RKE2Config resource
+ is generated by a MachineDeployment resource."
+ properties:
+ spec:
+ description: Spec is the RKE2ConfigSpec that should be used for
+ the template.
+ properties:
+ agentConfig:
+ description: AgentConfig specifies configuration for the agent
+ nodes.
+ properties:
+ additionalUserData:
+ description: |-
+ AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
+ generated cloud-init/ignition script.
+ properties:
+ config:
+ description: |-
+ In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
+ NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
+ type: string
+ data:
+ additionalProperties:
+ type: string
+ description: |-
+ Data allows to pass arbitrary set of key/value pairs consistent with
+ https://cloudinit.readthedocs.io/en/latest/reference/modules.html
+ to extend existing cloud-init configuration
+ type: object
+ strict:
+ description: Strict controls if Config should be strictly
+ parsed. If so, warnings are treated as errors.
+ type: boolean
+ type: object
+ x-kubernetes-validations:
+ - message: Only config or data could be populated at once
+ rule: '!has(self.data) || !has(self.config)'
+ airGapped:
+ description: |-
+ AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
+ basically supposing that online container registries and RKE2 install scripts are not reachable.
+ type: boolean
+ airGappedChecksum:
+ description: |-
+ AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum
+ of existing sha256sum-.txt file for packages already available on the machine
+ before performing air-gapped installation.
+ type: string
+ cisProfile:
+ description: CISProfile activates CIS compliance of RKE2
+ for a certain profile
+ enum:
+ - cis
+ - cis-1.23
+ - cis-1.5
+ - cis-1.6
+ type: string
+ containerRuntimeEndpoint:
+ description: ContainerRuntimeEndpoint Disable embedded
+ containerd and use alternative CRI implementation.
+ type: string
+ dataDir:
+ description: DataDir Folder to hold state.
+ type: string
+ enableContainerdSElinux:
+ description: |-
+ EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
+ if value is true, Containerd will run with selinux-enabled=true flag
+ if value is false, Containerd will run without the above flag
+ type: boolean
+ format:
+ description: Format specifies the output format of the
+ bootstrap data. Defaults to cloud-config.
+ enum:
+ - cloud-config
+ - ignition
+ type: string
+ imageCredentialProviderConfigMap:
+ description: |-
+ ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
+ The config map should contain a key "credential-config.yaml" with YAML file content and
+ a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ kubeProxy:
+ description: KubeProxyArgs Customized flag for kube-proxy
+ process.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line
+ arguments (format: flag=value) to pass to a Kubernetes
+ Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables
+ to pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts
+ to be added for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references
+ a container image to override the default one for
+ the Kubernetes Component
+ type: string
+ type: object
+ kubelet:
+ description: KubeletArgs Customized flag for kubelet process.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line
+ arguments (format: flag=value) to pass to a Kubernetes
+ Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables
+ to pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts
+ to be added for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references
+ a container image to override the default one for
+ the Kubernetes Component
+ type: string
+ type: object
+ kubeletPath:
+ description: KubeletPath Override kubelet binary path.
+ type: string
+ loadBalancerPort:
+ description: |-
+ LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
+ not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
+ type: integer
+ nodeAnnotations:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeAnnotations are annotations that are created on nodes post bootstrap phase.
+ Unfortunately it is not possible to apply annotations via kubelet
+ using current bootstrap configurations.
+ Issue: https://github.com/kubernetes/kubernetes/issues/108046
+ type: object
+ nodeLabels:
+ description: NodeLabels Registering and starting kubelet
+ with set of labels.
+ items:
+ type: string
+ type: array
+ nodeName:
+ description: NodeNamePrefix Prefix to the Node Name that
+ CAPI will generate.
+ type: string
+ nodeTaints:
+ description: NodeTaints Registering kubelet with set of
+ taints.
+ items:
+ type: string
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should
+ be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to
+ use
+ items:
+ type: string
+ type: array
+ type: object
+ protectKernelDefaults:
+ description: |-
+ ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
+ if false, kernel tunable can be different from kubelet defaults
+ type: boolean
+ resolvConf:
+ description: ResolvConf is a reference to a ConfigMap
+ containing resolv.conf content for the node.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ runtimeImage:
+ description: RuntimeImage override image to use for runtime
+ binaries (containerd, kubectl, crictl, etc).
+ type: string
+ snapshotter:
+ description: 'Snapshotter override default containerd
+ snapshotter (default: "overlayfs").'
+ type: string
+ systemDefaultRegistry:
+ description: SystemDefaultRegistry Private registry to
+ be used for all system images.
+ type: string
+ type: object
+ files:
+ description: Files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ content:
+ description: Content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source of content
+ to populate the file.
+ properties:
+ secret:
+ description: SecretFileSource represents a secret
+ that should populate this file.
+ properties:
+ key:
+ description: Key is the key in the secret's
+ data map for this value.
+ type: string
+ name:
+ description: Name of the secret in the RKE2BootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of the
+ file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the file,
+ e.g. "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk where
+ to store the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions to
+ assign to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ postRKE2Commands:
+ description: PostRKE2Commands specifies extra commands to
+ run after rke2 setup runs.
+ items:
+ type: string
+ type: array
+ preRKE2Commands:
+ description: PreRKE2Commands specifies extra commands to run
+ before rke2 setup runs.
+ items:
+ type: string
+ type: array
+ privateRegistriesConfig:
+ description: PrivateRegistriesConfig defines the containerd
+ configuration for private registries and local registry
+ mirrors.
+ properties:
+ configs:
+ additionalProperties:
+ description: RegistryConfig contains configuration used
+ to communicate with the registry.
+ properties:
+ authSecret:
+ description: |-
+ Auth is a reference to a Secret containing information to authenticate to the registry.
+ The Secret must provite a username and a password data entry.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ tls:
+ description: |-
+ TLS is a pair of CA/Cert/Key which then are used when creating the transport
+ that communicates with the registry.
+ properties:
+ insecureSkipVerify:
+ description: InsecureSkipVerify may be set to
+ false to skip verifying the registry's certificate,
+ default is true.
+ type: boolean
+ tlsConfigSecret:
+ description: |-
+ TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
+ which describe the TLS configuration necessary to connect to the registry.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: object
+ description: |-
+ Configs are configs for each registry.
+ The key is the FDQN or IP of the registry.
+ type: object
+ mirrors:
+ additionalProperties:
+ description: Mirror contains the config related to the
+ registry mirror.
+ properties:
+ endpoint:
+ description: |-
+ Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
+ one by one until a working one is found. The endpoint must be a valid url
+ with host specified.
+ The scheme, host and path from the endpoint URL will be used.
+ items:
+ type: string
+ type: array
+ rewrite:
+ additionalProperties:
+ type: string
+ description: |-
+ Rewrites are repository rewrite rules for a namespace. When fetching image resources
+ from an endpoint and a key matches the repository via regular expression matching
+ it will be replaced with the corresponding value from the map in the resource request.
+ type: object
+ type: object
+ description: Mirrors are namespace to mirror mapping for
+ all namespaces.
+ type: object
+ type: object
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ ---
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ name: rke2-bootstrap-manager
+ namespace: rke2-bootstrap-system
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ name: rke2-bootstrap-leader-election-role
+ namespace: rke2-bootstrap-system
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ name: rke2-bootstrap-manager-role
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - events
+ - secrets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+ - apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+ - apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ resources:
+ - rke2configs
+ - rke2configs/finalizers
+ - rke2configs/status
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters
+ - clusters/status
+ - machinepools
+ - machinepools/status
+ - machines
+ - machines/status
+ - machinesets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ resources:
+ - rke2controlplanes
+ - rke2controlplanes/status
+ verbs:
+ - get
+ - list
+ - watch
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ name: rke2-bootstrap-leader-election-rolebinding
+ namespace: rke2-bootstrap-system
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: rke2-bootstrap-leader-election-role
+ subjects:
+ - kind: ServiceAccount
+ name: rke2-bootstrap-manager
+ namespace: rke2-bootstrap-system
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ name: rke2-bootstrap-manager-rolebinding
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: rke2-bootstrap-manager-role
+ subjects:
+ - kind: ServiceAccount
+ name: rke2-bootstrap-manager
+ namespace: rke2-bootstrap-system
+ ---
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ name: rke2-bootstrap-webhook-service
+ namespace: rke2-bootstrap-system
+ spec:
+ ports:
+ - port: 443
+ targetPort: webhook-server
+ selector:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ ---
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ control-plane: controller-manager
+ name: rke2-bootstrap-controller-manager
+ namespace: rke2-bootstrap-system
+ spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ control-plane: controller-manager
+ template:
+ metadata:
+ annotations:
+ kubectl.kubernetes.io/default-container: manager
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ control-plane: controller-manager
+ spec:
+ containers:
+ - args:
+ - --leader-elect
+ - --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
+ - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
+ command:
+ - /manager
+ image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.7.1
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ - containerPort: 8443
+ name: metrics
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
+ runAsGroup: 65532
+ runAsUser: 65532
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ serviceAccountName: rke2-bootstrap-manager
+ terminationGracePeriodSeconds: 10
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ volumes:
+ - name: cert
+ secret:
+ secretName: rke2-bootstrap-webhook-service-cert
+ ---
+ apiVersion: cert-manager.io/v1
+ kind: Certificate
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ name: rke2-bootstrap-serving-cert
+ namespace: rke2-bootstrap-system
+ spec:
+ dnsNames:
+ - rke2-bootstrap-webhook-service.rke2-bootstrap-system.svc
+ - rke2-bootstrap-webhook-service.rke2-bootstrap-system.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: rke2-bootstrap-selfsigned-issuer
+ secretName: rke2-bootstrap-webhook-service-cert
+ subject:
+ organizations:
+ - Rancher by SUSE
+ ---
+ apiVersion: cert-manager.io/v1
+ kind: Issuer
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ name: rke2-bootstrap-selfsigned-issuer
+ namespace: rke2-bootstrap-system
+ spec:
+ selfSigned: {}
+ ---
+ apiVersion: admissionregistration.k8s.io/v1
+ kind: MutatingWebhookConfiguration
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ name: rke2-bootstrap-mutating-webhook-configuration
+ webhooks:
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: rke2-bootstrap-webhook-service
+ namespace: rke2-bootstrap-system
+ path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config
+ failurePolicy: Fail
+ name: mrke2config.kb.io
+ rules:
+ - apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - rke2configs
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: rke2-bootstrap-webhook-service
+ namespace: rke2-bootstrap-system
+ path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2configtemplate
+ failurePolicy: Fail
+ name: mrke2configtemplate.kb.io
+ rules:
+ - apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - rke2configtemplates
+ sideEffects: None
+ ---
+ apiVersion: admissionregistration.k8s.io/v1
+ kind: ValidatingWebhookConfiguration
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-rke2
+ name: rke2-bootstrap-validating-webhook-configuration
+ webhooks:
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: rke2-bootstrap-webhook-service
+ namespace: rke2-bootstrap-system
+ path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config
+ failurePolicy: Fail
+ name: vrke2config.kb.io
+ rules:
+ - apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - rke2configs
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: rke2-bootstrap-webhook-service
+ namespace: rke2-bootstrap-system
+ path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-rke2configtemplate
+ failurePolicy: Fail
+ name: vrke2configtemplate.kb.io
+ rules:
+ - apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - rke2configtemplates
+ sideEffects: None
+ metadata: |
+ # maps release series of major.minor to cluster-api contract version
+ # the contract version may change between minor or major versions, but *not*
+ # between patch versions.
+ #
+ # update this file only when a new major or minor version is released
+ apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3
+ kind: Metadata
+ releaseSeries:
+ - major: 0
+ minor: 1
+ contract: v1beta1
+ - major: 0
+ minor: 2
+ contract: v1beta1
+ - major: 0
+ minor: 3
+ contract: v1beta1
+ - major: 0
+ minor: 4
+ contract: v1beta1
+ - major: 0
+ minor: 5
+ contract: v1beta1
+ - major: 0
+ minor: 6
+ contract: v1beta1
+ - major: 0
+ minor: 7
+ contract: v1beta1
+kind: ConfigMap
+metadata:
+ creationTimestamp: null
+ name: v0.7.1
+ namespace: rke2-bootstrap-system
+ labels:
+ provider-components: rke2-bootstrap
diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
new file mode 100644
index 0000000..e16397e
--- /dev/null
+++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
@@ -0,0 +1,4508 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ control-plane: controller-manager
+ name: rke2-control-plane-system
+---
+apiVersion: v1
+data:
+ components: |
+ apiVersion: v1
+ kind: Namespace
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ control-plane: controller-manager
+ name: rke2-control-plane-system
+ ---
+ apiVersion: apiextensions.k8s.io/v1
+ kind: CustomResourceDefinition
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
+ controller-gen.kubebuilder.io/version: v0.14.0
+ labels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
+ name: rke2controlplanes.controlplane.cluster.x-k8s.io
+ spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: rke2-control-plane-webhook-service
+ namespace: rke2-control-plane-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: controlplane.cluster.x-k8s.io
+ names:
+ kind: RKE2ControlPlane
+ listKind: RKE2ControlPlaneList
+ plural: rke2controlplanes
+ singular: rke2controlplane
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: RKE2ControlPlane is the Schema for the rke2controlplanes API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RKE2ControlPlaneSpec defines the desired state of RKE2ControlPlane.
+ properties:
+ agentConfig:
+ description: AgentConfig specifies configuration for the agent nodes.
+ properties:
+ additionalUserData:
+ description: |-
+ AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
+ generated cloud-init/ignition script.
+ properties:
+ config:
+ description: |-
+ In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
+ NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
+ Deprecated: Data is reserved for the arbitrary cloud-init data
+ type: string
+ data:
+ additionalProperties:
+ type: string
+ description: |-
+ Data allows to pass arbitrary set of key/value pairs consistent with
+ https://cloudinit.readthedocs.io/en/latest/reference/modules.html
+ to extend existing cloud-init configuration
+ type: object
+ strict:
+ description: Strict controls if Config should be strictly
+ parsed. If so, warnings are treated as errors.
+ type: boolean
+ type: object
+ x-kubernetes-validations:
+ - message: Only config or data could be populated at once
+ rule: '!has(self.data) || !has(self.config)'
+ airGapped:
+ description: |-
+ AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
+ basically supposing that online container registries and RKE2 install scripts are not reachable.
+ type: boolean
+ cisProfile:
+ description: CISProfile activates CIS compliance of RKE2 for a
+ certain profile
+ enum:
+ - cis
+ - cis-1.23
+ - cis-1.5
+ - cis-1.6
+ type: string
+ containerRuntimeEndpoint:
+ description: ContainerRuntimeEndpoint Disable embedded containerd
+ and use alternative CRI implementation.
+ type: string
+ dataDir:
+ description: DataDir Folder to hold state.
+ type: string
+ enableContainerdSElinux:
+ description: |-
+ EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
+ if value is true, Containerd will run with selinux-enabled=true flag
+ if value is false, Containerd will run without the above flag
+ type: boolean
+ format:
+ description: Format specifies the output format of the bootstrap
+ data. Defaults to cloud-config.
+ enum:
+ - cloud-config
+ - ignition
+ type: string
+ imageCredentialProviderConfigMap:
+ description: |-
+ ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
+ The config map should contain a key "credential-config.yaml" with YAML file content and
+ a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ kubeProxy:
+ description: KubeProxyArgs Customized flag for kube-proxy process.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables to
+ pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to be added
+ for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references a container
+ image to override the default one for the Kubernetes Component
+ type: string
+ type: object
+ kubelet:
+ description: KubeletArgs Customized flag for kubelet process.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables to
+ pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to be added
+ for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references a container
+ image to override the default one for the Kubernetes Component
+ type: string
+ type: object
+ kubeletPath:
+ description: KubeletPath Override kubelet binary path.
+ type: string
+ loadBalancerPort:
+ description: |-
+ LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
+ not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
+ type: integer
+ nodeAnnotations:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeAnnotations are annotations that are created on nodes post bootstrap phase.
+ Unfortunately it is not possible to apply annotations via kubelet
+ using current bootstrap configurations.
+ Issue: https://github.com/kubernetes/kubernetes/issues/108046
+ type: object
+ nodeLabels:
+ description: NodeLabels Registering and starting kubelet with
+ set of labels.
+ items:
+ type: string
+ type: array
+ nodeName:
+ description: NodeNamePrefix Prefix to the Node Name that CAPI
+ will generate.
+ type: string
+ nodeTaints:
+ description: NodeTaints Registering kubelet with set of taints.
+ items:
+ type: string
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ protectKernelDefaults:
+ description: |-
+ ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
+ if false, kernel tunable can be different from kubelet defaults
+ type: boolean
+ resolvConf:
+ description: ResolvConf is a reference to a ConfigMap containing
+ resolv.conf content for the node.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ runtimeImage:
+ description: RuntimeImage override image to use for runtime binaries
+ (containerd, kubectl, crictl, etc).
+ type: string
+ snapshotter:
+ description: 'Snapshotter override default containerd snapshotter
+ (default: "overlayfs").'
+ type: string
+ systemDefaultRegistry:
+ description: SystemDefaultRegistry Private registry to be used
+ for all system images.
+ type: string
+ version:
+ description: Version specifies the rke2 version.
+ type: string
+ type: object
+ files:
+ description: Files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files in
+ cloud-init.
+ properties:
+ content:
+ description: Content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source of content to
+ populate the file.
+ properties:
+ secret:
+ description: SecretFileSource represents a secret that should
+ populate this file.
+ properties:
+ key:
+ description: Key is the key in the secret's data map
+ for this value.
+ type: string
+ name:
+ description: Name of the secret in the RKE2BootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of the file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the file, e.g.
+ "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk where to store
+ the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions to assign
+ to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ infrastructureRef:
+ description: |-
+ InfrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ manifestsConfigMapReference:
+ description: |-
+ ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster
+ Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: |-
+ NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ postRKE2Commands:
+ description: PostRKE2Commands specifies extra commands to run after
+ rke2 setup runs.
+ items:
+ type: string
+ type: array
+ preRKE2Commands:
+ description: PreRKE2Commands specifies extra commands to run before
+ rke2 setup runs.
+ items:
+ type: string
+ type: array
+ privateRegistriesConfig:
+ description: PrivateRegistriesConfig defines the containerd configuration
+ for private registries and local registry mirrors.
+ properties:
+ configs:
+ additionalProperties:
+ description: RegistryConfig contains configuration used to communicate
+ with the registry.
+ properties:
+ authSecret:
+ description: |-
+ Auth si a reference to a Secret containing information to authenticate to the registry.
+ The Secret must provite a username and a password data entry.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ tls:
+ description: |-
+ TLS is a pair of CA/Cert/Key which then are used when creating the transport
+ that communicates with the registry.
+ properties:
+ insecureSkipVerify:
+ description: InsecureSkipVerify may be set to false
+ to skip verifying the registry's certificate, default
+ is true.
+ type: boolean
+ tlsConfigSecret:
+ description: |-
+ TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
+ which describe the TLS configuration necessary to connect to the registry.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: object
+ description: |-
+ Configs are configs for each registry.
+ The key is the FDQN or IP of the registry.
+ type: object
+ mirrors:
+ additionalProperties:
+ description: Mirror contains the config related to the registry
+ mirror.
+ properties:
+ endpoint:
+ description: |-
+ Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
+ one by one until a working one is found. The endpoint must be a valid url
+ with host specified.
+ The scheme, host and path from the endpoint URL will be used.
+ items:
+ type: string
+ type: array
+ rewrite:
+ additionalProperties:
+ type: string
+ description: |-
+ Rewrites are repository rewrite rules for a namespace. When fetching image resources
+ from an endpoint and a key matches the repository via regular expression matching
+ it will be replaced with the corresponding value from the map in the resource request.
+ type: object
+ type: object
+ description: Mirrors are namespace to mirror mapping for all namespaces.
+ type: object
+ type: object
+ registrationAddress:
+ description: |-
+ RegistrationAddress is an explicit address to use when registering a node. This is required if
+ the registration type is "address". Its for scenarios where a load-balancer or VIP is used.
+ type: string
+ registrationMethod:
+ default: internal-first
+ description: RegistrationMethod is the method to use for registering
+ nodes into the RKE2 cluster.
+ enum:
+ - internal-first
+ - internal-only-ips
+ - external-only-ips
+ - address
+ type: string
+ replicas:
+ description: Replicas is the number of replicas for the Control Plane.
+ format: int32
+ type: integer
+ rolloutStrategy:
+ default:
+ rollingUpdate:
+ maxSurge: 1
+ type: RollingUpdate
+ description: The RolloutStrategy to use to replace control plane machines
+ with new ones.
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present only if RolloutStrategyType
+ = RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of control planes that can be scheduled above or under the
+ desired number of control planes.
+ Value can be an absolute number 1 or 0.
+ Defaults to 1.
+ Example: when this is set to 1, the control plane can be scaled
+ up immediately when the rolling update starts.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ Type of rollout. Currently the only supported strategy is "RollingUpdate".
+ Default is RollingUpdate.
+ type: string
+ type: object
+ serverConfig:
+ description: ServerConfig specifies configuration for the agent nodes.
+ properties:
+ advertiseAddress:
+ description: 'AdvertiseAddress IP address that apiserver uses
+ to advertise to members of the cluster (default: node-external-ip/node-ip).'
+ type: string
+ auditPolicySecret:
+ description: AuditPolicySecret path to the file that defines the
+ audit policy configuration.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ bindAddress:
+ description: 'BindAddress describes the rke2 bind address (default:
+ 0.0.0.0).'
+ type: string
+ cloudControllerManager:
+ description: CloudControllerManager defines optional custom configuration
+ of the Cloud Controller Manager.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables to
+ pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to be added
+ for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references a container
+ image to override the default one for the Kubernetes Component
+ type: string
+ type: object
+ cloudProviderConfigMap:
+ description: |-
+ CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration.
+ The config map must contain a key named cloud-config.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ cloudProviderName:
+ description: CloudProviderName cloud provider name.
+ type: string
+ clusterDNS:
+ description: 'ClusterDNS is the cluster IP for CoreDNS service.
+ Should be in your service-cidr range (default: 10.43.0.10).'
+ type: string
+ clusterDomain:
+ description: 'ClusterDomain is the cluster domain name (default:
+ "cluster.local").'
+ type: string
+ cni:
+ description: |-
+ CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium;
+ optionally with multus as the first value to enable the multus meta-plugin (default: canal).
+ enum:
+ - none
+ - calico
+ - canal
+ - cilium
+ type: string
+ cniMultusEnable:
+ description: |-
+ CNIMultusEnable enables multus as the first CNI plugin (default: false).
+ This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin.
+ type: boolean
+ disableComponents:
+ description: DisableComponents lists Kubernetes components and
+ RKE2 plugin components that will be disabled.
+ properties:
+ kubernetesComponents:
+ description: KubernetesComponents is a list of Kubernetes
+ components to disable.
+ items:
+ description: 'DisabledKubernetesComponent is an enum field
+ that can take one of the following values: scheduler,
+ kubeProxy or cloudController.'
+ enum:
+ - scheduler
+ - kubeProxy
+ - cloudController
+ type: string
+ type: array
+ pluginComponents:
+ description: PluginComponents is a list of PluginComponents
+ to disable.
+ items:
+ description: DisabledPluginComponent selects a plugin Components
+ to be disabled.
+ enum:
+ - rke2-coredns
+ - rke2-ingress-nginx
+ - rke2-metrics-server
+ type: string
+ type: array
+ type: object
+ etcd:
+ description: Etcd defines optional custom configuration of ETCD.
+ properties:
+ backupConfig:
+ description: 'BackupConfig defines how RKE2 will snapshot
+ ETCD: target storage, schedule, etc.'
+ properties:
+ directory:
+ description: Directory to save db snapshots.
+ type: string
+ disableAutomaticSnapshots:
+ description: |-
+ DisableAutomaticSnapshots defines the policy for ETCD snapshots.
+ true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled.
+ type: boolean
+ retention:
+ description: 'Retention Number of snapshots to retain
+ Default: 5 (default: 5).'
+ type: string
+ s3:
+ description: S3 Enable backup to an S3-compatible Object
+ Store.
+ properties:
+ bucket:
+ description: Bucket S3 bucket name.
+ type: string
+ endpoint:
+ description: 'Endpoint S3 endpoint url (default: "s3.amazonaws.com").'
+ type: string
+ endpointCAsecret:
+ description: |-
+ EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint.
+ The secret must contain a key named "ca.pem" that contains the CA certificate.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ enforceSslVerify:
+ description: EnforceSSLVerify may be set to false
+ to skip verifying the registry's certificate, default
+ is true.
+ type: boolean
+ folder:
+ description: Folder S3 folder.
+ type: string
+ region:
+ description: 'Region S3 region / bucket location (optional)
+ (default: "us-east-1").'
+ type: string
+ s3CredentialSecret:
+ description: |-
+ S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
+ The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - endpoint
+ - s3CredentialSecret
+ type: object
+ scheduleCron:
+ description: 'ScheduleCron Snapshot interval time in cron
+ spec. eg. every 5 hours ''* */5 * * *'' (default: "0
+ */12 * * *").'
+ type: string
+ snapshotName:
+ description: 'SnapshotName Set the base name of etcd snapshots.
+ Default: etcd-snapshot- (default: "etcd-snapshot").'
+ type: string
+ type: object
+ customConfig:
+ description: CustomConfig defines the custom settings for
+ ETCD.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component
+ command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables
+ to pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to
+ be added for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references
+ a container image to override the default one for the
+ Kubernetes Component
+ type: string
+ type: object
+ exposeMetrics:
+ description: |-
+ ExposeEtcdMetrics defines the policy for ETCD Metrics exposure.
+ if value is true, ETCD metrics will be exposed
+ if value is false, ETCD metrics will NOT be exposed
+ type: boolean
+ type: object
+ kubeAPIServer:
+ description: KubeAPIServer defines optional custom configuration
+ of the Kube API Server.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables to
+ pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to be added
+ for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references a container
+ image to override the default one for the Kubernetes Component
+ type: string
+ type: object
+ kubeControllerManager:
+ description: KubeControllerManager defines optional custom configuration
+ of the Kube Controller Manager.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables to
+ pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to be added
+ for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references a container
+ image to override the default one for the Kubernetes Component
+ type: string
+ type: object
+ kubeScheduler:
+ description: KubeScheduler defines optional custom configuration
+ of the Kube Scheduler.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables to
+ pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to be added
+ for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references a container
+ image to override the default one for the Kubernetes Component
+ type: string
+ type: object
+ pauseImage:
+ description: PauseImage Override image to use for pause.
+ type: string
+ serviceNodePortRange:
+ description: 'ServiceNodePortRange is the port range to reserve
+ for services with NodePort visibility (default: "30000-32767").'
+ type: string
+ tlsSan:
+ description: TLSSan Add additional hostname or IP as a Subject
+ Alternative Name in the TLS cert.
+ items:
+ type: string
+ type: array
+ type: object
+ required:
+ - infrastructureRef
+ type: object
+ status:
+ description: RKE2ControlPlaneStatus defines the observed state of RKE2ControlPlane.
+ properties:
+ availableServerIPs:
+ description: AvailableServerIPs is a list of the Control Plane IP
+ adds that can be used to register further nodes.
+ items:
+ type: string
+ type: array
+ conditions:
+ description: Conditions defines current service state of the RKE2Config.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ Severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ dataSecretName:
+ description: DataSecretName is the name of the secret that stores
+ the bootstrap data script.
+ type: string
+ failureMessage:
+ description: FailureMessage will be set on non-retryable errors.
+ type: string
+ failureReason:
+ description: FailureReason will be set on non-retryable errors.
+ type: string
+ initialized:
+ description: Initialized indicates the target cluster has completed
+ initialization.
+ type: boolean
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ ready:
+ description: Ready indicates the BootstrapData field is ready to be
+ consumed.
+ type: boolean
+ readyReplicas:
+ description: ReadyReplicas is the number of replicas current attached
+ to this ControlPlane Resource and that have Ready Status.
+ format: int32
+ type: integer
+ replicas:
+ description: Replicas is the number of replicas current attached to
+ this ControlPlane Resource.
+ format: int32
+ type: integer
+ unavailableReplicas:
+ description: UnavailableReplicas is the number of replicas current
+ attached to this ControlPlane Resource and that are up-to-date with
+ Control Plane config.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: UpdatedReplicas is the number of replicas current attached
+ to this ControlPlane Resource and that are up-to-date with Control
+ Plane config.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: RKE2ControlPlane is the Schema for the rke2controlplanes API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RKE2ControlPlaneSpec defines the desired state of RKE2ControlPlane.
+ properties:
+ agentConfig:
+ description: AgentConfig specifies configuration for the agent nodes.
+ properties:
+ additionalUserData:
+ description: |-
+ AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
+ generated cloud-init/ignition script.
+ properties:
+ config:
+ description: |-
+ In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
+ NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
+ type: string
+ data:
+ additionalProperties:
+ type: string
+ description: |-
+ Data allows to pass arbitrary set of key/value pairs consistent with
+ https://cloudinit.readthedocs.io/en/latest/reference/modules.html
+ to extend existing cloud-init configuration
+ type: object
+ strict:
+ description: Strict controls if Config should be strictly
+ parsed. If so, warnings are treated as errors.
+ type: boolean
+ type: object
+ x-kubernetes-validations:
+ - message: Only config or data could be populated at once
+ rule: '!has(self.data) || !has(self.config)'
+ airGapped:
+ description: |-
+ AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
+ basically supposing that online container registries and RKE2 install scripts are not reachable.
+ type: boolean
+ airGappedChecksum:
+ description: |-
+ AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum
+ of existing sha256sum-.txt file for packages already available on the machine
+ before performing air-gapped installation.
+ type: string
+ cisProfile:
+ description: CISProfile activates CIS compliance of RKE2 for a
+ certain profile
+ enum:
+ - cis
+ - cis-1.23
+ - cis-1.5
+ - cis-1.6
+ type: string
+ containerRuntimeEndpoint:
+ description: ContainerRuntimeEndpoint Disable embedded containerd
+ and use alternative CRI implementation.
+ type: string
+ dataDir:
+ description: DataDir Folder to hold state.
+ type: string
+ enableContainerdSElinux:
+ description: |-
+ EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
+ if value is true, Containerd will run with selinux-enabled=true flag
+ if value is false, Containerd will run without the above flag
+ type: boolean
+ format:
+ description: Format specifies the output format of the bootstrap
+ data. Defaults to cloud-config.
+ enum:
+ - cloud-config
+ - ignition
+ type: string
+ imageCredentialProviderConfigMap:
+ description: |-
+ ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
+ The config map should contain a key "credential-config.yaml" with YAML file content and
+ a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ kubeProxy:
+ description: KubeProxyArgs Customized flag for kube-proxy process.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables to
+ pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to be added
+ for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references a container
+ image to override the default one for the Kubernetes Component
+ type: string
+ type: object
+ kubelet:
+ description: KubeletArgs Customized flag for kubelet process.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables to
+ pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to be added
+ for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references a container
+ image to override the default one for the Kubernetes Component
+ type: string
+ type: object
+ kubeletPath:
+ description: KubeletPath Override kubelet binary path.
+ type: string
+ loadBalancerPort:
+ description: |-
+ LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
+ not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
+ type: integer
+ nodeAnnotations:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeAnnotations are annotations that are created on nodes post bootstrap phase.
+ Unfortunately it is not possible to apply annotations via kubelet
+ using current bootstrap configurations.
+ Issue: https://github.com/kubernetes/kubernetes/issues/108046
+ type: object
+ nodeLabels:
+ description: NodeLabels Registering and starting kubelet with
+ set of labels.
+ items:
+ type: string
+ type: array
+ nodeName:
+ description: NodeNamePrefix Prefix to the Node Name that CAPI
+ will generate.
+ type: string
+ nodeTaints:
+ description: NodeTaints Registering kubelet with set of taints.
+ items:
+ type: string
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ protectKernelDefaults:
+ description: |-
+ ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
+ if false, kernel tunable can be different from kubelet defaults
+ type: boolean
+ resolvConf:
+ description: ResolvConf is a reference to a ConfigMap containing
+ resolv.conf content for the node.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ runtimeImage:
+ description: RuntimeImage override image to use for runtime binaries
+ (containerd, kubectl, crictl, etc).
+ type: string
+ snapshotter:
+ description: 'Snapshotter override default containerd snapshotter
+ (default: "overlayfs").'
+ type: string
+ systemDefaultRegistry:
+ description: SystemDefaultRegistry Private registry to be used
+ for all system images.
+ type: string
+ type: object
+ files:
+ description: Files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files in
+ cloud-init.
+ properties:
+ content:
+ description: Content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source of content to
+ populate the file.
+ properties:
+ secret:
+ description: SecretFileSource represents a secret that should
+ populate this file.
+ properties:
+ key:
+ description: Key is the key in the secret's data map
+ for this value.
+ type: string
+ name:
+ description: Name of the secret in the RKE2BootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of the file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the file, e.g.
+ "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk where to store
+ the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions to assign
+ to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ infrastructureRef:
+ description: |-
+ InfrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ machineTemplate:
+ description: |-
+ MachineTemplate contains information about how machines
+ should be shaped when creating or updating a control plane.
+ properties:
+ infrastructureRef:
+ description: |-
+ InfrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ nodeDrainTimeout:
+ description: |-
+ NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ required:
+ - infrastructureRef
+ type: object
+ manifestsConfigMapReference:
+ description: |-
+ ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster
+ Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: |-
+ NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ postRKE2Commands:
+ description: PostRKE2Commands specifies extra commands to run after
+ rke2 setup runs.
+ items:
+ type: string
+ type: array
+ preRKE2Commands:
+ description: PreRKE2Commands specifies extra commands to run before
+ rke2 setup runs.
+ items:
+ type: string
+ type: array
+ privateRegistriesConfig:
+ description: PrivateRegistriesConfig defines the containerd configuration
+ for private registries and local registry mirrors.
+ properties:
+ configs:
+ additionalProperties:
+ description: RegistryConfig contains configuration used to communicate
+ with the registry.
+ properties:
+ authSecret:
+ description: |-
+ Auth is a reference to a Secret containing information to authenticate to the registry.
+ The Secret must provite a username and a password data entry.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ tls:
+ description: |-
+ TLS is a pair of CA/Cert/Key which then are used when creating the transport
+ that communicates with the registry.
+ properties:
+ insecureSkipVerify:
+ description: InsecureSkipVerify may be set to false
+ to skip verifying the registry's certificate, default
+ is true.
+ type: boolean
+ tlsConfigSecret:
+ description: |-
+ TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
+ which describe the TLS configuration necessary to connect to the registry.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: object
+ description: |-
+ Configs are configs for each registry.
+ The key is the FDQN or IP of the registry.
+ type: object
+ mirrors:
+ additionalProperties:
+ description: Mirror contains the config related to the registry
+ mirror.
+ properties:
+ endpoint:
+ description: |-
+ Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
+ one by one until a working one is found. The endpoint must be a valid url
+ with host specified.
+ The scheme, host and path from the endpoint URL will be used.
+ items:
+ type: string
+ type: array
+ rewrite:
+ additionalProperties:
+ type: string
+ description: |-
+ Rewrites are repository rewrite rules for a namespace. When fetching image resources
+ from an endpoint and a key matches the repository via regular expression matching
+ it will be replaced with the corresponding value from the map in the resource request.
+ type: object
+ type: object
+ description: Mirrors are namespace to mirror mapping for all namespaces.
+ type: object
+ type: object
+ registrationAddress:
+ description: |-
+ RegistrationAddress is an explicit address to use when registering a node. This is required if
+ the registration type is "address". Its for scenarios where a load-balancer or VIP is used.
+ type: string
+ registrationMethod:
+ description: RegistrationMethod is the method to use for registering
+ nodes into the RKE2 cluster.
+ enum:
+ - internal-first
+ - internal-only-ips
+ - external-only-ips
+ - address
+ - control-plane-endpoint
+ - ""
+ type: string
+ replicas:
+ description: Replicas is the number of replicas for the Control Plane.
+ format: int32
+ type: integer
+ rolloutStrategy:
+ description: The RolloutStrategy to use to replace control plane machines
+ with new ones.
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present only if RolloutStrategyType
+ = RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of control planes that can be scheduled above or under the
+ desired number of control planes.
+ Value can be an absolute number 1 or 0.
+ Defaults to 1.
+ Example: when this is set to 1, the control plane can be scaled
+ up immediately when the rolling update starts.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ Type of rollout. Currently the only supported strategy is "RollingUpdate".
+ Default is RollingUpdate.
+ type: string
+ type: object
+ serverConfig:
+ description: ServerConfig specifies configuration for the agent nodes.
+ properties:
+ advertiseAddress:
+ description: 'AdvertiseAddress IP address that apiserver uses
+ to advertise to members of the cluster (default: node-external-ip/node-ip).'
+ type: string
+ auditPolicySecret:
+ description: AuditPolicySecret path to the file that defines the
+ audit policy configuration.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ bindAddress:
+ description: 'BindAddress describes the rke2 bind address (default:
+ 0.0.0.0).'
+ type: string
+ cloudControllerManager:
+ description: CloudControllerManager defines optional custom configuration
+ of the Cloud Controller Manager.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables to
+ pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to be added
+ for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references a container
+ image to override the default one for the Kubernetes Component
+ type: string
+ type: object
+ cloudProviderConfigMap:
+ description: |-
+ CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration.
+ The config map must contain a key named cloud-config.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ cloudProviderName:
+ description: CloudProviderName cloud provider name.
+ type: string
+ clusterDNS:
+ description: 'ClusterDNS is the cluster IP for CoreDNS service.
+ Should be in your service-cidr range (default: 10.43.0.10).'
+ type: string
+ clusterDomain:
+ description: 'ClusterDomain is the cluster domain name (default:
+ "cluster.local").'
+ type: string
+ cni:
+ description: |-
+ CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium;
+ optionally with multus as the first value to enable the multus meta-plugin (default: canal).
+ enum:
+ - none
+ - calico
+ - canal
+ - cilium
+ type: string
+ cniMultusEnable:
+ description: |-
+ CNIMultusEnable enables multus as the first CNI plugin (default: false).
+ This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin.
+ type: boolean
+ disableComponents:
+ description: DisableComponents lists Kubernetes components and
+ RKE2 plugin components that will be disabled.
+ properties:
+ kubernetesComponents:
+ description: KubernetesComponents is a list of Kubernetes
+ components to disable.
+ items:
+ description: 'DisabledKubernetesComponent is an enum field
+ that can take one of the following values: scheduler,
+ kubeProxy or cloudController.'
+ enum:
+ - scheduler
+ - kubeProxy
+ - cloudController
+ type: string
+ type: array
+ pluginComponents:
+ description: PluginComponents is a list of PluginComponents
+ to disable.
+ items:
+ description: DisabledPluginComponent selects a plugin Components
+ to be disabled.
+ enum:
+ - rke2-coredns
+ - rke2-ingress-nginx
+ - rke2-metrics-server
+ type: string
+ type: array
+ type: object
+ etcd:
+ description: Etcd defines optional custom configuration of ETCD.
+ properties:
+ backupConfig:
+ description: 'BackupConfig defines how RKE2 will snapshot
+ ETCD: target storage, schedule, etc.'
+ properties:
+ directory:
+ description: Directory to save db snapshots.
+ type: string
+ disableAutomaticSnapshots:
+ description: |-
+ DisableAutomaticSnapshots defines the policy for ETCD snapshots.
+ true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled.
+ type: boolean
+ retention:
+ description: 'Retention Number of snapshots to retain
+ Default: 5 (default: 5).'
+ type: string
+ s3:
+ description: S3 Enable backup to an S3-compatible Object
+ Store.
+ properties:
+ bucket:
+ description: Bucket S3 bucket name.
+ type: string
+ endpoint:
+ description: 'Endpoint S3 endpoint url (default: "s3.amazonaws.com").'
+ type: string
+ endpointCAsecret:
+ description: |-
+ EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint.
+ The secret must contain a key named "ca.pem" that contains the CA certificate.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ enforceSslVerify:
+ description: EnforceSSLVerify may be set to false
+ to skip verifying the registry's certificate, default
+ is true.
+ type: boolean
+ folder:
+ description: Folder S3 folder.
+ type: string
+ region:
+ description: 'Region S3 region / bucket location (optional)
+ (default: "us-east-1").'
+ type: string
+ s3CredentialSecret:
+ description: |-
+ S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
+ The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - endpoint
+ - s3CredentialSecret
+ type: object
+ scheduleCron:
+ description: 'ScheduleCron Snapshot interval time in cron
+ spec. eg. every 5 hours ''* */5 * * *'' (default: "0
+ */12 * * *").'
+ type: string
+ snapshotName:
+ description: 'SnapshotName Set the base name of etcd snapshots.
+ Default: etcd-snapshot- (default: "etcd-snapshot").'
+ type: string
+ type: object
+ customConfig:
+ description: CustomConfig defines the custom settings for
+ ETCD.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component
+ command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables
+ to pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to
+ be added for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references
+ a container image to override the default one for the
+ Kubernetes Component
+ type: string
+ type: object
+ exposeMetrics:
+ description: |-
+ ExposeEtcdMetrics defines the policy for ETCD Metrics exposure.
+ if value is true, ETCD metrics will be exposed
+ if value is false, ETCD metrics will NOT be exposed
+ type: boolean
+ type: object
+ kubeAPIServer:
+ description: KubeAPIServer defines optional custom configuration
+ of the Kube API Server.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables to
+ pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to be added
+ for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references a container
+ image to override the default one for the Kubernetes Component
+ type: string
+ type: object
+ kubeControllerManager:
+ description: KubeControllerManager defines optional custom configuration
+ of the Kube Controller Manager.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables to
+ pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to be added
+ for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references a container
+ image to override the default one for the Kubernetes Component
+ type: string
+ type: object
+ kubeScheduler:
+ description: KubeScheduler defines optional custom configuration
+ of the Kube Scheduler.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line arguments
+ (format: flag=value) to pass to a Kubernetes Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables to
+ pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts to be added
+ for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references a container
+ image to override the default one for the Kubernetes Component
+ type: string
+ type: object
+ pauseImage:
+ description: PauseImage Override image to use for pause.
+ type: string
+ serviceNodePortRange:
+ description: 'ServiceNodePortRange is the port range to reserve
+ for services with NodePort visibility (default: "30000-32767").'
+ type: string
+ tlsSan:
+ description: TLSSan Add additional hostname or IP as a Subject
+ Alternative Name in the TLS cert.
+ items:
+ type: string
+ type: array
+ type: object
+ version:
+ description: |-
+ Version defines the desired Kubernetes version.
+ This field takes precedence over RKE2ConfigSpec.AgentConfig.Version (which is deprecated).
+ pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
+ type: string
+ required:
+ - infrastructureRef
+ - rolloutStrategy
+ type: object
+ status:
+ description: RKE2ControlPlaneStatus defines the observed state of RKE2ControlPlane.
+ properties:
+ availableServerIPs:
+ description: AvailableServerIPs is a list of the Control Plane IP
+ adds that can be used to register further nodes.
+ items:
+ type: string
+ type: array
+ conditions:
+ description: Conditions defines current service state of the RKE2Config.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ Severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ dataSecretName:
+ description: DataSecretName is the name of the secret that stores
+ the bootstrap data script.
+ type: string
+ failureMessage:
+ description: FailureMessage will be set on non-retryable errors.
+ type: string
+ failureReason:
+ description: FailureReason will be set on non-retryable errors.
+ type: string
+ initialized:
+ description: Initialized indicates the target cluster has completed
+ initialization.
+ type: boolean
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ ready:
+ description: Ready indicates the BootstrapData field is ready to be
+ consumed.
+ type: boolean
+ readyReplicas:
+ description: ReadyReplicas is the number of replicas current attached
+ to this ControlPlane Resource and that have Ready Status.
+ format: int32
+ type: integer
+ replicas:
+ description: Replicas is the number of replicas current attached to
+ this ControlPlane Resource.
+ format: int32
+ type: integer
+ unavailableReplicas:
+ description: UnavailableReplicas is the number of replicas current
+ attached to this ControlPlane Resource and that are up-to-date with
+ Control Plane config.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: UpdatedReplicas is the number of replicas current attached
+ to this ControlPlane Resource and that are up-to-date with Control
+ Plane config.
+ format: int32
+ type: integer
+ version:
+ description: |-
+ Version represents the minimum Kubernetes version for the control plane machines
+ in the cluster.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ ---
+ apiVersion: apiextensions.k8s.io/v1
+ kind: CustomResourceDefinition
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
+ controller-gen.kubebuilder.io/version: v0.14.0
+ labels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
+ name: rke2controlplanetemplates.controlplane.cluster.x-k8s.io
+ spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: rke2-control-plane-webhook-service
+ namespace: rke2-control-plane-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: controlplane.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: RKE2ControlPlaneTemplate
+ listKind: RKE2ControlPlaneTemplateList
+ plural: rke2controlplanetemplates
+ shortNames:
+ - rke2ct
+ singular: rke2controlplanetemplate
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: RKE2ControlPlaneTemplate is the Schema for the rke2controlplanetemplates
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RKE2ControlPlaneTemplateSpec defines the desired state of
+ RKE2ControlPlaneTemplate.
+ type: object
+ status:
+ description: RKE2ControlPlaneTemplateStatus defines the observed state
+ of RKE2ControlPlaneTemplate.
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: RKE2ControlPlaneTemplate is the Schema for the rke2controlplanetemplates
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec is the control plane specification for the template
+ resource.
+ properties:
+ template:
+ description: RKE2ControlPlaneTemplateResource contains spec for RKE2ControlPlaneTemplate.
+ properties:
+ spec:
+ description: Spec is the specification of the desired behavior
+ of the control plane.
+ properties:
+ agentConfig:
+ description: AgentConfig specifies configuration for the agent
+ nodes.
+ properties:
+ additionalUserData:
+ description: |-
+ AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
+ generated cloud-init/ignition script.
+ properties:
+ config:
+ description: |-
+ In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
+ NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
+ type: string
+ data:
+ additionalProperties:
+ type: string
+ description: |-
+ Data allows to pass arbitrary set of key/value pairs consistent with
+ https://cloudinit.readthedocs.io/en/latest/reference/modules.html
+ to extend existing cloud-init configuration
+ type: object
+ strict:
+ description: Strict controls if Config should be strictly
+ parsed. If so, warnings are treated as errors.
+ type: boolean
+ type: object
+ x-kubernetes-validations:
+ - message: Only config or data could be populated at once
+ rule: '!has(self.data) || !has(self.config)'
+ airGapped:
+ description: |-
+ AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
+ basically supposing that online container registries and RKE2 install scripts are not reachable.
+ type: boolean
+ airGappedChecksum:
+ description: |-
+ AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum
+ of existing sha256sum-.txt file for packages already available on the machine
+ before performing air-gapped installation.
+ type: string
+ cisProfile:
+ description: CISProfile activates CIS compliance of RKE2
+ for a certain profile
+ enum:
+ - cis
+ - cis-1.23
+ - cis-1.5
+ - cis-1.6
+ type: string
+ containerRuntimeEndpoint:
+ description: ContainerRuntimeEndpoint Disable embedded
+ containerd and use alternative CRI implementation.
+ type: string
+ dataDir:
+ description: DataDir Folder to hold state.
+ type: string
+ enableContainerdSElinux:
+ description: |-
+ EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
+ if value is true, Containerd will run with selinux-enabled=true flag
+ if value is false, Containerd will run without the above flag
+ type: boolean
+ format:
+ description: Format specifies the output format of the
+ bootstrap data. Defaults to cloud-config.
+ enum:
+ - cloud-config
+ - ignition
+ type: string
+ imageCredentialProviderConfigMap:
+ description: |-
+ ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
+ The config map should contain a key "credential-config.yaml" with YAML file content and
+ a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ kubeProxy:
+ description: KubeProxyArgs Customized flag for kube-proxy
+ process.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line
+ arguments (format: flag=value) to pass to a Kubernetes
+ Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables
+ to pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts
+ to be added for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references
+ a container image to override the default one for
+ the Kubernetes Component
+ type: string
+ type: object
+ kubelet:
+ description: KubeletArgs Customized flag for kubelet process.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line
+ arguments (format: flag=value) to pass to a Kubernetes
+ Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables
+ to pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts
+ to be added for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references
+ a container image to override the default one for
+ the Kubernetes Component
+ type: string
+ type: object
+ kubeletPath:
+ description: KubeletPath Override kubelet binary path.
+ type: string
+ loadBalancerPort:
+ description: |-
+ LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
+ not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
+ type: integer
+ nodeAnnotations:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeAnnotations are annotations that are created on nodes post bootstrap phase.
+ Unfortunately it is not possible to apply annotations via kubelet
+ using current bootstrap configurations.
+ Issue: https://github.com/kubernetes/kubernetes/issues/108046
+ type: object
+ nodeLabels:
+ description: NodeLabels Registering and starting kubelet
+ with set of labels.
+ items:
+ type: string
+ type: array
+ nodeName:
+ description: NodeNamePrefix Prefix to the Node Name that
+ CAPI will generate.
+ type: string
+ nodeTaints:
+ description: NodeTaints Registering kubelet with set of
+ taints.
+ items:
+ type: string
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should
+ be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to
+ use
+ items:
+ type: string
+ type: array
+ type: object
+ protectKernelDefaults:
+ description: |-
+ ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
+ if false, kernel tunable can be different from kubelet defaults
+ type: boolean
+ resolvConf:
+ description: ResolvConf is a reference to a ConfigMap
+ containing resolv.conf content for the node.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ runtimeImage:
+ description: RuntimeImage override image to use for runtime
+ binaries (containerd, kubectl, crictl, etc).
+ type: string
+ snapshotter:
+ description: 'Snapshotter override default containerd
+ snapshotter (default: "overlayfs").'
+ type: string
+ systemDefaultRegistry:
+ description: SystemDefaultRegistry Private registry to
+ be used for all system images.
+ type: string
+ type: object
+ files:
+ description: Files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ content:
+ description: Content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source of content
+ to populate the file.
+ properties:
+ secret:
+ description: SecretFileSource represents a secret
+ that should populate this file.
+ properties:
+ key:
+ description: Key is the key in the secret's
+ data map for this value.
+ type: string
+ name:
+ description: Name of the secret in the RKE2BootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of the
+ file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the file,
+ e.g. "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk where
+ to store the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions to
+ assign to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ infrastructureRef:
+ description: |-
+ InfrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ machineTemplate:
+ description: |-
+ MachineTemplate contains information about how machines
+ should be shaped when creating or updating a control plane.
+ properties:
+ infrastructureRef:
+ description: |-
+ InfrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ nodeDrainTimeout:
+ description: |-
+ NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ required:
+ - infrastructureRef
+ type: object
+ manifestsConfigMapReference:
+ description: |-
+ ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster
+ Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: |-
+ NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ postRKE2Commands:
+ description: PostRKE2Commands specifies extra commands to
+ run after rke2 setup runs.
+ items:
+ type: string
+ type: array
+ preRKE2Commands:
+ description: PreRKE2Commands specifies extra commands to run
+ before rke2 setup runs.
+ items:
+ type: string
+ type: array
+ privateRegistriesConfig:
+ description: PrivateRegistriesConfig defines the containerd
+ configuration for private registries and local registry
+ mirrors.
+ properties:
+ configs:
+ additionalProperties:
+ description: RegistryConfig contains configuration used
+ to communicate with the registry.
+ properties:
+ authSecret:
+ description: |-
+ Auth is a reference to a Secret containing information to authenticate to the registry.
+ The Secret must provite a username and a password data entry.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ tls:
+ description: |-
+ TLS is a pair of CA/Cert/Key which then are used when creating the transport
+ that communicates with the registry.
+ properties:
+ insecureSkipVerify:
+ description: InsecureSkipVerify may be set to
+ false to skip verifying the registry's certificate,
+ default is true.
+ type: boolean
+ tlsConfigSecret:
+ description: |-
+ TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
+ which describe the TLS configuration necessary to connect to the registry.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: object
+ description: |-
+ Configs are configs for each registry.
+ The key is the FDQN or IP of the registry.
+ type: object
+ mirrors:
+ additionalProperties:
+ description: Mirror contains the config related to the
+ registry mirror.
+ properties:
+ endpoint:
+ description: |-
+ Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
+ one by one until a working one is found. The endpoint must be a valid url
+ with host specified.
+ The scheme, host and path from the endpoint URL will be used.
+ items:
+ type: string
+ type: array
+ rewrite:
+ additionalProperties:
+ type: string
+ description: |-
+ Rewrites are repository rewrite rules for a namespace. When fetching image resources
+ from an endpoint and a key matches the repository via regular expression matching
+ it will be replaced with the corresponding value from the map in the resource request.
+ type: object
+ type: object
+ description: Mirrors are namespace to mirror mapping for
+ all namespaces.
+ type: object
+ type: object
+ registrationAddress:
+ description: |-
+ RegistrationAddress is an explicit address to use when registering a node. This is required if
+ the registration type is "address". Its for scenarios where a load-balancer or VIP is used.
+ type: string
+ registrationMethod:
+ description: RegistrationMethod is the method to use for registering
+ nodes into the RKE2 cluster.
+ enum:
+ - internal-first
+ - internal-only-ips
+ - external-only-ips
+ - address
+ - control-plane-endpoint
+ - ""
+ type: string
+ replicas:
+ description: Replicas is the number of replicas for the Control
+ Plane.
+ format: int32
+ type: integer
+ rolloutStrategy:
+ description: The RolloutStrategy to use to replace control
+ plane machines with new ones.
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present only
+ if RolloutStrategyType = RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of control planes that can be scheduled above or under the
+ desired number of control planes.
+ Value can be an absolute number 1 or 0.
+ Defaults to 1.
+ Example: when this is set to 1, the control plane can be scaled
+ up immediately when the rolling update starts.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ Type of rollout. Currently the only supported strategy is "RollingUpdate".
+ Default is RollingUpdate.
+ type: string
+ type: object
+ serverConfig:
+ description: ServerConfig specifies configuration for the
+ agent nodes.
+ properties:
+ advertiseAddress:
+ description: 'AdvertiseAddress IP address that apiserver
+ uses to advertise to members of the cluster (default:
+ node-external-ip/node-ip).'
+ type: string
+ auditPolicySecret:
+ description: AuditPolicySecret path to the file that defines
+ the audit policy configuration.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ bindAddress:
+ description: 'BindAddress describes the rke2 bind address
+ (default: 0.0.0.0).'
+ type: string
+ cloudControllerManager:
+ description: CloudControllerManager defines optional custom
+ configuration of the Cloud Controller Manager.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line
+ arguments (format: flag=value) to pass to a Kubernetes
+ Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables
+ to pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts
+ to be added for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references
+ a container image to override the default one for
+ the Kubernetes Component
+ type: string
+ type: object
+ cloudProviderConfigMap:
+ description: |-
+ CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration.
+ The config map must contain a key named cloud-config.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ cloudProviderName:
+ description: CloudProviderName cloud provider name.
+ type: string
+ clusterDNS:
+ description: 'ClusterDNS is the cluster IP for CoreDNS
+ service. Should be in your service-cidr range (default:
+ 10.43.0.10).'
+ type: string
+ clusterDomain:
+ description: 'ClusterDomain is the cluster domain name
+ (default: "cluster.local").'
+ type: string
+ cni:
+ description: |-
+ CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium;
+ optionally with multus as the first value to enable the multus meta-plugin (default: canal).
+ enum:
+ - none
+ - calico
+ - canal
+ - cilium
+ type: string
+ cniMultusEnable:
+ description: |-
+ CNIMultusEnable enables multus as the first CNI plugin (default: false).
+ This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin.
+ type: boolean
+ disableComponents:
+ description: DisableComponents lists Kubernetes components
+ and RKE2 plugin components that will be disabled.
+ properties:
+ kubernetesComponents:
+ description: KubernetesComponents is a list of Kubernetes
+ components to disable.
+ items:
+ description: 'DisabledKubernetesComponent is an
+ enum field that can take one of the following
+ values: scheduler, kubeProxy or cloudController.'
+ enum:
+ - scheduler
+ - kubeProxy
+ - cloudController
+ type: string
+ type: array
+ pluginComponents:
+ description: PluginComponents is a list of PluginComponents
+ to disable.
+ items:
+ description: DisabledPluginComponent selects a plugin
+ Components to be disabled.
+ enum:
+ - rke2-coredns
+ - rke2-ingress-nginx
+ - rke2-metrics-server
+ type: string
+ type: array
+ type: object
+ etcd:
+ description: Etcd defines optional custom configuration
+ of ETCD.
+ properties:
+ backupConfig:
+ description: 'BackupConfig defines how RKE2 will snapshot
+ ETCD: target storage, schedule, etc.'
+ properties:
+ directory:
+ description: Directory to save db snapshots.
+ type: string
+ disableAutomaticSnapshots:
+ description: |-
+ DisableAutomaticSnapshots defines the policy for ETCD snapshots.
+ true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled.
+ type: boolean
+ retention:
+ description: 'Retention Number of snapshots to
+ retain Default: 5 (default: 5).'
+ type: string
+ s3:
+ description: S3 Enable backup to an S3-compatible
+ Object Store.
+ properties:
+ bucket:
+ description: Bucket S3 bucket name.
+ type: string
+ endpoint:
+ description: 'Endpoint S3 endpoint url (default:
+ "s3.amazonaws.com").'
+ type: string
+ endpointCAsecret:
+ description: |-
+ EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint.
+ The secret must contain a key named "ca.pem" that contains the CA certificate.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ enforceSslVerify:
+ description: EnforceSSLVerify may be set to
+ false to skip verifying the registry's certificate,
+ default is true.
+ type: boolean
+ folder:
+ description: Folder S3 folder.
+ type: string
+ region:
+ description: 'Region S3 region / bucket location
+ (optional) (default: "us-east-1").'
+ type: string
+ s3CredentialSecret:
+ description: |-
+ S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
+ The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ TODO: this design is not final and this field is subject to change in the future.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - endpoint
+ - s3CredentialSecret
+ type: object
+ scheduleCron:
+ description: 'ScheduleCron Snapshot interval time
+ in cron spec. eg. every 5 hours ''* */5 * *
+ *'' (default: "0 */12 * * *").'
+ type: string
+ snapshotName:
+ description: 'SnapshotName Set the base name of
+ etcd snapshots. Default: etcd-snapshot-
+ (default: "etcd-snapshot").'
+ type: string
+ type: object
+ customConfig:
+ description: CustomConfig defines the custom settings
+ for ETCD.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line
+ arguments (format: flag=value) to pass to a
+ Kubernetes Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment
+ variables to pass on to a Kubernetes Component
+ command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts
+ to be added for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references
+ a container image to override the default one
+ for the Kubernetes Component
+ type: string
+ type: object
+ exposeMetrics:
+ description: |-
+ ExposeEtcdMetrics defines the policy for ETCD Metrics exposure.
+ if value is true, ETCD metrics will be exposed
+ if value is false, ETCD metrics will NOT be exposed
+ type: boolean
+ type: object
+ kubeAPIServer:
+ description: KubeAPIServer defines optional custom configuration
+ of the Kube API Server.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line
+ arguments (format: flag=value) to pass to a Kubernetes
+ Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables
+ to pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts
+ to be added for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references
+ a container image to override the default one for
+ the Kubernetes Component
+ type: string
+ type: object
+ kubeControllerManager:
+ description: KubeControllerManager defines optional custom
+ configuration of the Kube Controller Manager.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line
+ arguments (format: flag=value) to pass to a Kubernetes
+ Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables
+ to pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts
+ to be added for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references
+ a container image to override the default one for
+ the Kubernetes Component
+ type: string
+ type: object
+ kubeScheduler:
+ description: KubeScheduler defines optional custom configuration
+ of the Kube Scheduler.
+ properties:
+ extraArgs:
+ description: 'ExtraArgs is a list of command line
+ arguments (format: flag=value) to pass to a Kubernetes
+ Component command.'
+ items:
+ type: string
+ type: array
+ extraEnv:
+ additionalProperties:
+ type: string
+ description: ExtraEnv is a map of environment variables
+ to pass on to a Kubernetes Component command.
+ type: object
+ extraMounts:
+ additionalProperties:
+ type: string
+ description: ExtraMounts is a map of volume mounts
+ to be added for the Kubernetes component StaticPod
+ type: object
+ overrideImage:
+ description: OverrideImage is a string that references
+ a container image to override the default one for
+ the Kubernetes Component
+ type: string
+ type: object
+ pauseImage:
+ description: PauseImage Override image to use for pause.
+ type: string
+ serviceNodePortRange:
+ description: 'ServiceNodePortRange is the port range to
+ reserve for services with NodePort visibility (default:
+ "30000-32767").'
+ type: string
+ tlsSan:
+ description: TLSSan Add additional hostname or IP as a
+ Subject Alternative Name in the TLS cert.
+ items:
+ type: string
+ type: array
+ type: object
+ version:
+ description: |-
+ Version defines the desired Kubernetes version.
+ This field takes precedence over RKE2ConfigSpec.AgentConfig.Version (which is deprecated).
+ pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
+ type: string
+ required:
+ - infrastructureRef
+ - rolloutStrategy
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ status:
+ description: Status is the current state of the control plane.
+ properties:
+ availableServerIPs:
+ description: AvailableServerIPs is a list of the Control Plane IP
+ adds that can be used to register further nodes.
+ items:
+ type: string
+ type: array
+ conditions:
+ description: Conditions defines current service state of the RKE2Config.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ Severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ dataSecretName:
+ description: DataSecretName is the name of the secret that stores
+ the bootstrap data script.
+ type: string
+ failureMessage:
+ description: FailureMessage will be set on non-retryable errors.
+ type: string
+ failureReason:
+ description: FailureReason will be set on non-retryable errors.
+ type: string
+ initialized:
+ description: Initialized indicates the target cluster has completed
+ initialization.
+ type: boolean
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ ready:
+ description: Ready indicates the BootstrapData field is ready to be
+ consumed.
+ type: boolean
+ readyReplicas:
+ description: ReadyReplicas is the number of replicas current attached
+ to this ControlPlane Resource and that have Ready Status.
+ format: int32
+ type: integer
+ replicas:
+ description: Replicas is the number of replicas current attached to
+ this ControlPlane Resource.
+ format: int32
+ type: integer
+ unavailableReplicas:
+ description: UnavailableReplicas is the number of replicas current
+ attached to this ControlPlane Resource and that are up-to-date with
+ Control Plane config.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: UpdatedReplicas is the number of replicas current attached
+ to this ControlPlane Resource and that are up-to-date with Control
+ Plane config.
+ format: int32
+ type: integer
+ version:
+ description: |-
+ Version represents the minimum Kubernetes version for the control plane machines
+ in the cluster.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ ---
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ name: rke2-control-plane-manager
+ namespace: rke2-control-plane-system
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ name: rke2-control-plane-leader-election-role
+ namespace: rke2-control-plane-system
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ ---
+ aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ rke2.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true"
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ name: rke2-control-plane-aggregated-manager-role
+ rules: []
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ rke2.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true"
+ name: rke2-control-plane-manager-role
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - events
+ - secrets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+ - apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+ - apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ resources:
+ - rke2configs
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - watch
+ - apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters
+ - clusters/status
+ - machinepools
+ - machinepools/status
+ - machines
+ - machines/status
+ - machinesets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ resources:
+ - rke2controlplanes
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ resources:
+ - rke2controlplanes/finalizers
+ verbs:
+ - update
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ resources:
+ - rke2controlplanes/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - '*'
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - watch
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ name: rke2-control-plane-leader-election-rolebinding
+ namespace: rke2-control-plane-system
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: rke2-control-plane-leader-election-role
+ subjects:
+ - kind: ServiceAccount
+ name: rke2-control-plane-manager
+ namespace: rke2-control-plane-system
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ name: rke2-control-plane-manager-rolebinding
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: rke2-control-plane-aggregated-manager-role
+ subjects:
+ - kind: ServiceAccount
+ name: rke2-control-plane-manager
+ namespace: rke2-control-plane-system
+ ---
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ name: rke2-control-plane-webhook-service
+ namespace: rke2-control-plane-system
+ spec:
+ ports:
+ - port: 443
+ targetPort: webhook-server
+ selector:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ ---
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ control-plane: controller-manager
+ name: rke2-control-plane-controller-manager
+ namespace: rke2-control-plane-system
+ spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ control-plane: controller-manager
+ template:
+ metadata:
+ annotations:
+ kubectl.kubernetes.io/default-container: manager
+ labels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ control-plane: controller-manager
+ spec:
+ containers:
+ - args:
+ - --leader-elect
+ - --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
+ - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
+ command:
+ - /manager
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_UID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.uid
+ image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.7.1
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ - containerPort: 8443
+ name: metrics
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources:
+ limits:
+ cpu: 500m
+ memory: 256Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
+ runAsGroup: 65532
+ runAsUser: 65532
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ serviceAccountName: rke2-control-plane-manager
+ terminationGracePeriodSeconds: 10
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ volumes:
+ - name: cert
+ secret:
+ secretName: rke2-control-plane-webhook-service-cert
+ ---
+ apiVersion: cert-manager.io/v1
+ kind: Certificate
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ name: rke2-control-plane-serving-cert
+ namespace: rke2-control-plane-system
+ spec:
+ dnsNames:
+ - rke2-control-plane-webhook-service.rke2-control-plane-system.svc
+ - rke2-control-plane-webhook-service.rke2-control-plane-system.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: rke2-control-plane-selfsigned-issuer
+ secretName: rke2-control-plane-webhook-service-cert
+ subject:
+ organizations:
+ - Rancher by SUSE
+ ---
+ apiVersion: cert-manager.io/v1
+ kind: Issuer
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ name: rke2-control-plane-selfsigned-issuer
+ namespace: rke2-control-plane-system
+ spec:
+ selfSigned: {}
+ ---
+ apiVersion: admissionregistration.k8s.io/v1
+ kind: MutatingWebhookConfiguration
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
+ labels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ name: rke2-control-plane-mutating-webhook-configuration
+ webhooks:
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: rke2-control-plane-webhook-service
+ namespace: rke2-control-plane-system
+ path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplane
+ failurePolicy: Fail
+ name: mrke2controlplane.kb.io
+ rules:
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - rke2controlplanes
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: rke2-control-plane-webhook-service
+ namespace: rke2-control-plane-system
+ path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplanetemplate
+ failurePolicy: Fail
+ name: mrke2controlplanetemplate.kb.io
+ rules:
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - rke2controlplanetemplates
+ sideEffects: None
+ ---
+ apiVersion: admissionregistration.k8s.io/v1
+ kind: ValidatingWebhookConfiguration
+ metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
+ labels:
+ cluster.x-k8s.io/provider: control-plane-rke2
+ name: rke2-control-plane-validating-webhook-configuration
+ webhooks:
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: rke2-control-plane-webhook-service
+ namespace: rke2-control-plane-system
+ path: /validate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplane
+ failurePolicy: Fail
+ name: vrke2controlplane.kb.io
+ rules:
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - rke2controlplanes
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: rke2-control-plane-webhook-service
+ namespace: rke2-control-plane-system
+ path: /validate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplanetemplate
+ failurePolicy: Fail
+ name: vrke2controlplanetemplate.kb.io
+ rules:
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - rke2controlplanetemplates
+ sideEffects: None
+ metadata: |
+ # maps release series of major.minor to cluster-api contract version
+ # the contract version may change between minor or major versions, but *not*
+ # between patch versions.
+ #
+ # update this file only when a new major or minor version is released
+ apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3
+ kind: Metadata
+ releaseSeries:
+ - major: 0
+ minor: 1
+ contract: v1beta1
+ - major: 0
+ minor: 2
+ contract: v1beta1
+ - major: 0
+ minor: 3
+ contract: v1beta1
+ - major: 0
+ minor: 4
+ contract: v1beta1
+ - major: 0
+ minor: 5
+ contract: v1beta1
+ - major: 0
+ minor: 6
+ contract: v1beta1
+ - major: 0
+ minor: 7
+ contract: v1beta1
+kind: ConfigMap
+metadata:
+ creationTimestamp: null
+ name: v0.7.1
+ namespace: rke2-control-plane-system
+ labels:
+ provider-components: rke2-control-plane
diff --git a/rancher-turtles-chart/Chart.lock b/rancher-turtles-chart/Chart.lock
new file mode 100644
index 0000000..4560e46
--- /dev/null
+++ b/rancher-turtles-chart/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: cluster-api-operator
+ repository: https://kubernetes-sigs.github.io/cluster-api-operator
+ version: 0.12.0
+digest: sha256:c167c074ca89ef7a520ec18a5afd380b9edaee513810aa3ac0e0bda51db9c526
+generated: "2024-08-22T14:23:18.589443298Z"
diff --git a/rancher-turtles-chart/Chart.yaml b/rancher-turtles-chart/Chart.yaml
new file mode 100644
index 0000000..84cfa37
--- /dev/null
+++ b/rancher-turtles-chart/Chart.yaml
@@ -0,0 +1,32 @@
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:0.3.3
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:0.3.3-%RELEASE%
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
+ catalog.cattle.io/kube-version: '>= 1.23.0-0'
+ catalog.cattle.io/namespace: rancher-turtles-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux
+ catalog.cattle.io/rancher-version: '>= 2.9.0-1'
+ catalog.cattle.io/release-name: rancher-turtles
+ catalog.cattle.io/scope: management
+ catalog.cattle.io/type: cluster-tool
+apiVersion: v2
+appVersion: 0.11.0
+dependencies:
+- condition: cluster-api-operator.enabled
+ name: cluster-api-operator
+ repository: file://./charts/cluster-api-operator
+ version: 0.12.0
+description: Rancher Turtles is an extension to Rancher that brings full Cluster API
+ integration to Rancher.
+home: https://github.com/rancher/turtles/
+icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
+keywords:
+- rancher
+- cluster-api
+- capi
+- provisioning
+name: rancher-turtles
+type: application
+version: 0.3.3+up0.11.0
diff --git a/rancher-turtles-chart/README.md b/rancher-turtles-chart/README.md
new file mode 100644
index 0000000..74c4009
--- /dev/null
+++ b/rancher-turtles-chart/README.md
@@ -0,0 +1,5 @@
+# Rancher Turtles Chart
+
+This chart installs the Rancher Turtles operator and optionally the Cluster API Operator using Helm.
+
+Checkout the [documentation](https://turtles.docs.rancher.com) for further information.
diff --git a/rancher-turtles-chart/RELEASE_NOTES.md b/rancher-turtles-chart/RELEASE_NOTES.md
new file mode 100644
index 0000000..1f3b1d3
--- /dev/null
+++ b/rancher-turtles-chart/RELEASE_NOTES.md
@@ -0,0 +1,6 @@
+## Changes since test/v0.11.0
+---
+## :chart_with_upwards_trend: Overview
+
+
+_Thanks to all our contributors!_ 😊
diff --git a/rancher-turtles-chart/_service b/rancher-turtles-chart/_service
new file mode 100644
index 0000000..c3f6878
--- /dev/null
+++ b/rancher-turtles-chart/_service
@@ -0,0 +1,15 @@
+
+
+
+ values.yaml
+ IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)
+ IMG_PREFIX
+ IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)
+ IMG_REPO
+
+
+ Chart.yaml
+ IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %img_prefix)
+ IMG_PREFIX
+
+
diff --git a/rancher-turtles-chart/app-readme.md b/rancher-turtles-chart/app-readme.md
new file mode 100644
index 0000000..4b4b09b
--- /dev/null
+++ b/rancher-turtles-chart/app-readme.md
@@ -0,0 +1,5 @@
+# Rancher Turtles - The Cluster API Extension for Rancher
+
+Rancher Turtles brings enhanced integration of Cluster API with Rancher.
+
+For more information, including a getting started guide, see the [official documentation](https://turtles.docs.rancher.com).
diff --git a/rancher-turtles-chart/charts/cluster-api-operator/.helmignore b/rancher-turtles-chart/charts/cluster-api-operator/.helmignore
new file mode 100644
index 0000000..1b9a9cc
--- /dev/null
+++ b/rancher-turtles-chart/charts/cluster-api-operator/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml b/rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml
new file mode 100644
index 0000000..ef94c5b
--- /dev/null
+++ b/rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: 0.12.0
+description: Cluster API Operator
+name: cluster-api-operator
+type: application
+version: 0.12.0
diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/_helpers.tpl b/rancher-turtles-chart/charts/cluster-api-operator/templates/_helpers.tpl
new file mode 100644
index 0000000..471367b
--- /dev/null
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/_helpers.tpl
@@ -0,0 +1,24 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "capi-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "capi-operator.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml
new file mode 100644
index 0000000..1cab4b4
--- /dev/null
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml
@@ -0,0 +1,56 @@
+# Addon provider
+{{- if .Values.addon }}
+{{- $addons := split ";" .Values.addon }}
+{{- $addonNamespace := "" }}
+{{- $addonName := "" }}
+{{- $addonVersion := "" }}
+{{- range $addon := $addons }}
+{{- $addonArgs := split ":" $addon }}
+{{- $addonArgsLen := len $addonArgs }}
+{{- if eq $addonArgsLen 3 }}
+ {{- $addonNamespace = $addonArgs._0 }}
+ {{- $addonName = $addonArgs._1 }}
+ {{- $addonVersion = $addonArgs._2 }}
+{{- else if eq $addonArgsLen 2 }}
+ {{- $addonNamespace = print $addonArgs._0 "-addon-system" }}
+ {{- $addonName = $addonArgs._0 }}
+ {{- $addonVersion = $addonArgs._1 }}
+{{- else if eq $addonArgsLen 1 }}
+ {{- $addonNamespace = print $addonArgs._0 "-addon-system" }}
+ {{- $addonName = $addonArgs._0 }}
+{{- else }}
+ {{- fail "addon provider argument should have the following format helm:v1.0.0 or mynamespace:helm:v1.0.0" }}
+{{- end }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ annotations:
+ "helm.sh/hook": "post-install"
+ "helm.sh/hook-weight": "1"
+ "argocd.argoproj.io/sync-wave": "1"
+ name: {{ $addonNamespace }}
+---
+apiVersion: operator.cluster.x-k8s.io/v1alpha2
+kind: AddonProvider
+metadata:
+ name: {{ $addonName }}
+ namespace: {{ $addonNamespace }}
+ annotations:
+ "helm.sh/hook": "post-install"
+ "helm.sh/hook-weight": "2"
+ "argocd.argoproj.io/sync-wave": "2"
+{{- if or $addonVersion $.Values.secretName }}
+spec:
+{{- end}}
+{{- if $addonVersion }}
+ version: {{ $addonVersion }}
+{{- end }}
+{{- if $.Values.secretName }}
+ secretName: {{ $.Values.secretName }}
+{{- end }}
+{{- if $.Values.secretNamespace }}
+ secretNamespace: {{ $.Values.secretNamespace }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml
new file mode 100644
index 0000000..91fb0e8
--- /dev/null
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml
@@ -0,0 +1,55 @@
+# Bootstrap provider
+{{- if .Values.bootstrap }}
+{{- $bootstraps := split ";" .Values.bootstrap }}
+{{- $bootstrapNamespace := "" }}
+{{- $bootstrapName := "" }}
+{{- $bootstrapVersion := "" }}
+{{- range $bootstrap := $bootstraps }}
+{{- $bootstrapArgs := split ":" $bootstrap }}
+{{- $bootstrapArgsLen := len $bootstrapArgs }}
+{{- if eq $bootstrapArgsLen 3 }}
+ {{- $bootstrapNamespace = $bootstrapArgs._0 }}
+ {{- $bootstrapName = $bootstrapArgs._1 }}
+ {{- $bootstrapVersion = $bootstrapArgs._2 }}
+{{- else if eq $bootstrapArgsLen 2 }}
+ {{- $bootstrapNamespace = print $bootstrapArgs._0 "-bootstrap-system" }}
+ {{- $bootstrapName = $bootstrapArgs._0 }}
+ {{- $bootstrapVersion = $bootstrapArgs._1 }}
+{{- else if eq $bootstrapArgsLen 1 }}
+ {{- $bootstrapNamespace = print $bootstrapArgs._0 "-bootstrap-system" }}
+ {{- $bootstrapName = $bootstrapArgs._0 }}
+{{- else }}
+ {{- fail "bootstrap provider argument should have the following format kubeadm:v1.0.0 or mynamespace:kubeadm:v1.0.0" }}
+{{- end }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ annotations:
+ "helm.sh/hook": "post-install"
+ "helm.sh/hook-weight": "1"
+ name: {{ $bootstrapNamespace }}
+---
+apiVersion: operator.cluster.x-k8s.io/v1alpha2
+kind: BootstrapProvider
+metadata:
+ name: {{ $bootstrapName }}
+ namespace: {{ $bootstrapNamespace }}
+ annotations:
+ "helm.sh/hook": "post-install"
+ "helm.sh/hook-weight": "2"
+{{- if or $bootstrapVersion $.Values.configSecret.name }}
+spec:
+{{- end}}
+{{- if $bootstrapVersion }}
+ version: {{ $bootstrapVersion }}
+{{- end }}
+{{- if $.Values.configSecret.name }}
+ configSecret:
+ name: {{ $.Values.configSecret.name }}
+ {{- if $.Values.configSecret.namespace }}
+ namespace: {{ $.Values.configSecret.namespace }}
+ {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml
new file mode 100644
index 0000000..4569ca6
--- /dev/null
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml
@@ -0,0 +1,55 @@
+# Control plane provider
+{{- if .Values.controlPlane }}
+{{- $controlPlanes := split ";" .Values.controlPlane }}
+{{- $controlPlaneNamespace := "" }}
+{{- $controlPlaneName := "" }}
+{{- $controlPlaneVersion := "" }}
+{{- range $controlPlane := $controlPlanes }}
+{{- $controlPlaneArgs := split ":" $controlPlane }}
+{{- $controlPlaneArgsLen := len $controlPlaneArgs }}
+{{- if eq $controlPlaneArgsLen 3 }}
+ {{- $controlPlaneNamespace = $controlPlaneArgs._0 }}
+ {{- $controlPlaneName = $controlPlaneArgs._1 }}
+ {{- $controlPlaneVersion = $controlPlaneArgs._2 }}
+{{- else if eq $controlPlaneArgsLen 2 }}
+ {{- $controlPlaneNamespace = print $controlPlaneArgs._0 "-control-plane-system" }}
+ {{- $controlPlaneName = $controlPlaneArgs._0 }}
+ {{- $controlPlaneVersion = $controlPlaneArgs._1 }}
+{{- else if eq $controlPlaneArgsLen 1 }}
+ {{- $controlPlaneNamespace = print $controlPlaneArgs._0 "-control-plane-system" }}
+ {{- $controlPlaneName = $controlPlaneArgs._0 }}
+{{- else }}
+ {{- fail "controlplane provider argument should have the following format kubeadm:v1.0.0 or mynamespace:kubeadm:v1.0.0" }}
+{{- end }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ annotations:
+ "helm.sh/hook": "post-install"
+ "helm.sh/hook-weight": "1"
+ name: {{ $controlPlaneNamespace }}
+---
+apiVersion: operator.cluster.x-k8s.io/v1alpha2
+kind: ControlPlaneProvider
+metadata:
+ name: {{ $controlPlaneName }}
+ namespace: {{ $controlPlaneNamespace }}
+ annotations:
+ "helm.sh/hook": "post-install"
+ "helm.sh/hook-weight": "2"
+{{- if or $controlPlaneVersion $.Values.configSecret.name }}
+spec:
+{{- end}}
+{{- if $controlPlaneVersion }}
+ version: {{ $controlPlaneVersion }}
+{{- end }}
+{{- if $.Values.configSecret.name }}
+ configSecret:
+ name: {{ $.Values.configSecret.name }}
+ {{- if $.Values.configSecret.namespace }}
+ namespace: {{ $.Values.configSecret.namespace }}
+ {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml
new file mode 100644
index 0000000..b1edaaf
--- /dev/null
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml
@@ -0,0 +1,31 @@
+{{- if or .Values.addon .Values.bootstrap .Values.controlPlane .Values.infrastructure }}
+# Deploy core components if not specified
+{{- if not .Values.core }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ annotations:
+ "helm.sh/hook": "post-install"
+ "helm.sh/hook-weight": "1"
+ name: capi-system
+---
+apiVersion: operator.cluster.x-k8s.io/v1alpha2
+kind: CoreProvider
+metadata:
+ name: cluster-api
+ namespace: capi-system
+ annotations:
+ "helm.sh/hook": "post-install"
+ "helm.sh/hook-weight": "2"
+{{- with .Values.configSecret }}
+spec:
+ configSecret:
+ name: {{ .name }}
+ {{- if .namespace }}
+ namespace: {{ .namespace }}
+ {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+
diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml
new file mode 100644
index 0000000..aa74a51
--- /dev/null
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml
@@ -0,0 +1,63 @@
+# Core provider
+{{- if .Values.core }}
+{{- $coreArgs := split ":" .Values.core }}
+{{- $coreArgsLen := len $coreArgs }}
+{{- $coreVersion := "" }}
+{{- $coreNamespace := "" }}
+{{- $coreName := "" }}
+{{- $coreVersion := "" }}
+{{- if eq $coreArgsLen 3 }}
+ {{- $coreNamespace = $coreArgs._0 }}
+ {{- $coreName = $coreArgs._1 }}
+ {{- $coreVersion = $coreArgs._2 }}
+{{- else if eq $coreArgsLen 2 }}
+ {{- $coreNamespace = "capi-system" }}
+ {{- $coreName = $coreArgs._0 }}
+ {{- $coreVersion = $coreArgs._1 }}
+{{- else if eq $coreArgsLen 1 }}
+ {{- $coreNamespace = "capi-system" }}
+ {{- $coreName = $coreArgs._0 }}
+{{- else }}
+ {{- fail "core provider argument should have the following format cluster-api:v1.0.0 or mynamespace:cluster-api:v1.0.0" }}
+{{- end }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ annotations:
+ "helm.sh/hook": "post-install"
+ "helm.sh/hook-weight": "1"
+ name: {{ $coreNamespace }}
+---
+apiVersion: operator.cluster.x-k8s.io/v1alpha2
+kind: CoreProvider
+metadata:
+ name: {{ $coreName }}
+ namespace: {{ $coreNamespace }}
+ annotations:
+ "helm.sh/hook": "post-install"
+ "helm.sh/hook-weight": "2"
+ "argocd.argoproj.io/sync-wave": "2"
+{{- if or $coreVersion $.Values.configSecret.name }}
+spec:
+{{- end}}
+{{- if $coreVersion }}
+ version: {{ $coreVersion }}
+{{- end }}
+{{- if $.Values.manager }}
+ manager:
+{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.core }}
+ featureGates:
+ {{- range $key, $value := $.Values.manager.featureGates.core }}
+ {{ $key }}: {{ $value }}
+ {{- end }}
+{{- end }}
+{{- end }}
+{{- if $.Values.configSecret.name }}
+ configSecret:
+ name: {{ $.Values.configSecret.name }}
+ {{- if $.Values.configSecret.namespace }}
+ namespace: {{ $.Values.configSecret.namespace }}
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml
new file mode 100644
index 0000000..8f1e332
--- /dev/null
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml
@@ -0,0 +1,146 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "capi-operator.fullname" . }}
+ namespace: '{{ .Release.Namespace }}'
+ labels:
+ app: {{ template "capi-operator.name" . }}
+ app.kubernetes.io/name: {{ template "capi-operator.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ control-plane: controller-manager
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ {{- with .Values.deploymentLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.deploymentAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ template "capi-operator.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ control-plane: controller-manager
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ {{- with .Values.strategy }}
+ strategy:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ template:
+ metadata:
+ labels:
+ app: {{ template "capi-operator.name" . }}
+ app.kubernetes.io/name: {{ template "capi-operator.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ control-plane: controller-manager
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ serviceAccountName: capi-operator-manager
+ automountServiceAccountToken: true
+ {{- with .Values.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ containers:
+ - args:
+ {{- if .Values.logLevel }}
+ - --v={{ .Values.logLevel }}
+ {{- end }}
+ {{- if .Values.healthAddr }}
+ - --health-addr={{ .Values.healthAddr }}
+ {{- end }}
+ {{- if .Values.metricsBindAddr }}
+ - --metrics-bind-addr={{ .Values.metricsBindAddr }}
+ {{- end }}
+ {{- if .Values.diagnosticsAddress }}
+ - --diagnostics-address={{ .Values.diagnosticsAddress }}
+ {{- end }}
+ {{- if .Values.insecureDiagnostics }}
+ - --insecure-diagnostics={{ .Values.insecureDiagnostics }}
+ {{- end }}
+ {{- with .Values.leaderElection }}
+ - --leader-elect={{ .enabled }}
+ {{- if .leaseDuration }}
+ - --leader-elect-lease-duration={{ .leaseDuration }}
+ {{- end }}
+ {{- if .renewDeadline }}
+ - --leader-elect-renew-deadline={{ .renewDeadline }}
+ {{- end }}
+ {{- if .retryPeriod }}
+ - --leader-elect-retry-period={{ .retryPeriod }}
+ {{- end }}
+ {{- end }}
+ command:
+ - /manager
+ {{- with .Values.image.manager }}
+ image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.image.manager.pullPolicy }}
+ name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ - containerPort: {{ ( split ":" $.Values.metricsBindAddr)._1 | int }}
+ name: metrics
+ protocol: TCP
+ {{- with .Values.resources.manager }}
+ resources:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- with .Values.env.manager }}
+ env:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- with .Values.containerSecurityContext.manager }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- with .Values.volumeMounts.manager }}
+ volumeMounts:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ terminationGracePeriodSeconds: 10
+ {{- with .Values.volumes }}
+ volumes:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.podDnsPolicy }}
+ dnsPolicy: {{ . }}
+ {{- end }}
+ {{- with .Values.podDnsConfig }}
+ dnsConfig:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml
new file mode 100644
index 0000000..147bef8
--- /dev/null
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml
@@ -0,0 +1,64 @@
+{{- if .Values.infrastructure }}
+
+# Deploy bootstrap, and infrastructure components if not specified
+{{- if not .Values.bootstrap }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ annotations:
+ "helm.sh/hook": "post-install"
+ "helm.sh/hook-weight": "1"
+ "argocd.argoproj.io/sync-wave": "1"
+ name: capi-kubeadm-bootstrap-system
+---
+apiVersion: operator.cluster.x-k8s.io/v1alpha2
+kind: BootstrapProvider
+metadata:
+ name: kubeadm
+ namespace: capi-kubeadm-bootstrap-system
+ annotations:
+ "helm.sh/hook": "post-install"
+ "helm.sh/hook-weight": "2"
+ "argocd.argoproj.io/sync-wave": "2"
+{{- with .Values.configSecret }}
+spec:
+ configSecret:
+ name: {{ .name }}
+ {{- if .namespace }}
+ namespace: {{ .namespace }}
+ {{- end }}
+{{- end }}
+{{- end }}
+
+{{- if not .Values.controlPlane }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ annotations:
+ "helm.sh/hook": "post-install"
+ "helm.sh/hook-weight": "1"
+ "argocd.argoproj.io/sync-wave": "1"
+ name: capi-kubeadm-control-plane-system
+---
+apiVersion: operator.cluster.x-k8s.io/v1alpha2
+kind: ControlPlaneProvider
+metadata:
+ name: kubeadm
+ namespace: capi-kubeadm-control-plane-system
+ annotations:
+ "helm.sh/hook": "post-install"
+ "helm.sh/hook-weight": "2"
+ "argocd.argoproj.io/sync-wave": "2"
+{{- with .Values.configSecret }}
+spec:
+ configSecret:
+ name: {{ .name }}
+ {{- if .namespace }}
+ namespace: {{ .namespace }}
+ {{- end }}
+{{- end }}
+{{- end }}
+
+{{- end }}
diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml
new file mode 100644
index 0000000..fa77c6c
--- /dev/null
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml
@@ -0,0 +1,84 @@
+{{- define "recursivePrinter" }}
+{{- range $key, $value := . }}
+{{- if kindIs "map" $value }}
+ {{ $key }}:
+ {{- include "recursivePrinter" $value | indent 2 }}
+{{- else }}
+ {{ $key }}: {{ $value }}
+{{- end }}
+{{- end }}
+{{- end }}
+# Infrastructure providers
+{{- if .Values.infrastructure }}
+{{- $infrastructures := split ";" .Values.infrastructure }}
+{{- $infrastructureNamespace := "" }}
+{{- $infrastructureName := "" }}
+{{- $infrastructureVersion := "" }}
+{{- range $infrastructure := $infrastructures }}
+{{- $infrastructureArgs := split ":" $infrastructure }}
+{{- $infrastructureArgsLen := len $infrastructureArgs }}
+{{- if eq $infrastructureArgsLen 3 }}
+ {{- $infrastructureNamespace = $infrastructureArgs._0 }}
+ {{- $infrastructureName = $infrastructureArgs._1 }}
+ {{- $infrastructureVersion = $infrastructureArgs._2 }}
+{{- else if eq $infrastructureArgsLen 2 }}
+ {{- $infrastructureNamespace = print $infrastructureArgs._0 "-infrastructure-system" }}
+ {{- $infrastructureName = $infrastructureArgs._0 }}
+ {{- $infrastructureVersion = $infrastructureArgs._1 }}
+{{- else if eq $infrastructureArgsLen 1 }}
+ {{- $infrastructureNamespace = print $infrastructureArgs._0 "-infrastructure-system" }}
+ {{- $infrastructureName = $infrastructureArgs._0 }}
+{{- else }}
+ {{- fail "infrastructure provider argument should have the following format aws:v1.0.0 or mynamespace:aws:v1.0.0" }}
+{{- end }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ annotations:
+ "helm.sh/hook": "post-install"
+ "helm.sh/hook-weight": "1"
+ "argocd.argoproj.io/sync-wave": "1"
+ name: {{ $infrastructureNamespace }}
+---
+apiVersion: operator.cluster.x-k8s.io/v1alpha2
+kind: InfrastructureProvider
+metadata:
+ name: {{ $infrastructureName }}
+ namespace: {{ $infrastructureNamespace }}
+ annotations:
+ "helm.sh/hook": "post-install"
+ "helm.sh/hook-weight": "2"
+ "argocd.argoproj.io/sync-wave": "2"
+{{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
+spec:
+{{- end }}
+{{- if $infrastructureVersion }}
+ version: {{ $infrastructureVersion }}
+{{- end }}
+{{- if $.Values.manager }}
+ manager:
+{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $infrastructureName) }}
+{{- range $key, $value := $.Values.manager.featureGates }}
+ {{- if eq $key $infrastructureName }}
+ featureGates:
+ {{- range $k, $v := $value }}
+ {{ $k }}: {{ $v }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- if $.Values.configSecret.name }}
+ configSecret:
+ name: {{ $.Values.configSecret.name }}
+ {{- if $.Values.configSecret.namespace }}
+ namespace: {{ $.Values.configSecret.namespace }}
+ {{- end }}
+{{- end }}
+{{- if $.Values.additionalDeployments }}
+ additionalDeployments:
+ {{- include "recursivePrinter" $.Values.additionalDeployments | indent 2 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml
new file mode 100644
index 0000000..f7ede3f
--- /dev/null
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml
@@ -0,0 +1,27887 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert'
+ controller-gen.kubebuilder.io/version: v0.14.0
+ helm.sh/resource-policy: keep
+ labels:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ name: addonproviders.operator.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1alpha1
+ group: operator.cluster.x-k8s.io
+ names:
+ kind: AddonProvider
+ listKind: AddonProviderList
+ plural: addonproviders
+ shortNames:
+ - caap
+ singular: addonprovider
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.installedVersion
+ name: InstalledVersion
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: Ready
+ type: string
+ name: v1alpha2
+ schema:
+ openAPIV3Schema:
+ description: AddonProvider is the Schema for the addonproviders API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AddonProviderSpec defines the desired state of AddonProvider.
+ properties:
+ additionalDeployments:
+ additionalProperties:
+ description: |-
+ AdditionalDeployments defines the properties that can be enabled on the controller
+ manager and deployment for the provider if the provider is managing additional deployments.
+ properties:
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the additional provider deployment.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules
+ (e.g. co-locate this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling
+ rules (e.g. avoid putting this pod in the same node,
+ zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set
+ in the container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the
+ Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to
+ distinguish between explicit zero and not specified. Defaults
+ to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled
+ on the controller manager for the additional provider deployment.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should
+ be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains thw controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ type: object
+ description: |-
+ AdditionalDeployments is a map of additional deployments that the provider
+ should manage. The key is the name of the deployment and the value is the
+ DeploymentSpec.
+ type: object
+ additionalManifests:
+ description: |-
+ AdditionalManifests is reference to configmap that contains additional manifests that will be applied
+ together with the provider components. The key for storing these manifests has to be `manifests`.
+ The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the
+ namespace of the provider will be used. There is no validation of the yaml content inside the configmap.
+ properties:
+ name:
+ description: Name defines the name of the configmap.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the configmap.
+ type: string
+ required:
+ - name
+ type: object
+ configSecret:
+ description: |-
+ ConfigSecret is the object with name and namespace of the Secret providing
+ the configuration variables for the current provider instance, like e.g. credentials.
+ Such configurations will be used when creating or upgrading provider components.
+ The contents of the secret will be treated as immutable. If changes need
+ to be made, a new object can be created and the name should be updated.
+ The contents should be in the form of key:value. This secret must be in
+ the same namespace as the provider.
+ properties:
+ name:
+ description: Name defines the name of the secret.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the secret.
+ type: string
+ required:
+ - name
+ type: object
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the provider.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the
+ container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to distinguish
+ between explicit zero and not specified. Defaults to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ fetchConfig:
+ description: |-
+ FetchConfig determines how the operator will fetch the components and metadata for the provider.
+ If nil, the operator will try to fetch components according to default
+ embedded fetch configuration for the given kind and `ObjectMeta.Name`.
+ For example, the infrastructure name `aws` will fetch artifacts from
+ https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
+ properties:
+ selector:
+ description: |-
+ Selector to be used for fetching provider’s components and metadata from
+ ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain
+ components and metadata for a specific version only.
+ Note: the name of the ConfigMap should be set to the version or to override this
+ add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ url:
+ description: |-
+ URL to be used for fetching the provider’s components and metadata from a remote Github repository.
+ For example, https://github.com/{owner}/{repository}/releases
+ You must set `providerSpec.Version` field for operator to pick up
+ desired version of the release from GitHub.
+ type: string
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled on
+ the controller manager for the provider.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains thw controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ manifestPatches:
+ description: |-
+ ManifestPatches are applied to rendered provider manifests to customize the
+ provider manifests. Patches are applied in the order they are specified.
+ The `kind` field must match the target object, and
+ if `apiVersion` is specified it will only be applied to matching objects.
+ This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396
+ items:
+ type: string
+ type: array
+ version:
+ description: Version indicates the provider version.
+ type: string
+ type: object
+ status:
+ description: AddonProviderStatus defines the observed state of AddonProvider.
+ properties:
+ conditions:
+ description: Conditions define the current service state of the provider.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ Severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ contract:
+ description: |-
+ Contract will contain the core provider contract that the provider is
+ abiding by, like e.g. v1alpha4.
+ type: string
+ installedVersion:
+ description: InstalledVersion is the version of the provider that
+ is installed.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert'
+ controller-gen.kubebuilder.io/version: v0.14.0
+ helm.sh/resource-policy: keep
+ labels:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ name: bootstrapproviders.operator.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1alpha1
+ group: operator.cluster.x-k8s.io
+ names:
+ kind: BootstrapProvider
+ listKind: BootstrapProviderList
+ plural: bootstrapproviders
+ shortNames:
+ - cabp
+ singular: bootstrapprovider
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.installedVersion
+ name: InstalledVersion
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: Ready
+ type: string
+ deprecated: true
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ BootstrapProvider is the Schema for the bootstrapproviders API.
+
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BootstrapProviderSpec defines the desired state of BootstrapProvider.
+ properties:
+ additionalManifests:
+ description: |-
+ AdditionalManifests is reference to configmap that contains additional manifests that will be applied
+ together with the provider components. The key for storing these manifests has to be `manifests`.
+ The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the
+ namespace of the provider will be used. There is no validation of the yaml content inside the configmap.
+ properties:
+ name:
+ description: Name defines the name of the configmap.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the configmap.
+ type: string
+ required:
+ - name
+ type: object
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the provider.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the
+ container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ image:
+ description: Container Image Name
+ properties:
+ name:
+ description: Name allows to specify a name for the image.
+ type: string
+ repository:
+ description: Repository sets the container registry
+ to pull images from.
+ type: string
+ tag:
+ description: Tag allows to specify a tag for the image.
+ type: string
+ type: object
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to distinguish
+ between explicit zero and not specified. Defaults to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ fetchConfig:
+ description: |-
+ FetchConfig determines how the operator will fetch the components and metadata for the provider.
+ If nil, the operator will try to fetch components according to default
+ embedded fetch configuration for the given kind and `ObjectMeta.Name`.
+ For example, the infrastructure name `aws` will fetch artifacts from
+ https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
+ properties:
+ selector:
+ description: |-
+ Selector to be used for fetching provider’s components and metadata from
+ ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain
+ components and metadata for a specific version only.
+ Note: the name of the ConfigMap should be set to the version or to override this
+ add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ url:
+ description: |-
+ URL to be used for fetching the provider’s components and metadata from a remote Github repository.
+ For example, https://github.com/{owner}/{repository}/releases
+ You must set `providerSpec.Version` field for operator to pick up
+ desired version of the release from GitHub.
+ type: string
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled on
+ the controller manager for the provider.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains the controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ secretName:
+ description: |-
+ SecretName is the name of the Secret providing the configuration
+ variables for the current provider instance, like e.g. credentials.
+ Such configurations will be used when creating or upgrading provider components.
+ The contents of the secret will be treated as immutable. If changes need
+ to be made, a new object can be created and the name should be updated.
+ The contents should be in the form of key:value. This secret must be in
+ the same namespace as the provider.
+ type: string
+ secretNamespace:
+ description: |-
+ SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified,
+ the namespace of the provider will be used.
+ type: string
+ version:
+ description: Version indicates the provider version.
+ type: string
+ type: object
+ status:
+ description: BootstrapProviderStatus defines the observed state of BootstrapProvider.
+ properties:
+ conditions:
+ description: Conditions define the current service state of the provider.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ Severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ contract:
+ description: |-
+ Contract will contain the core provider contract that the provider is
+ abiding by, like e.g. v1alpha4.
+ type: string
+ installedVersion:
+ description: InstalledVersion is the version of the provider that
+ is installed.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.installedVersion
+ name: InstalledVersion
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: Ready
+ type: string
+ name: v1alpha2
+ schema:
+ openAPIV3Schema:
+ description: BootstrapProvider is the Schema for the bootstrapproviders API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BootstrapProviderSpec defines the desired state of BootstrapProvider.
+ properties:
+ additionalDeployments:
+ additionalProperties:
+ description: |-
+ AdditionalDeployments defines the properties that can be enabled on the controller
+ manager and deployment for the provider if the provider is managing additional deployments.
+ properties:
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the additional provider deployment.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules
+ (e.g. co-locate this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling
+ rules (e.g. avoid putting this pod in the same node,
+ zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set
+ in the container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the
+ Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to
+ distinguish between explicit zero and not specified. Defaults
+ to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled
+ on the controller manager for the additional provider deployment.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should
+ be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains thw controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ type: object
+ description: |-
+ AdditionalDeployments is a map of additional deployments that the provider
+ should manage. The key is the name of the deployment and the value is the
+ DeploymentSpec.
+ type: object
+ additionalManifests:
+ description: |-
+ AdditionalManifests is reference to configmap that contains additional manifests that will be applied
+ together with the provider components. The key for storing these manifests has to be `manifests`.
+ The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the
+ namespace of the provider will be used. There is no validation of the yaml content inside the configmap.
+ properties:
+ name:
+ description: Name defines the name of the configmap.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the configmap.
+ type: string
+ required:
+ - name
+ type: object
+ configSecret:
+ description: |-
+ ConfigSecret is the object with name and namespace of the Secret providing
+ the configuration variables for the current provider instance, like e.g. credentials.
+ Such configurations will be used when creating or upgrading provider components.
+ The contents of the secret will be treated as immutable. If changes need
+ to be made, a new object can be created and the name should be updated.
+ The contents should be in the form of key:value. This secret must be in
+ the same namespace as the provider.
+ properties:
+ name:
+ description: Name defines the name of the secret.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the secret.
+ type: string
+ required:
+ - name
+ type: object
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the provider.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the
+ container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to distinguish
+ between explicit zero and not specified. Defaults to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ fetchConfig:
+ description: |-
+ FetchConfig determines how the operator will fetch the components and metadata for the provider.
+ If nil, the operator will try to fetch components according to default
+ embedded fetch configuration for the given kind and `ObjectMeta.Name`.
+ For example, the infrastructure name `aws` will fetch artifacts from
+ https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
+ properties:
+ selector:
+ description: |-
+ Selector to be used for fetching provider’s components and metadata from
+ ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain
+ components and metadata for a specific version only.
+ Note: the name of the ConfigMap should be set to the version or to override this
+ add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ url:
+ description: |-
+ URL to be used for fetching the provider’s components and metadata from a remote Github repository.
+ For example, https://github.com/{owner}/{repository}/releases
+ You must set `providerSpec.Version` field for operator to pick up
+ desired version of the release from GitHub.
+ type: string
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled on
+ the controller manager for the provider.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains thw controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ manifestPatches:
+ description: |-
+ ManifestPatches are applied to rendered provider manifests to customize the
+ provider manifests. Patches are applied in the order they are specified.
+ The `kind` field must match the target object, and
+ if `apiVersion` is specified it will only be applied to matching objects.
+ This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396
+ items:
+ type: string
+ type: array
+ version:
+ description: Version indicates the provider version.
+ type: string
+ type: object
+ status:
+ description: BootstrapProviderStatus defines the observed state of BootstrapProvider.
+ properties:
+ conditions:
+ description: Conditions define the current service state of the provider.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ Severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ contract:
+ description: |-
+ Contract will contain the core provider contract that the provider is
+ abiding by, like e.g. v1alpha4.
+ type: string
+ installedVersion:
+ description: InstalledVersion is the version of the provider that
+ is installed.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert'
+ controller-gen.kubebuilder.io/version: v0.14.0
+ helm.sh/resource-policy: keep
+ labels:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ name: controlplaneproviders.operator.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1alpha1
+ group: operator.cluster.x-k8s.io
+ names:
+ kind: ControlPlaneProvider
+ listKind: ControlPlaneProviderList
+ plural: controlplaneproviders
+ shortNames:
+ - cacpp
+ singular: controlplaneprovider
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.installedVersion
+ name: InstalledVersion
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: Ready
+ type: string
+ deprecated: true
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ControlPlaneProvider is the Schema for the controlplaneproviders API.
+
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ControlPlaneProviderSpec defines the desired state of ControlPlaneProvider.
+ properties:
+ additionalManifests:
+ description: |-
+ AdditionalManifests is reference to configmap that contains additional manifests that will be applied
+ together with the provider components. The key for storing these manifests has to be `manifests`.
+ The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the
+ namespace of the provider will be used. There is no validation of the yaml content inside the configmap.
+ properties:
+ name:
+ description: Name defines the name of the configmap.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the configmap.
+ type: string
+ required:
+ - name
+ type: object
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the provider.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the
+ container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ image:
+ description: Container Image Name
+ properties:
+ name:
+ description: Name allows to specify a name for the image.
+ type: string
+ repository:
+ description: Repository sets the container registry
+ to pull images from.
+ type: string
+ tag:
+ description: Tag allows to specify a tag for the image.
+ type: string
+ type: object
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to distinguish
+ between explicit zero and not specified. Defaults to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ fetchConfig:
+ description: |-
+ FetchConfig determines how the operator will fetch the components and metadata for the provider.
+ If nil, the operator will try to fetch components according to default
+ embedded fetch configuration for the given kind and `ObjectMeta.Name`.
+ For example, the infrastructure name `aws` will fetch artifacts from
+ https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
+ properties:
+ selector:
+ description: |-
+ Selector to be used for fetching provider’s components and metadata from
+ ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain
+ components and metadata for a specific version only.
+ Note: the name of the ConfigMap should be set to the version or to override this
+ add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ url:
+ description: |-
+ URL to be used for fetching the provider’s components and metadata from a remote Github repository.
+ For example, https://github.com/{owner}/{repository}/releases
+ You must set `providerSpec.Version` field for operator to pick up
+ desired version of the release from GitHub.
+ type: string
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled on
+ the controller manager for the provider.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains the controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ secretName:
+ description: |-
+ SecretName is the name of the Secret providing the configuration
+ variables for the current provider instance, like e.g. credentials.
+ Such configurations will be used when creating or upgrading provider components.
+ The contents of the secret will be treated as immutable. If changes need
+ to be made, a new object can be created and the name should be updated.
+ The contents should be in the form of key:value. This secret must be in
+ the same namespace as the provider.
+ type: string
+ secretNamespace:
+ description: |-
+ SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified,
+ the namespace of the provider will be used.
+ type: string
+ version:
+ description: Version indicates the provider version.
+ type: string
+ type: object
+ status:
+ description: ControlPlaneProviderStatus defines the observed state of
+ ControlPlaneProvider.
+ properties:
+ conditions:
+ description: Conditions define the current service state of the provider.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ Severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ contract:
+ description: |-
+ Contract will contain the core provider contract that the provider is
+ abiding by, like e.g. v1alpha4.
+ type: string
+ installedVersion:
+ description: InstalledVersion is the version of the provider that
+ is installed.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.installedVersion
+ name: InstalledVersion
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: Ready
+ type: string
+ name: v1alpha2
+ schema:
+ openAPIV3Schema:
+ description: ControlPlaneProvider is the Schema for the controlplaneproviders
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ControlPlaneProviderSpec defines the desired state of ControlPlaneProvider.
+ properties:
+ additionalDeployments:
+ additionalProperties:
+ description: |-
+ AdditionalDeployments defines the properties that can be enabled on the controller
+ manager and deployment for the provider if the provider is managing additional deployments.
+ properties:
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the additional provider deployment.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules
+ (e.g. co-locate this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling
+ rules (e.g. avoid putting this pod in the same node,
+ zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set
+ in the container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the
+ Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to
+ distinguish between explicit zero and not specified. Defaults
+ to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled
+ on the controller manager for the additional provider deployment.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should
+ be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains thw controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ type: object
+ description: |-
+ AdditionalDeployments is a map of additional deployments that the provider
+ should manage. The key is the name of the deployment and the value is the
+ DeploymentSpec.
+ type: object
+ additionalManifests:
+ description: |-
+ AdditionalManifests is reference to configmap that contains additional manifests that will be applied
+ together with the provider components. The key for storing these manifests has to be `manifests`.
+ The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the
+ namespace of the provider will be used. There is no validation of the yaml content inside the configmap.
+ properties:
+ name:
+ description: Name defines the name of the configmap.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the configmap.
+ type: string
+ required:
+ - name
+ type: object
+ configSecret:
+ description: |-
+ ConfigSecret is the object with name and namespace of the Secret providing
+ the configuration variables for the current provider instance, like e.g. credentials.
+ Such configurations will be used when creating or upgrading provider components.
+ The contents of the secret will be treated as immutable. If changes need
+ to be made, a new object can be created and the name should be updated.
+ The contents should be in the form of key:value. This secret must be in
+ the same namespace as the provider.
+ properties:
+ name:
+ description: Name defines the name of the secret.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the secret.
+ type: string
+ required:
+ - name
+ type: object
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the provider.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the
+ container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to distinguish
+ between explicit zero and not specified. Defaults to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ fetchConfig:
+ description: |-
+ FetchConfig determines how the operator will fetch the components and metadata for the provider.
+ If nil, the operator will try to fetch components according to default
+ embedded fetch configuration for the given kind and `ObjectMeta.Name`.
+ For example, the infrastructure name `aws` will fetch artifacts from
+ https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
+ properties:
+ selector:
+ description: |-
+ Selector to be used for fetching provider’s components and metadata from
+ ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain
+ components and metadata for a specific version only.
+ Note: the name of the ConfigMap should be set to the version or to override this
+ add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ url:
+ description: |-
+ URL to be used for fetching the provider’s components and metadata from a remote Github repository.
+ For example, https://github.com/{owner}/{repository}/releases
+ You must set `providerSpec.Version` field for operator to pick up
+ desired version of the release from GitHub.
+ type: string
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled on
+ the controller manager for the provider.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains thw controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ manifestPatches:
+ description: |-
+ ManifestPatches are applied to rendered provider manifests to customize the
+ provider manifests. Patches are applied in the order they are specified.
+ The `kind` field must match the target object, and
+ if `apiVersion` is specified it will only be applied to matching objects.
+ This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396
+ items:
+ type: string
+ type: array
+ version:
+ description: Version indicates the provider version.
+ type: string
+ type: object
+ status:
+ description: ControlPlaneProviderStatus defines the observed state of
+ ControlPlaneProvider.
+ properties:
+ conditions:
+ description: Conditions define the current service state of the provider.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ Severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ contract:
+ description: |-
+ Contract will contain the core provider contract that the provider is
+ abiding by, like e.g. v1alpha4.
+ type: string
+ installedVersion:
+ description: InstalledVersion is the version of the provider that
+ is installed.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert'
+ controller-gen.kubebuilder.io/version: v0.14.0
+ helm.sh/resource-policy: keep
+ labels:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ name: coreproviders.operator.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1alpha1
+ group: operator.cluster.x-k8s.io
+ names:
+ kind: CoreProvider
+ listKind: CoreProviderList
+ plural: coreproviders
+ shortNames:
+ - cacp
+ singular: coreprovider
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.installedVersion
+ name: InstalledVersion
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: Ready
+ type: string
+ deprecated: true
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ CoreProvider is the Schema for the coreproviders API.
+
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CoreProviderSpec defines the desired state of CoreProvider.
+ properties:
+ additionalManifests:
+ description: |-
+ AdditionalManifests is reference to configmap that contains additional manifests that will be applied
+ together with the provider components. The key for storing these manifests has to be `manifests`.
+ The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the
+ namespace of the provider will be used. There is no validation of the yaml content inside the configmap.
+ properties:
+ name:
+ description: Name defines the name of the configmap.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the configmap.
+ type: string
+ required:
+ - name
+ type: object
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the provider.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the
+ container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ image:
+ description: Container Image Name
+ properties:
+ name:
+ description: Name allows to specify a name for the image.
+ type: string
+ repository:
+ description: Repository sets the container registry
+ to pull images from.
+ type: string
+ tag:
+ description: Tag allows to specify a tag for the image.
+ type: string
+ type: object
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to distinguish
+ between explicit zero and not specified. Defaults to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ fetchConfig:
+ description: |-
+ FetchConfig determines how the operator will fetch the components and metadata for the provider.
+ If nil, the operator will try to fetch components according to default
+ embedded fetch configuration for the given kind and `ObjectMeta.Name`.
+ For example, the infrastructure name `aws` will fetch artifacts from
+ https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
+ properties:
+ selector:
+ description: |-
+ Selector to be used for fetching provider’s components and metadata from
+ ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain
+ components and metadata for a specific version only.
+ Note: the name of the ConfigMap should be set to the version or to override this
+ add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ url:
+ description: |-
+ URL to be used for fetching the provider’s components and metadata from a remote Github repository.
+ For example, https://github.com/{owner}/{repository}/releases
+ You must set `providerSpec.Version` field for operator to pick up
+ desired version of the release from GitHub.
+ type: string
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled on
+ the controller manager for the provider.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains the controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ secretName:
+ description: |-
+ SecretName is the name of the Secret providing the configuration
+ variables for the current provider instance, like e.g. credentials.
+ Such configurations will be used when creating or upgrading provider components.
+ The contents of the secret will be treated as immutable. If changes need
+ to be made, a new object can be created and the name should be updated.
+ The contents should be in the form of key:value. This secret must be in
+ the same namespace as the provider.
+ type: string
+ secretNamespace:
+ description: |-
+ SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified,
+ the namespace of the provider will be used.
+ type: string
+ version:
+ description: Version indicates the provider version.
+ type: string
+ type: object
+ status:
+ description: CoreProviderStatus defines the observed state of CoreProvider.
+ properties:
+ conditions:
+ description: Conditions define the current service state of the provider.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ Severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ contract:
+ description: |-
+ Contract will contain the core provider contract that the provider is
+ abiding by, like e.g. v1alpha4.
+ type: string
+ installedVersion:
+ description: InstalledVersion is the version of the provider that
+ is installed.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.installedVersion
+ name: InstalledVersion
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: Ready
+ type: string
+ name: v1alpha2
+ schema:
+ openAPIV3Schema:
+ description: CoreProvider is the Schema for the coreproviders API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CoreProviderSpec defines the desired state of CoreProvider.
+ properties:
+ additionalDeployments:
+ additionalProperties:
+ description: |-
+ AdditionalDeployments defines the properties that can be enabled on the controller
+ manager and deployment for the provider if the provider is managing additional deployments.
+ properties:
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the additional provider deployment.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules
+ (e.g. co-locate this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling
+ rules (e.g. avoid putting this pod in the same node,
+ zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set
+ in the container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the
+ Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to
+ distinguish between explicit zero and not specified. Defaults
+ to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled
+ on the controller manager for the additional provider deployment.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should
+ be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains thw controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ type: object
+ description: |-
+ AdditionalDeployments is a map of additional deployments that the provider
+ should manage. The key is the name of the deployment and the value is the
+ DeploymentSpec.
+ type: object
+ additionalManifests:
+ description: |-
+ AdditionalManifests is reference to configmap that contains additional manifests that will be applied
+ together with the provider components. The key for storing these manifests has to be `manifests`.
+ The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the
+ namespace of the provider will be used. There is no validation of the yaml content inside the configmap.
+ properties:
+ name:
+ description: Name defines the name of the configmap.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the configmap.
+ type: string
+ required:
+ - name
+ type: object
+ configSecret:
+ description: |-
+ ConfigSecret is the object with name and namespace of the Secret providing
+ the configuration variables for the current provider instance, like e.g. credentials.
+ Such configurations will be used when creating or upgrading provider components.
+ The contents of the secret will be treated as immutable. If changes need
+ to be made, a new object can be created and the name should be updated.
+ The contents should be in the form of key:value. This secret must be in
+ the same namespace as the provider.
+ properties:
+ name:
+ description: Name defines the name of the secret.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the secret.
+ type: string
+ required:
+ - name
+ type: object
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the provider.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the
+ container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to distinguish
+ between explicit zero and not specified. Defaults to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ fetchConfig:
+ description: |-
+ FetchConfig determines how the operator will fetch the components and metadata for the provider.
+ If nil, the operator will try to fetch components according to default
+ embedded fetch configuration for the given kind and `ObjectMeta.Name`.
+ For example, the infrastructure name `aws` will fetch artifacts from
+ https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
+ properties:
+ selector:
+ description: |-
+ Selector to be used for fetching provider’s components and metadata from
+ ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain
+ components and metadata for a specific version only.
+ Note: the name of the ConfigMap should be set to the version or to override this
+ add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ url:
+ description: |-
+ URL to be used for fetching the provider’s components and metadata from a remote Github repository.
+ For example, https://github.com/{owner}/{repository}/releases
+ You must set `providerSpec.Version` field for operator to pick up
+ desired version of the release from GitHub.
+ type: string
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled on
+ the controller manager for the provider.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains thw controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ manifestPatches:
+ description: |-
+ ManifestPatches are applied to rendered provider manifests to customize the
+ provider manifests. Patches are applied in the order they are specified.
+ The `kind` field must match the target object, and
+ if `apiVersion` is specified it will only be applied to matching objects.
+ This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396
+ items:
+ type: string
+ type: array
+ version:
+ description: Version indicates the provider version.
+ type: string
+ type: object
+ status:
+ description: CoreProviderStatus defines the observed state of CoreProvider.
+ properties:
+ conditions:
+ description: Conditions define the current service state of the provider.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ Severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ contract:
+ description: |-
+ Contract will contain the core provider contract that the provider is
+ abiding by, like e.g. v1alpha4.
+ type: string
+ installedVersion:
+ description: InstalledVersion is the version of the provider that
+ is installed.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert'
+ controller-gen.kubebuilder.io/version: v0.14.0
+ helm.sh/resource-policy: keep
+ labels:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ name: infrastructureproviders.operator.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1alpha1
+ group: operator.cluster.x-k8s.io
+ names:
+ kind: InfrastructureProvider
+ listKind: InfrastructureProviderList
+ plural: infrastructureproviders
+ shortNames:
+ - caip
+ singular: infrastructureprovider
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.installedVersion
+ name: InstalledVersion
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: Ready
+ type: string
+ deprecated: true
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ InfrastructureProvider is the Schema for the infrastructureproviders API.
+
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: InfrastructureProviderSpec defines the desired state of InfrastructureProvider.
+ properties:
+ additionalManifests:
+ description: |-
+ AdditionalManifests is reference to configmap that contains additional manifests that will be applied
+ together with the provider components. The key for storing these manifests has to be `manifests`.
+ The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the
+ namespace of the provider will be used. There is no validation of the yaml content inside the configmap.
+ properties:
+ name:
+ description: Name defines the name of the configmap.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the configmap.
+ type: string
+ required:
+ - name
+ type: object
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the provider.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the
+ container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ image:
+ description: Container Image Name
+ properties:
+ name:
+ description: Name allows to specify a name for the image.
+ type: string
+ repository:
+ description: Repository sets the container registry
+ to pull images from.
+ type: string
+ tag:
+ description: Tag allows to specify a tag for the image.
+ type: string
+ type: object
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to distinguish
+ between explicit zero and not specified. Defaults to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ fetchConfig:
+ description: |-
+ FetchConfig determines how the operator will fetch the components and metadata for the provider.
+ If nil, the operator will try to fetch components according to default
+ embedded fetch configuration for the given kind and `ObjectMeta.Name`.
+ For example, the infrastructure name `aws` will fetch artifacts from
+ https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
+ properties:
+ selector:
+ description: |-
+ Selector to be used for fetching provider’s components and metadata from
+ ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain
+ components and metadata for a specific version only.
+ Note: the name of the ConfigMap should be set to the version or to override this
+ add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ url:
+ description: |-
+ URL to be used for fetching the provider’s components and metadata from a remote Github repository.
+ For example, https://github.com/{owner}/{repository}/releases
+ You must set `providerSpec.Version` field for operator to pick up
+ desired version of the release from GitHub.
+ type: string
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled on
+ the controller manager for the provider.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains the controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ secretName:
+ description: |-
+ SecretName is the name of the Secret providing the configuration
+ variables for the current provider instance, like e.g. credentials.
+ Such configurations will be used when creating or upgrading provider components.
+ The contents of the secret will be treated as immutable. If changes need
+ to be made, a new object can be created and the name should be updated.
+ The contents should be in the form of key:value. This secret must be in
+ the same namespace as the provider.
+ type: string
+ secretNamespace:
+ description: |-
+ SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified,
+ the namespace of the provider will be used.
+ type: string
+ version:
+ description: Version indicates the provider version.
+ type: string
+ type: object
+ status:
+ description: InfrastructureProviderStatus defines the observed state of
+ InfrastructureProvider.
+ properties:
+ conditions:
+ description: Conditions define the current service state of the provider.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ Severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ contract:
+ description: |-
+ Contract will contain the core provider contract that the provider is
+ abiding by, like e.g. v1alpha4.
+ type: string
+ installedVersion:
+ description: InstalledVersion is the version of the provider that
+ is installed.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.installedVersion
+ name: InstalledVersion
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: Ready
+ type: string
+ name: v1alpha2
+ schema:
+ openAPIV3Schema:
+ description: InfrastructureProvider is the Schema for the infrastructureproviders
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: InfrastructureProviderSpec defines the desired state of InfrastructureProvider.
+ properties:
+ additionalDeployments:
+ additionalProperties:
+ description: |-
+ AdditionalDeployments defines the properties that can be enabled on the controller
+ manager and deployment for the provider if the provider is managing additional deployments.
+ properties:
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the additional provider deployment.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules
+ (e.g. co-locate this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling
+ rules (e.g. avoid putting this pod in the same node,
+ zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set
+ in the container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the
+ Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to
+ distinguish between explicit zero and not specified. Defaults
+ to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled
+ on the controller manager for the additional provider deployment.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should
+ be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains thw controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ type: object
+ description: |-
+ AdditionalDeployments is a map of additional deployments that the provider
+ should manage. The key is the name of the deployment and the value is the
+ DeploymentSpec.
+ type: object
+ additionalManifests:
+ description: |-
+ AdditionalManifests is reference to configmap that contains additional manifests that will be applied
+ together with the provider components. The key for storing these manifests has to be `manifests`.
+ The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the
+ namespace of the provider will be used. There is no validation of the yaml content inside the configmap.
+ properties:
+ name:
+ description: Name defines the name of the configmap.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the configmap.
+ type: string
+ required:
+ - name
+ type: object
+ configSecret:
+ description: |-
+ ConfigSecret is the object with name and namespace of the Secret providing
+ the configuration variables for the current provider instance, like e.g. credentials.
+ Such configurations will be used when creating or upgrading provider components.
+ The contents of the secret will be treated as immutable. If changes need
+ to be made, a new object can be created and the name should be updated.
+ The contents should be in the form of key:value. This secret must be in
+ the same namespace as the provider.
+ properties:
+ name:
+ description: Name defines the name of the secret.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the secret.
+ type: string
+ required:
+ - name
+ type: object
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the provider.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the
+ container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to distinguish
+ between explicit zero and not specified. Defaults to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ fetchConfig:
+ description: |-
+ FetchConfig determines how the operator will fetch the components and metadata for the provider.
+ If nil, the operator will try to fetch components according to default
+ embedded fetch configuration for the given kind and `ObjectMeta.Name`.
+ For example, the infrastructure name `aws` will fetch artifacts from
+ https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
+ properties:
+ selector:
+ description: |-
+ Selector to be used for fetching provider’s components and metadata from
+ ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain
+ components and metadata for a specific version only.
+ Note: the name of the ConfigMap should be set to the version or to override this
+ add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ url:
+ description: |-
+ URL to be used for fetching the provider’s components and metadata from a remote Github repository.
+ For example, https://github.com/{owner}/{repository}/releases
+ You must set `providerSpec.Version` field for operator to pick up
+ desired version of the release from GitHub.
+ type: string
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled on
+ the controller manager for the provider.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains thw controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ manifestPatches:
+ description: |-
+ ManifestPatches are applied to rendered provider manifests to customize the
+ provider manifests. Patches are applied in the order they are specified.
+ The `kind` field must match the target object, and
+ if `apiVersion` is specified it will only be applied to matching objects.
+ This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396
+ items:
+ type: string
+ type: array
+ version:
+ description: Version indicates the provider version.
+ type: string
+ type: object
+ status:
+ description: InfrastructureProviderStatus defines the observed state of
+ InfrastructureProvider.
+ properties:
+ conditions:
+ description: Conditions define the current service state of the provider.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ Severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ contract:
+ description: |-
+ Contract will contain the core provider contract that the provider is
+ abiding by, like e.g. v1alpha4.
+ type: string
+ installedVersion:
+ description: InstalledVersion is the version of the provider that
+ is installed.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert'
+ controller-gen.kubebuilder.io/version: v0.14.0
+ helm.sh/resource-policy: keep
+ labels:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ name: ipamproviders.operator.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1alpha1
+ group: operator.cluster.x-k8s.io
+ names:
+ kind: IPAMProvider
+ listKind: IPAMProviderList
+ plural: ipamproviders
+ shortNames:
+ - caipamp
+ singular: ipamprovider
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.installedVersion
+ name: InstalledVersion
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: Ready
+ type: string
+ name: v1alpha2
+ schema:
+ openAPIV3Schema:
+ description: IPAMProvider is the Schema for the IPAMProviders API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IPAMProviderSpec defines the desired state of IPAMProvider.
+ properties:
+ additionalDeployments:
+ additionalProperties:
+ description: |-
+ AdditionalDeployments defines the properties that can be enabled on the controller
+ manager and deployment for the provider if the provider is managing additional deployments.
+ properties:
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the additional provider deployment.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules
+ (e.g. co-locate this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling
+ rules (e.g. avoid putting this pod in the same node,
+ zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set
+ in the container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the
+ Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to
+ distinguish between explicit zero and not specified. Defaults
+ to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled
+ on the controller manager for the additional provider deployment.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should
+ be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains thw controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ type: object
+ description: |-
+ AdditionalDeployments is a map of additional deployments that the provider
+ should manage. The key is the name of the deployment and the value is the
+ DeploymentSpec.
+ type: object
+ additionalManifests:
+ description: |-
+ AdditionalManifests is reference to configmap that contains additional manifests that will be applied
+ together with the provider components. The key for storing these manifests has to be `manifests`.
+ The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the
+ namespace of the provider will be used. There is no validation of the yaml content inside the configmap.
+ properties:
+ name:
+ description: Name defines the name of the configmap.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the configmap.
+ type: string
+ required:
+ - name
+ type: object
+ configSecret:
+ description: |-
+ ConfigSecret is the object with name and namespace of the Secret providing
+ the configuration variables for the current provider instance, like e.g. credentials.
+ Such configurations will be used when creating or upgrading provider components.
+ The contents of the secret will be treated as immutable. If changes need
+ to be made, a new object can be created and the name should be updated.
+ The contents should be in the form of key:value. This secret must be in
+ the same namespace as the provider.
+ properties:
+ name:
+ description: Name defines the name of the secret.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the secret.
+ type: string
+ required:
+ - name
+ type: object
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the provider.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the
+ container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to distinguish
+ between explicit zero and not specified. Defaults to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ fetchConfig:
+ description: |-
+ FetchConfig determines how the operator will fetch the components and metadata for the provider.
+ If nil, the operator will try to fetch components according to default
+ embedded fetch configuration for the given kind and `ObjectMeta.Name`.
+ For example, the infrastructure name `aws` will fetch artifacts from
+ https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
+ properties:
+ selector:
+ description: |-
+ Selector to be used for fetching provider’s components and metadata from
+ ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain
+ components and metadata for a specific version only.
+ Note: the name of the ConfigMap should be set to the version or to override this
+ add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ url:
+ description: |-
+ URL to be used for fetching the provider’s components and metadata from a remote Github repository.
+ For example, https://github.com/{owner}/{repository}/releases
+ You must set `providerSpec.Version` field for operator to pick up
+ desired version of the release from GitHub.
+ type: string
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled on
+ the controller manager for the provider.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains thw controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ manifestPatches:
+ description: |-
+ ManifestPatches are applied to rendered provider manifests to customize the
+ provider manifests. Patches are applied in the order they are specified.
+ The `kind` field must match the target object, and
+ if `apiVersion` is specified it will only be applied to matching objects.
+ This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396
+ items:
+ type: string
+ type: array
+ version:
+ description: Version indicates the provider version.
+ type: string
+ type: object
+ status:
+ description: IPAMProviderStatus defines the observed state of IPAMProvider.
+ properties:
+ conditions:
+ description: Conditions define the current service state of the provider.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ Severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ contract:
+ description: |-
+ Contract will contain the core provider contract that the provider is
+ abiding by, like e.g. v1alpha4.
+ type: string
+ installedVersion:
+ description: InstalledVersion is the version of the provider that
+ is installed.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert'
+ controller-gen.kubebuilder.io/version: v0.14.0
+ helm.sh/resource-policy: keep
+ labels:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ name: runtimeextensionproviders.operator.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1alpha1
+ group: operator.cluster.x-k8s.io
+ names:
+ kind: RuntimeExtensionProvider
+ listKind: RuntimeExtensionProviderList
+ plural: runtimeextensionproviders
+ shortNames:
+ - carep
+ singular: runtimeextensionprovider
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.installedVersion
+ name: InstalledVersion
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: Ready
+ type: string
+ name: v1alpha2
+ schema:
+ openAPIV3Schema:
+ description: RuntimeExtensionProvider is the Schema for the RuntimeExtensionProviders
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RuntimeExtensionProviderSpec defines the desired state of
+ RuntimeExtensionProvider.
+ properties:
+ additionalDeployments:
+ additionalProperties:
+ description: |-
+ AdditionalDeployments defines the properties that can be enabled on the controller
+ manager and deployment for the provider if the provider is managing additional deployments.
+ properties:
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the additional provider deployment.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules
+ (e.g. co-locate this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling
+ rules (e.g. avoid putting this pod in the same node,
+ zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set
+ in the container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the
+ Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to
+ distinguish between explicit zero and not specified. Defaults
+ to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled
+ on the controller manager for the additional provider deployment.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should
+ be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains thw controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ type: object
+ description: |-
+ AdditionalDeployments is a map of additional deployments that the provider
+ should manage. The key is the name of the deployment and the value is the
+ DeploymentSpec.
+ type: object
+ additionalManifests:
+ description: |-
+ AdditionalManifests is reference to configmap that contains additional manifests that will be applied
+ together with the provider components. The key for storing these manifests has to be `manifests`.
+ The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the
+ namespace of the provider will be used. There is no validation of the yaml content inside the configmap.
+ properties:
+ name:
+ description: Name defines the name of the configmap.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the configmap.
+ type: string
+ required:
+ - name
+ type: object
+ configSecret:
+ description: |-
+ ConfigSecret is the object with name and namespace of the Secret providing
+ the configuration variables for the current provider instance, like e.g. credentials.
+ Such configurations will be used when creating or upgrading provider components.
+ The contents of the secret will be treated as immutable. If changes need
+ to be made, a new object can be created and the name should be updated.
+ The contents should be in the form of key:value. This secret must be in
+ the same namespace as the provider.
+ properties:
+ name:
+ description: Name defines the name of the secret.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the secret.
+ type: string
+ required:
+ - name
+ type: object
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the provider.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the
+ container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to distinguish
+ between explicit zero and not specified. Defaults to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ fetchConfig:
+ description: |-
+ FetchConfig determines how the operator will fetch the components and metadata for the provider.
+ If nil, the operator will try to fetch components according to default
+ embedded fetch configuration for the given kind and `ObjectMeta.Name`.
+ For example, the infrastructure name `aws` will fetch artifacts from
+ https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
+ properties:
+ selector:
+ description: |-
+ Selector to be used for fetching provider’s components and metadata from
+ ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain
+ components and metadata for a specific version only.
+ Note: the name of the ConfigMap should be set to the version or to override this
+ add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ url:
+ description: |-
+ URL to be used for fetching the provider’s components and metadata from a remote Github repository.
+ For example, https://github.com/{owner}/{repository}/releases
+ You must set `providerSpec.Version` field for operator to pick up
+ desired version of the release from GitHub.
+ type: string
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled on
+ the controller manager for the provider.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains thw controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ manifestPatches:
+ description: |-
+ ManifestPatches are applied to rendered provider manifests to customize the
+ provider manifests. Patches are applied in the order they are specified.
+ The `kind` field must match the target object, and
+ if `apiVersion` is specified it will only be applied to matching objects.
+ This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396
+ items:
+ type: string
+ type: array
+ version:
+ description: Version indicates the provider version.
+ type: string
+ type: object
+ status:
+ description: RuntimeExtensionProviderStatus defines the observed state
+ of RuntimeExtensionProvider.
+ properties:
+ conditions:
+ description: Conditions define the current service state of the provider.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ Severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ contract:
+ description: |-
+ Contract will contain the core provider contract that the provider is
+ abiding by, like e.g. v1alpha4.
+ type: string
+ installedVersion:
+ description: InstalledVersion is the version of the provider that
+ is installed.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ name: capi-operator-manager
+ namespace: '{{ .Release.Namespace }}'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ name: capi-operator-leader-election-role
+ namespace: '{{ .Release.Namespace }}'
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - configmaps/status
+ verbs:
+ - get
+ - update
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ name: capi-operator-manager-role
+rules:
+- apiGroups:
+ - '*'
+ resources:
+ - '*'
+ verbs:
+ - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ name: capi-operator-leader-election-rolebinding
+ namespace: '{{ .Release.Namespace }}'
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: capi-operator-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: capi-operator-manager
+ namespace: '{{ .Release.Namespace }}'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ name: capi-operator-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: capi-operator-manager-role
+subjects:
+- kind: ServiceAccount
+ name: capi-operator-manager
+ namespace: '{{ .Release.Namespace }}'
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+spec:
+ ports:
+ - port: 443
+ targetPort: 9443
+ selector:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ control-plane: controller-manager
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ labels:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ name: capi-operator-serving-cert
+ namespace: '{{ .Release.Namespace }}'
+spec:
+ dnsNames:
+ - capi-operator-webhook-service.{{ .Release.Namespace }}.svc
+ - capi-operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: capi-operator-selfsigned-issuer
+ secretName: capi-operator-webhook-service-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ labels:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ name: capi-operator-selfsigned-issuer
+ namespace: '{{ .Release.Namespace }}'
+spec:
+ selfSigned: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert'
+ labels:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ name: capi-operator-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /mutate-operator-cluster-x-k8s-io-v1alpha2-addonprovider
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: vaddonprovider.kb.io
+ rules:
+ - apiGroups:
+ - operator.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - addonproviders
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /mutate-operator-cluster-x-k8s-io-v1alpha2-bootstrapprovider
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: vbootstrapprovider.kb.io
+ rules:
+ - apiGroups:
+ - operator.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - bootstrapproviders
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /mutate-operator-cluster-x-k8s-io-v1alpha2-controlplaneprovider
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: vcontrolplaneprovider.kb.io
+ rules:
+ - apiGroups:
+ - operator.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - controlplaneproviders
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /mutate-operator-cluster-x-k8s-io-v1alpha2-coreprovider
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: vcoreprovider.kb.io
+ rules:
+ - apiGroups:
+ - operator.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - coreproviders
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /mutate-operator-cluster-x-k8s-io-v1alpha2-infrastructureprovider
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: vinfrastructureprovider.kb.io
+ rules:
+ - apiGroups:
+ - operator.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - infrastructureproviders
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /mutate-operator-cluster-x-k8s-io-v1alpha2-ipamprovider
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: vipamprovider.kb.io
+ rules:
+ - apiGroups:
+ - operator.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - ipamproviders
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /mutate-operator-cluster-x-k8s-io-v1alpha2-runtimeextensionprovider
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: vruntimeextensionprovider.kb.io
+ rules:
+ - apiGroups:
+ - operator.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - runtimeextensionproviders
+ sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert'
+ labels:
+ clusterctl.cluster.x-k8s.io/core: capi-operator
+ name: capi-operator-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /validate-operator-cluster-x-k8s-io-v1alpha2-addonprovider
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: vaddonprovider.kb.io
+ rules:
+ - apiGroups:
+ - operator.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - addonproviders
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /validate-operator-cluster-x-k8s-io-v1alpha2-bootstrapprovider
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: vbootstrapprovider.kb.io
+ rules:
+ - apiGroups:
+ - operator.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - bootstrapproviders
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /validate-operator-cluster-x-k8s-io-v1alpha2-controlplaneprovider
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: vcontrolplaneprovider.kb.io
+ rules:
+ - apiGroups:
+ - operator.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - controlplaneproviders
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /validate-operator-cluster-x-k8s-io-v1alpha2-coreprovider
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: vcoreprovider.kb.io
+ rules:
+ - apiGroups:
+ - operator.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - coreproviders
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /validate-operator-cluster-x-k8s-io-v1alpha2-infrastructureprovider
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: vinfrastructureprovider.kb.io
+ rules:
+ - apiGroups:
+ - operator.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - infrastructureproviders
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /validate-operator-cluster-x-k8s-io-v1alpha2-ipamprovider
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: vipamprovider.kb.io
+ rules:
+ - apiGroups:
+ - operator.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - ipamproviders
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-operator-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /validate-operator-cluster-x-k8s-io-v1alpha2-runtimeextensionprovider
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: vruntimeextensionprovider.kb.io
+ rules:
+ - apiGroups:
+ - operator.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - runtimeextensionproviders
+ sideEffects: None
diff --git a/rancher-turtles-chart/charts/cluster-api-operator/values.yaml b/rancher-turtles-chart/charts/cluster-api-operator/values.yaml
new file mode 100644
index 0000000..9f97e37
--- /dev/null
+++ b/rancher-turtles-chart/charts/cluster-api-operator/values.yaml
@@ -0,0 +1,69 @@
+---
+# ---
+# Cluster API provider options
+core: ""
+bootstrap: ""
+controlPlane: ""
+infrastructure: ""
+addon: ""
+manager.featureGates: {}
+# ---
+# Common configuration secret options
+configSecret: {}
+# ---
+# CAPI operator deployment options
+logLevel: 2
+replicaCount: 1
+leaderElection:
+ enabled: true
+image:
+ manager:
+ repository: registry.k8s.io/capi-operator/cluster-api-operator
+ tag: v0.12.0
+ pullPolicy: IfNotPresent
+env:
+ manager: []
+healthAddr: ":8081"
+metricsBindAddr: "127.0.0.1:8080"
+diagnosticsAddress: "8443"
+insecureDiagnostics: false
+imagePullSecrets: {}
+resources:
+ manager:
+ limits:
+ cpu: 100m
+ memory: 150Mi
+ requests:
+ cpu: 100m
+ memory: 100Mi
+containerSecurityContext: {}
+affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/arch
+ operator: In
+ values:
+ - amd64
+ - arm64
+ - ppc64le
+ - key: kubernetes.io/os
+ operator: In
+ values:
+ - linux
+tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: capi-operator-webhook-service-cert
+volumeMounts:
+ manager:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
diff --git a/rancher-turtles-chart/questions.yml b/rancher-turtles-chart/questions.yml
new file mode 100644
index 0000000..96e21ef
--- /dev/null
+++ b/rancher-turtles-chart/questions.yml
@@ -0,0 +1,78 @@
+namespace: rancher-turtles-system
+questions:
+- variable: rancherTurtles.features.default
+ default: "false"
+ description: "Customize install settings"
+ label: Customize install settings
+ type: boolean
+ show_subquestion_if: true
+ group: "Rancher Turtles Extra Settings"
+ subquestions:
+ - variable: cluster-api-operator.cert-manager.enabled
+ default: false
+ type: boolean
+ description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually"
+ label: "Enable Cert Manager"
+ - variable: rancherTurtles.features.cluster-api-operator.cleanup
+ default: true
+ description: "Specify that the CAPI Operator post-delete cleanup job will be performed"
+ type: boolean
+ label: Cleanup CAPI Operator installation
+ group: "CAPI Operator cleanup settings"
+ show_subquestion_if: true
+ subquestions:
+ - variable: rancherTurtles.features.cluster-api-operator.kubectlImage
+ default: "rancher/kubectl:v1.30.3"
+ description: "Specify the image to use when cleaning up the Cluster API Operator manifests"
+ type: string
+ label: Cleanup Image
+ group: "CAPI Operator cleanup settings"
+ - variable: rancherTurtles.features.rancher-webhook.cleanup
+ default: true
+ description: "Specify that the Rancher embedded cluster api webhooks should be removed"
+ type: boolean
+ label: Cleanup Rancher Embedded CAPI Webhooks
+ group: "Rancher webhook cleanup settings"
+ show_subquestion_if: true
+ subquestions:
+ - variable: rancherTurtles.features.rancher-webhook.kubectlImage
+ default: "rancher/kubectl:v1.30.3"
+ description: "Specify the image to use when cleaning up the webhooks"
+ type: string
+ label: Webhook Cleanup Image
+ group: "Rancher webhook cleanup settings"
+ - variable: rancherTurtles.features.rancher-kubeconfigs.label
+ default: false
+ description: "(Experimental) Specify that the kubeconfigs generated by Rancher should be automatically patched to contain the CAPI expected labels"
+ type: boolean
+ label: Label Rancher Kubeconfigs
+ group: "Rancher Turtles Features Settings"
+ - variable: rancherTurtles.features.managementv3-cluster.enabled
+ default: true
+ description: "Use v3/management cluster manifest for import, instead of v1/provisioning"
+ type: boolean
+ label: Use management v3 cluster manifest
+ group: "Rancher Turtles Features Settings"
+ - variable: rancherTurtles.features.managementv3-cluster-migration.enabled
+ default: false
+ description: "Automatically migrate between provisioning and management clusters on upgrade"
+ type: boolean
+ label: All imported clusters will use new cluster manifest, replacing old cluster manifest.
+ group: "Rancher Turtles Features Settings"
+ - variable: cluster-api-operator.cluster-api.rke2.enabled
+ default: "true"
+ description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
+ label: "Enable RKE2 Provider"
+ type: boolean
+ - variable: rancherTurtles.features.propagate-labels.enabled
+ default: false
+ description: "(Experimental) Specify that the labels from CAPI should be propagated to Rancher"
+ type: boolean
+ label: Propagate CAPI Labels
+ group: "Rancher Turtles Features Settings"
+ - variable: rancherTurtles.features.addon-provider-fleet.enabled
+ default: false
+ description: "Enable Fleet Addon Provider functionality in Rancher Turtles"
+ type: boolean
+ label: Seamless integration with Fleet and CAPI
+ group: "Rancher Turtles Features Settings"
diff --git a/rancher-turtles-chart/templates/addon-provider-fleet.yaml b/rancher-turtles-chart/templates/addon-provider-fleet.yaml
new file mode 100644
index 0000000..5a6ced8
--- /dev/null
+++ b/rancher-turtles-chart/templates/addon-provider-fleet.yaml
@@ -0,0 +1,44 @@
+{{- if index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled" }}
+---
+apiVersion: turtles-capi.cattle.io/v1alpha1
+kind: CAPIProvider
+metadata:
+ name: fleet
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "2"
+spec:
+ type: addon
+ additionalManifests:
+ name: fleet-addon-config
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: fleet-addon-config
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "2"
+data:
+ manifests: |-
+ apiVersion: addons.cluster.x-k8s.io/v1alpha1
+ kind: FleetAddonConfig
+ metadata:
+ name: fleet-addon-config
+ spec:
+ clusterClass:
+ patchResource: true
+ setOwnerReferences: true
+ cluster:
+ patchResource: true
+ setOwnerReferences: true
+ selector:
+ matchLabels:
+ cluster-api.cattle.io/rancher-auto-import: "true"
+ namespaceSelector:
+ matchLabels:
+ cluster-api.cattle.io/rancher-auto-import: "true"
+{{- end }}
diff --git a/rancher-turtles-chart/templates/azure-rbac.yaml b/rancher-turtles-chart/templates/azure-rbac.yaml
new file mode 100644
index 0000000..fc1d512
--- /dev/null
+++ b/rancher-turtles-chart/templates/azure-rbac.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: caprke2-azure-aggregated-role
+ labels:
+ cluster.x-k8s.io/aggregate-to-capz-manager: "true"
+rules:
+- apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ resources:
+ - rke2configs
+ verbs:
+ - create
+ - update
+ - delete
+ - get
+ - list
+ - patch
+ - watch
\ No newline at end of file
diff --git a/rancher-turtles-chart/templates/clusterctl-config.yaml b/rancher-turtles-chart/templates/clusterctl-config.yaml
new file mode 100644
index 0000000..3fe56dd
--- /dev/null
+++ b/rancher-turtles-chart/templates/clusterctl-config.yaml
@@ -0,0 +1,34 @@
+{{- if index .Values "cluster-api-operator" "enabled" }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: clusterctl-config
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+data:
+ clusterctl.yaml: |
+ providers:
+ # Cluster API core provider
+ - name: "cluster-api"
+ url: "https://github.com/kubernetes-sigs/cluster-api/releases/v1.7.5/core-components.yaml"
+ type: "CoreProvider"
+
+ # Infrastructure providers
+ - name: "metal3"
+ url: "https://github.com/metal3-io/cluster-api-provider-metal3/releases/v1.7.1/infrastructure-components.yaml"
+ type: "InfrastructureProvider"
+
+ # Bootstrap providers
+ - name: "rke2"
+ url: "https://github.com/rancher/cluster-api-provider-rke2/releases/v0.7.0/bootstrap-components.yaml"
+ type: "BootstrapProvider"
+
+ # ControlPlane providers
+ - name: "rke2"
+ url: "https://github.com/rancher/cluster-api-provider-rke2/releases/v0.7.0/control-plane-components.yaml"
+ type: "ControlPlaneProvider"
+
+ # Addon providers
+# - name: "fleet"
+# url: "https://github.com/rancher-sandbox/cluster-api-addon-provider-fleet/releases/v0.3.1/addon-components.yaml"
+# type: "AddonProvider"
+{{- end }}
diff --git a/rancher-turtles-chart/templates/core-provider.yaml b/rancher-turtles-chart/templates/core-provider.yaml
new file mode 100644
index 0000000..d4e7dbf
--- /dev/null
+++ b/rancher-turtles-chart/templates/core-provider.yaml
@@ -0,0 +1,82 @@
+{{- if index .Values "cluster-api-operator" "cluster-api" "enabled" }}
+{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+{{- if not (lookup "v1" "Namespace" "" $namespace) }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "1"
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+{{- end }}
+---
+apiVersion: turtles-capi.cattle.io/v1alpha1
+kind: CAPIProvider
+metadata:
+ name: cluster-api
+ namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "2"
+spec:
+ name: cluster-api
+ type: core
+ version: {{ index .Values "cluster-api-operator" "cluster-api" "version" }}
+ additionalManifests:
+ name: capi-additional-rbac-roles
+ namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+ configSecret:
+{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+{{ else }}
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }}
+{{- end }}
+{{- if or (index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector") }}
+ fetchConfig:
+ {{- if index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url" }}
+ url: {{ index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url" }}
+ {{- end }}
+ {{- if index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector" }}
+ selector: {{ index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector" }}
+ {{- end }}
+{{- end }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "core" "imageUrl" }}
+ deployment:
+ containers:
+ - name: manager
+ imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "core" "imageUrl" }}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: capi-additional-rbac-roles
+ namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "2"
+data:
+ manifests: |-
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+ name: provisioning-rke-cattle-io
+ labels:
+ cluster.x-k8s.io/aggregate-to-manager: "true"
+ rules:
+ - apiGroups: ["rke.cattle.io"]
+ resources: ["*"]
+ verbs: ["*"]
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+ name: provisioning-rke-machine-cattle-io
+ labels:
+ cluster.x-k8s.io/aggregate-to-manager: "true"
+ rules:
+ - apiGroups: ["rke-machine.cattle.io"]
+ resources: ["*"]
+ verbs: ["*"]
+{{- end }}
diff --git a/rancher-turtles-chart/templates/deployment.yaml b/rancher-turtles-chart/templates/deployment.yaml
new file mode 100644
index 0000000..664fd41
--- /dev/null
+++ b/rancher-turtles-chart/templates/deployment.yaml
@@ -0,0 +1,80 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ control-plane: controller-manager
+ name: rancher-turtles-controller-manager
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ control-plane: controller-manager
+ template:
+ metadata:
+ annotations:
+ kubectl.kubernetes.io/default-container: manager
+ labels:
+ control-plane: controller-manager
+ spec:
+ {{- if .Values.rancherTurtles.imagePullSecrets }}
+ imagePullSecrets:
+ {{- range .Values.rancherTurtles.imagePullSecrets }}
+ - name: {{ . }}
+ {{- end }}
+ {{- end }}
+ containers:
+ - args:
+ - --leader-elect
+ - --feature-gates=etcd-snapshot-restore={{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "enabled"}},propagate-labels={{ index .Values "rancherTurtles" "features" "propagate-labels" "enabled"}},managementv3-cluster={{ index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled"}},rancher-kube-secret-patch={{ index .Values "rancherTurtles" "features" "rancher-kubeconfigs" "label"}}
+ {{- range .Values.rancherTurtles.managerArguments }}
+ - {{ . }}
+ {{- end }}
+ command:
+ - /manager
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_UID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.uid
+ {{- if (contains "sha256:" .Values.rancherTurtles.imageVersion) }}
+ image: '{{ .Values.rancherTurtles.image }}@{{ .Values.rancherTurtles.imageVersion }}'
+ {{- else }}
+ image: '{{ .Values.rancherTurtles.image }}:{{ .Values.rancherTurtles.imageVersion }}'
+ {{- end}}
+ imagePullPolicy: '{{ .Values.rancherTurtles.imagePullPolicy }}'
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 9440
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ name: manager
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 9440
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ serviceAccountName: rancher-turtles-manager
+ terminationGracePeriodSeconds: 10
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
diff --git a/rancher-turtles-chart/templates/metal3-infrastructure.yaml b/rancher-turtles-chart/templates/metal3-infrastructure.yaml
new file mode 100644
index 0000000..e531e87
--- /dev/null
+++ b/rancher-turtles-chart/templates/metal3-infrastructure.yaml
@@ -0,0 +1,55 @@
+{{- if and (index .Values "cluster-api-operator" "cluster-api" "enabled") (index .Values "cluster-api-operator" "cluster-api" "metal3" "enabled") }}
+{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }}
+{{- if not (lookup "v1" "Namespace" "" $namespace) }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "1"
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }}
+{{- end }}
+---
+apiVersion: turtles-capi.cattle.io/v1alpha1
+kind: CAPIProvider
+metadata:
+ name: metal3
+ namespace: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }}
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "2"
+spec:
+ name: metal3
+ type: infrastructure
+{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }}
+ version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }}
+{{- end }}
+ configSecret:
+{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+{{ else }}
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }}
+{{- end }}
+{{- if or (index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "selector") }}
+ fetchConfig:
+ {{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "url" }}
+ url: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "url" }}
+ {{- end }}
+ {{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "selector" }}
+ selector: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "selector" }}
+ {{- end }}
+{{- end }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "imageUrl" }}
+ deployment:
+ containers:
+ - name: manager
+ imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "imageUrl" }}
+ additionalDeployments:
+ ipam-controller-manager:
+ deployment:
+ containers:
+ - imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "imageUrl" }}
+ name: manager
+{{- end }}
+{{- end }}
diff --git a/rancher-turtles-chart/templates/post-delete-job.yaml b/rancher-turtles-chart/templates/post-delete-job.yaml
new file mode 100644
index 0000000..277a6d2
--- /dev/null
+++ b/rancher-turtles-chart/templates/post-delete-job.yaml
@@ -0,0 +1,166 @@
+{{- if index .Values "rancherTurtles" "features" "cluster-api-operator" "cleanup" }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: post-delete-job
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": post-delete
+ "helm.sh/hook-weight": "1"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: post-delete-job-delete-webhooks
+ annotations:
+ "helm.sh/hook": post-delete
+ "helm.sh/hook-weight": "1"
+rules:
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ verbs:
+ - delete
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ verbs:
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: post-delete-job-webhook-cleanup
+ annotations:
+ "helm.sh/hook": post-delete
+ "helm.sh/hook-weight": "1"
+subjects:
+ - kind: ServiceAccount
+ name: post-delete-job
+ namespace: rancher-turtles-system
+roleRef:
+ kind: ClusterRole
+ name: post-delete-job-delete-webhooks
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: cluster-api-operator-mutatingwebhook-cleanup
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": post-delete
+ "helm.sh/hook-weight": "2"
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ serviceAccountName: post-delete-job
+ containers:
+ - name: cluster-api-operator-mutatingwebhook-cleanup
+ image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
+ command: ["kubectl"]
+ args:
+ - delete
+ - mutatingwebhookconfigurations.admissionregistration.k8s.io
+ - capi-mutating-webhook-configuration
+ - capi-kubeadm-bootstrap-mutating-webhook-configuration
+ - capi-kubeadm-control-plane-mutating-webhook-configuration
+ - rke2-bootstrap-mutating-webhook-configuration
+ - rke2-control-plane-mutating-webhook-configuration
+ - --ignore-not-found=true
+ restartPolicy: Never
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: cluster-api-operator-validatingwebhook-cleanup
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": post-delete
+ "helm.sh/hook-weight": "2"
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ serviceAccountName: post-delete-job
+ containers:
+ - name: cluster-api-operator-validatingwebhook-cleanup
+ image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
+ command: ["kubectl"]
+ args:
+ - delete
+ - validatingwebhookconfigurations.admissionregistration.k8s.io
+ - capi-validating-webhook-configuration
+ - capi-kubeadm-bootstrap-validating-webhook-configuration
+ - capi-kubeadm-control-plane-validating-webhook-configuration
+ - rke2-bootstrap-validating-webhook-configuration
+ - rke2-control-plane-validating-webhook-configuration
+ - --ignore-not-found=true
+ restartPolicy: Never
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: cluster-api-operator-deployment-cleanup
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": post-delete
+ "helm.sh/hook-weight": "2"
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ serviceAccountName: post-delete-job
+ restartPolicy: Never
+ containers:
+ - name: delete-capi-controller-manager
+ image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
+ command: ["kubectl"]
+ args:
+ - delete
+ - deployments.apps/capi-controller-manager
+ - -n
+ - {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+ - --ignore-not-found=true
+ - name: delete-capi-kubeadm-bootstrap-controller-manager
+ image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
+ command: ["kubectl"]
+ args:
+ - delete
+ - deployments.apps/capi-kubeadm-bootstrap-controller-manager
+ - -n
+ - capi-kubeadm-bootstrap-system
+ - --ignore-not-found=true
+ - name: delete-capi-kubeadm-control-plane-controller-manager
+ image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
+ command: ["kubectl"]
+ args:
+ - delete
+ - deployments.apps/capi-kubeadm-control-plane-controller-manager
+ - -n
+ - capi-kubeadm-control-plane-system
+ - --ignore-not-found=true
+ - name: delete-rke2-kubeadm-bootstrap-controller-manager
+ image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
+ command: ["kubectl"]
+ args:
+ - delete
+ - deployments.apps/rke2-bootstrap-controller-manager
+ - -n
+ - {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
+ - --ignore-not-found=true
+ - name: delete-rke2-control-plane-controller-manager
+ image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
+ command: ["kubectl"]
+ args:
+ - delete
+ - deployments.apps/rke2-control-plane-controller-manager
+ - -n
+ - {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }}
+ - --ignore-not-found=true
+{{- end }}
diff --git a/rancher-turtles-chart/templates/post-upgrade-job.yaml b/rancher-turtles-chart/templates/post-upgrade-job.yaml
new file mode 100644
index 0000000..489f63c
--- /dev/null
+++ b/rancher-turtles-chart/templates/post-upgrade-job.yaml
@@ -0,0 +1,78 @@
+{{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster-migration" "enabled") true }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: post-upgrade-job
+ namespace: rancher-turtles-system
+ annotations:
+ "helm.sh/hook": post-upgrade
+ "helm.sh/hook-weight": "1"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: post-upgrade-job-delete-clusters
+ annotations:
+ "helm.sh/hook": post-upgrade
+ "helm.sh/hook-weight": "1"
+rules:
+- apiGroups:
+ - provisioning.cattle.io
+ resources:
+ - clusters
+ verbs:
+ - list
+ - delete
+- apiGroups:
+ - management.cattle.io
+ resources:
+ - clusters
+ verbs:
+ - list
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: post-upgrade-job-delete-clusters
+ annotations:
+ "helm.sh/hook": post-upgrade
+ "helm.sh/hook-weight": "1"
+subjects:
+ - kind: ServiceAccount
+ name: post-upgrade-job
+ namespace: rancher-turtles-system
+roleRef:
+ kind: ClusterRole
+ name: post-upgrade-job-delete-clusters
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: post-upgrade-delete-clusters
+ annotations:
+ "helm.sh/hook": post-upgrade
+ "helm.sh/hook-weight": "2"
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ serviceAccountName: post-upgrade-job
+ containers:
+ - name: post-upgrade-delete-clusters
+ image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
+ args:
+ - delete
+ {{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled") true }}
+ - clusters.provisioning.cattle.io
+ {{- else }}
+ - clusters.management.cattle.io
+ {{- end }}
+ - --selector=cluster-api.cattle.io/owned
+ - -A
+ - --ignore-not-found=true
+ - --wait
+ restartPolicy: OnFailure
+{{- end }}
diff --git a/rancher-turtles-chart/templates/pre-delete-job.yaml b/rancher-turtles-chart/templates/pre-delete-job.yaml
new file mode 100644
index 0000000..5a8ae84
--- /dev/null
+++ b/rancher-turtles-chart/templates/pre-delete-job.yaml
@@ -0,0 +1,67 @@
+{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: pre-delete-job
+ namespace: rancher-turtles-system
+ annotations:
+ "helm.sh/hook": pre-delete
+ "helm.sh/hook-weight": "-2"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: pre-delete-job-delete-capiproviders
+ annotations:
+ "helm.sh/hook": pre-delete
+ "helm.sh/hook-weight": "-2"
+rules:
+- apiGroups:
+ - turtles-capi.cattle.io
+ resources:
+ - capiproviders
+ verbs:
+ - list
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: pre-delete-job-capiprovider-cleanup
+ annotations:
+ "helm.sh/hook": pre-delete
+ "helm.sh/hook-weight": "-2"
+subjects:
+ - kind: ServiceAccount
+ name: pre-delete-job
+ namespace: rancher-turtles-system
+roleRef:
+ kind: ClusterRole
+ name: pre-delete-job-delete-capiproviders
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: rancher-capiprovider-cleanup
+ namespace: rancher-turtles-system
+ annotations:
+ "helm.sh/hook": pre-delete
+ "helm.sh/hook-weight": "-1"
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ serviceAccountName: pre-delete-job
+ containers:
+ - name: rancher-capiprovider-cleanup
+ image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
+ args:
+ - delete
+ - capiproviders
+ - -A
+ - --all
+ - --cascade=foreground
+ restartPolicy: Never
+{{- end }}
diff --git a/rancher-turtles-chart/templates/pre-install-job.yaml b/rancher-turtles-chart/templates/pre-install-job.yaml
new file mode 100644
index 0000000..9f54d8d
--- /dev/null
+++ b/rancher-turtles-chart/templates/pre-install-job.yaml
@@ -0,0 +1,99 @@
+{{- if index .Values "rancherTurtles" "features" "embedded-capi" "disabled" }}
+---
+apiVersion: management.cattle.io/v3
+kind: Feature
+metadata:
+ name: embedded-cluster-api
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+spec:
+ value: false
+{{- end }}
+{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: pre-install-job
+ namespace: rancher-turtles-system
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: pre-install-job-delete-webhooks
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+rules:
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ verbs:
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: pre-install-job-webhook-cleanup
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+subjects:
+ - kind: ServiceAccount
+ name: pre-install-job
+ namespace: rancher-turtles-system
+roleRef:
+ kind: ClusterRole
+ name: pre-install-job-delete-webhooks
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: rancher-mutatingwebhook-cleanup
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "2"
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ serviceAccountName: pre-install-job
+ containers:
+ - name: rancher-mutatingwebhook-cleanup
+ image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
+ args:
+ - delete
+ - mutatingwebhookconfigurations.admissionregistration.k8s.io
+ - mutating-webhook-configuration
+ - --ignore-not-found=true
+ restartPolicy: Never
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: rancher-validatingwebhook-cleanup
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "2"
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ serviceAccountName: pre-install-job
+ containers:
+ - name: rancher-validatingwebhook-cleanup
+ image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
+ args:
+ - delete
+ - validatingwebhookconfigurations.admissionregistration.k8s.io
+ - validating-webhook-configuration
+ - --ignore-not-found=true
+ restartPolicy: Never
+{{- end }}
diff --git a/rancher-turtles-chart/templates/rancher-turtles-components.yaml b/rancher-turtles-chart/templates/rancher-turtles-components.yaml
new file mode 100644
index 0000000..fceb4e0
--- /dev/null
+++ b/rancher-turtles-chart/templates/rancher-turtles-components.yaml
@@ -0,0 +1,3338 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ helm.sh/resource-policy: keep
+ name: capiproviders.turtles-capi.cattle.io
+spec:
+ group: turtles-capi.cattle.io
+ names:
+ kind: CAPIProvider
+ listKind: CAPIProviderList
+ plural: capiproviders
+ singular: capiprovider
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.type
+ name: Type
+ type: string
+ - jsonPath: .spec.name
+ name: ProviderName
+ type: string
+ - jsonPath: .status.installedVersion
+ name: InstalledVersion
+ type: string
+ - jsonPath: .status.phase
+ name: Phase
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: CAPIProvider is the Schema for the CAPI Providers API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CAPIProviderSpec defines the desired state of CAPIProvider.
+ example:
+ credentials:
+ rancherCloudCredential: user-credential
+ name: aws
+ type: infrastructure
+ version: v2.3.0
+ properties:
+ additionalDeployments:
+ additionalProperties:
+ description: |-
+ AdditionalDeployments defines the properties that can be enabled on the controller
+ manager and deployment for the provider if the provider is managing additional deployments.
+ properties:
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the additional provider deployment.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules
+ (e.g. co-locate this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling
+ rules (e.g. avoid putting this pod in the same node,
+ zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set
+ in the container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the
+ Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to
+ distinguish between explicit zero and not specified. Defaults
+ to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled
+ on the controller manager for the additional provider deployment.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should
+ be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains thw controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ type: object
+ description: |-
+ AdditionalDeployments is a map of additional deployments that the provider
+ should manage. The key is the name of the deployment and the value is the
+ DeploymentSpec.
+ type: object
+ additionalManifests:
+ description: |-
+ AdditionalManifests is reference to configmap that contains additional manifests that will be applied
+ together with the provider components. The key for storing these manifests has to be `manifests`.
+ The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the
+ namespace of the provider will be used. There is no validation of the yaml content inside the configmap.
+ properties:
+ name:
+ description: Name defines the name of the configmap.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the configmap.
+ type: string
+ required:
+ - name
+ type: object
+ configSecret:
+ description: |-
+ ConfigSecret is the object with name and namespace of the Secret providing
+ the configuration variables for the current provider instance, like e.g. credentials.
+ Such configurations will be used when creating or upgrading provider components.
+ The contents of the secret will be treated as immutable. If changes need
+ to be made, a new object can be created and the name should be updated.
+ The contents should be in the form of key:value. This secret must be in
+ the same namespace as the provider.
+ properties:
+ name:
+ description: Name defines the name of the secret.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the secret.
+ type: string
+ required:
+ - name
+ type: object
+ credentials:
+ description: Credentials is the structure holding the credentials
+ to use for the provider. Only one credential type could be set at
+ a time.
+ example:
+ rancherCloudCredential: user-credential
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ rancherCloudCredential:
+ description: RancherCloudCredential is the Rancher Cloud Credential
+ name
+ type: string
+ rancherCloudCredentialNamespaceName:
+ description: RancherCloudCredentialNamespaceName is the Rancher
+ Cloud Credential namespace:name reference
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-validations:
+ - message: rancherCloudCredentialNamespaceName should be in the namespace:name
+ format.
+ rule: '!has(self.rancherCloudCredentialNamespaceName) || self.rancherCloudCredentialNamespaceName.matches(''^.+:.+$'')'
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the provider.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ Also, MatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.
+ Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the
+ container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to distinguish
+ between explicit zero and not specified. Defaults to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ features:
+ description: Features is a collection of features to enable.
+ example:
+ clusterResourceSet: true
+ clusterTopology: true
+ machinePool: true
+ properties:
+ clusterResourceSet:
+ description: ClusterResourceSet if set to true will enable the
+ cluster resource set feature.
+ type: boolean
+ clusterTopology:
+ description: ClusterTopology if set to true will enable the clusterclass
+ feature.
+ type: boolean
+ machinePool:
+ description: MachinePool if set to true will enable the machine
+ pool feature.
+ type: boolean
+ type: object
+ fetchConfig:
+ description: |-
+ FetchConfig determines how the operator will fetch the components and metadata for the provider.
+ If nil, the operator will try to fetch components according to default
+ embedded fetch configuration for the given kind and `ObjectMeta.Name`.
+ For example, the infrastructure name `aws` will fetch artifacts from
+ https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
+ properties:
+ selector:
+ description: |-
+ Selector to be used for fetching provider’s components and metadata from
+ ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain
+ components and metadata for a specific version only.
+ Note: the name of the ConfigMap should be set to the version or to override this
+ add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ url:
+ description: |-
+ URL to be used for fetching the provider’s components and metadata from a remote Github repository.
+ For example, https://github.com/{owner}/{repository}/releases
+ You must set `providerSpec.Version` field for operator to pick up
+ desired version of the release from GitHub.
+ type: string
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled on
+ the controller manager for the provider.
+ properties:
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains thw controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ manifestPatches:
+ description: |-
+ ManifestPatches are applied to rendered provider manifests to customize the
+ provider manifests. Patches are applied in the order they are specified.
+ The `kind` field must match the target object, and
+ if `apiVersion` is specified it will only be applied to matching objects.
+ This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396
+ items:
+ type: string
+ type: array
+ name:
+ description: Name is the name of the provider to enable
+ example: aws
+ type: string
+ type:
+ description: Type is the type of the provider to enable
+ enum:
+ - infrastructure
+ - core
+ - controlPlane
+ - bootstrap
+ - addon
+ - runtimeextension
+ - ipam
+ example: infrastructure
+ type: string
+ variables:
+ additionalProperties:
+ type: string
+ description: Variables is a map of environment variables to add to
+ the content of the ConfigSecret
+ example:
+ CLUSTER_TOPOLOGY: "true"
+ EXP_CLUSTER_RESOURCE_SET: "true"
+ EXP_MACHINE_POOL: "true"
+ type: object
+ version:
+ description: Version indicates the provider version.
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: 'CAPI Provider version should be in the semver format prefixed
+ with ''v''. Example: v1.9.3'
+ rule: '!has(self.version) || self.version.matches(r"""^v([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$""")'
+ - message: Config secret namespace is always equal to the resource namespace
+ and should not be set.
+ rule: '!has(self.configSecret) || !has(self.configSecret.__namespace__)'
+ - message: One of fetchConfig url or selector should be set.
+ rule: '!has(self.fetchConfig) || [has(self.fetchConfig.url), has(self.fetchConfig.selector)].exists_one(e,
+ e)'
+ status:
+ default: {}
+ description: CAPIProviderStatus defines the observed state of CAPIProvider.
+ properties:
+ conditions:
+ description: Conditions define the current service state of the provider.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ Severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ contract:
+ description: |-
+ Contract will contain the core provider contract that the provider is
+ abiding by, like e.g. v1alpha4.
+ type: string
+ installedVersion:
+ description: InstalledVersion is the version of the provider that
+ is installed.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ default: Pending
+ description: Indicates the provider status
+ type: string
+ variables:
+ additionalProperties:
+ type: string
+ default:
+ CLUSTER_TOPOLOGY: "true"
+ EXP_CLUSTER_RESOURCE_SET: "true"
+ EXP_MACHINE_POOL: "true"
+ description: Variables is a map of environment variables added to
+ the content of the ConfigSecret
+ type: object
+ type: object
+ type: object
+ x-kubernetes-validations:
+ - message: CAPI Provider type should always be set.
+ rule: has(self.spec.type)
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: rancher-turtles
+ app.kubernetes.io/instance: controller-manager-sa
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: serviceaccount
+ app.kubernetes.io/part-of: rancher-turtles
+ name: rancher-turtles-manager
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: rancher-turtles
+ app.kubernetes.io/instance: leader-election-role
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: role
+ app.kubernetes.io/part-of: rancher-turtles
+ name: rancher-turtles-leader-election-role
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+---
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ rancher-turtles/aggregate-to-manager: "true"
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: rancher-turtles-aggregated-manager-role
+rules: []
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ rancher-turtles/aggregate-to-manager: "true"
+ name: rancher-turtles-manager-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - events
+ - secrets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters
+ - clusters/status
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - create
+ - get
+ - update
+- apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - '*'
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - management.cattle.io
+ resources:
+ - clusterregistrationtokens
+ - clusterregistrationtokens/status
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+- apiGroups:
+ - management.cattle.io
+ resources:
+ - clusters
+ - clusters/status
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - provisioning.cattle.io
+ resources:
+ - clusters
+ - clusters/status
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - turtles-capi.cattle.io
+ resources:
+ - capiproviders
+ - capiproviders/status
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+ - update
+- apiGroups:
+ - operator.cluster.x-k8s.io
+ resources:
+ - '*'
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - patch
+ - update
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: rancher-turtles
+ app.kubernetes.io/instance: leader-election-rolebinding
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: rolebinding
+ app.kubernetes.io/part-of: rancher-turtles
+ name: rancher-turtles-leader-election-rolebinding
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: rancher-turtles-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: rancher-turtles-manager
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: rancher-turtles
+ app.kubernetes.io/instance: manager-rolebinding
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: clusterrolebinding
+ app.kubernetes.io/part-of: rancher-turtles
+ name: rancher-turtles-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: rancher-turtles-aggregated-manager-role
+subjects:
+- kind: ServiceAccount
+ name: rancher-turtles-manager
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
diff --git a/rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml b/rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml
new file mode 100644
index 0000000..a12bb9f
--- /dev/null
+++ b/rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml
@@ -0,0 +1,123 @@
+{{- if index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "enabled" }}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: etcdmachinesnapshots.turtles-capi.cattle.io
+spec:
+ group: turtles-capi.cattle.io
+ names:
+ kind: EtcdMachineSnapshot
+ listKind: EtcdMachineSnapshotList
+ plural: etcdmachinesnapshots
+ singular: etcdmachinesnapshot
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: EtcdMachineSnapshot is the Schema for the EtcdMachineSnapshot
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EtcdMachineSnapshotSpec defines the desired state of EtcdMachineSnapshot.
+ properties:
+ foo:
+ type: string
+ required:
+ - foo
+ type: object
+ status:
+ default: {}
+ description: EtcdMachineSnapshotStatus defines observed state of EtcdMachineSnapshot.
+ properties:
+ bar:
+ type: string
+ required:
+ - bar
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: etcdsnapshotrestores.turtles-capi.cattle.io
+spec:
+ group: turtles-capi.cattle.io
+ names:
+ kind: EtcdSnapshotRestore
+ listKind: EtcdSnapshotRestoreList
+ plural: etcdsnapshotrestores
+ singular: etcdsnapshotrestore
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: EtcdSnapshotRestore is the schema for the EtcdSnapshotRestore
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EtcdSnapshotRestoreSpec defines the desired state of EtcdSnapshotRestore.
+ properties:
+ foo:
+ type: string
+ required:
+ - foo
+ type: object
+ status:
+ default: {}
+ description: EtcdSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore.
+ properties:
+ bar:
+ type: string
+ required:
+ - bar
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+{{- end }}
diff --git a/rancher-turtles-chart/templates/rke2-bootstrap.yaml b/rancher-turtles-chart/templates/rke2-bootstrap.yaml
new file mode 100644
index 0000000..097b31e
--- /dev/null
+++ b/rancher-turtles-chart/templates/rke2-bootstrap.yaml
@@ -0,0 +1,49 @@
+{{- if and (index .Values "cluster-api-operator" "cluster-api" "enabled") (index .Values "cluster-api-operator" "cluster-api" "rke2" "enabled") }}
+{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
+{{- if not (lookup "v1" "Namespace" "" $namespace) }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "1"
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
+{{- end }}
+---
+apiVersion: turtles-capi.cattle.io/v1alpha1
+kind: CAPIProvider
+metadata:
+ name: rke2-bootstrap
+ namespace: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "2"
+spec:
+ name: rke2
+ type: bootstrap
+{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }}
+ version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }}
+{{- end }}
+ configSecret:
+{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+{{ else }}
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }}
+{{- end }}
+{{- if or (index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "selector") }}
+ fetchConfig:
+ {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "url" }}
+ url: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "url" }}
+ {{- end }}
+ {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "selector" }}
+ selector: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "selector" }}
+ {{- end }}
+{{- end }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "imageUrl" }}
+ deployment:
+ containers:
+ - name: manager
+ imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "imageUrl" }}
+{{- end }}
+{{- end }}
diff --git a/rancher-turtles-chart/templates/rke2-controlplane.yaml b/rancher-turtles-chart/templates/rke2-controlplane.yaml
new file mode 100644
index 0000000..8e2866a
--- /dev/null
+++ b/rancher-turtles-chart/templates/rke2-controlplane.yaml
@@ -0,0 +1,49 @@
+{{- if and (index .Values "cluster-api-operator" "cluster-api" "enabled") (index .Values "cluster-api-operator" "cluster-api" "rke2" "enabled") }}
+{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }}
+{{- if not (lookup "v1" "Namespace" "" $namespace) }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "1"
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }}
+{{- end }}
+---
+apiVersion: turtles-capi.cattle.io/v1alpha1
+kind: CAPIProvider
+metadata:
+ name: rke2-control-plane
+ namespace: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }}
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "2"
+spec:
+ name: rke2
+ type: controlPlane
+{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }}
+ version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }}
+{{- end }}
+ configSecret:
+{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+{{ else }}
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }}
+{{- end }}
+{{- if or (index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "selector") }}
+ fetchConfig:
+ {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "url" }}
+ url: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "url" }}
+ {{- end }}
+ {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "selector" }}
+ selector: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "selector" }}
+ {{- end }}
+{{- end }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "imageUrl" }}
+ deployment:
+ containers:
+ - name: manager
+ imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "imageUrl" }}
+{{- end }}
+{{- end }}
diff --git a/rancher-turtles-chart/values.yaml b/rancher-turtles-chart/values.yaml
new file mode 100644
index 0000000..c1889a2
--- /dev/null
+++ b/rancher-turtles-chart/values.yaml
@@ -0,0 +1,90 @@
+rancherTurtles:
+ image: registry.rancher.com/rancher/rancher/turtles
+ imageVersion: v0.11.0
+ imagePullPolicy: IfNotPresent
+ namespace: rancher-turtles-system
+ managerArguments: []
+ imagePullSecrets: []
+ features:
+ cluster-api-operator:
+ cleanup: true
+ kubectlImage: rancher/kubectl:v1.30.3
+ embedded-capi:
+ disabled: false
+ rancher-webhook:
+ cleanup: false
+ kubectlImage: rancher/kubectl:v1.30.3
+ rancher-kubeconfigs:
+ label: false
+ managementv3-cluster:
+ enabled: true
+ managementv3-cluster-migration:
+ enabled: false
+ propagate-labels:
+ enabled: false
+ etcd-snapshot-restore:
+ enabled: false
+ addon-provider-fleet:
+ enabled: false
+cluster-api-operator:
+ enabled: true
+ cert-manager:
+ enabled: false
+ image:
+ manager:
+ repository: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-operator"
+ tag: 0.12.0
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: capi-operator-webhook-service-cert
+ - name: clusterctl-config
+ configMap:
+ name: clusterctl-config
+ volumeMounts:
+ manager:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ - mountPath: /config
+ name: clusterctl-config
+ readOnly: true
+ cluster-api:
+ enabled: true
+ configSecret:
+ name: ""
+ defaultName: capi-env-variables
+ core:
+ namespace: capi-system
+ imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-controller:1.7.5"
+ fetchConfig:
+ url: ""
+ selector: ""
+ rke2:
+ enabled: true
+ version: ""
+ bootstrap:
+ namespace: rke2-bootstrap-system
+ imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:0.7.1"
+ fetchConfig:
+ url: ""
+ selector: ""
+ controlPlane:
+ namespace: rke2-control-plane-system
+ imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:0.7.1"
+ fetchConfig:
+ url: ""
+ selector: ""
+ metal3:
+ enabled: true
+ version: ""
+ infrastructure:
+ namespace: capm3-system
+ imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-metal3:1.7.1"
+ fetchConfig:
+ url: ""
+ selector: ""
+ ipam:
+ namespace: capm3-system
+ imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%ip-address-manager:1.7.1"