diff --git a/crd/cdi/apiextensions.k8s.io_v1_CustomResourceDefinition_cdis.cdi.kubevirt.io.yaml b/crd/cdi/apiextensions.k8s.io_v1_CustomResourceDefinition_cdis.cdi.kubevirt.io.yaml index 2a9bba9..a1d9548 100644 --- a/crd/cdi/apiextensions.k8s.io_v1_CustomResourceDefinition_cdis.cdi.kubevirt.io.yaml +++ b/crd/cdi/apiextensions.k8s.io_v1_CustomResourceDefinition_cdis.cdi.kubevirt.io.yaml @@ -1,10 +1,10 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 name: cdis.cdi.kubevirt.io spec: - conversion: - strategy: None group: cdi.kubevirt.io names: kind: CDI @@ -23,7 +23,7 @@ spec: - jsonPath: .status.phase name: Phase type: string - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: description: CDI is the CDI Operator CRD @@ -170,6 +170,11 @@ spec: items: type: string type: array + logVerbosity: + description: LogVerbosity overrides the default verbosity level + used to initialize loggers + format: int32 + type: integer podResourceRequirements: description: ResourceRequirements describes the compute resource requirements. @@ -178,7 +183,8 @@ spec: description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable." + feature gate. \n This field is immutable. It can only be + set for containers." items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: @@ -215,7 +221,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object preallocation: @@ -326,6 +333,52 @@ spec: description: Override the URL used when uploading to a DataVolume type: string type: object + customizeComponents: + description: CustomizeComponents defines patches for components deployed + by the CDI operator. + properties: + flags: + description: Configure the value used for deployment and daemonset + resources + properties: + api: + additionalProperties: + type: string + type: object + controller: + additionalProperties: + type: string + type: object + uploadProxy: + additionalProperties: + type: string + type: object + type: object + patches: + items: + description: CustomizeComponentsPatch defines a patch for some + resource. + properties: + patch: + type: string + resourceName: + minLength: 1 + type: string + resourceType: + minLength: 1 + type: string + type: + description: PatchType defines the patch type. + type: string + required: + - patch + - resourceName + - resourceType + - type + type: object + type: array + x-kubernetes-list-type: atomic + type: object imagePullPolicy: description: PullPolicy describes a policy for if/when to pull a container image @@ -335,8 +388,958 @@ spec: - Never type: string infra: - description: Rules on which nodes CDI infrastructure pods will be - scheduled + description: Selectors and tolerations that should apply to cdi infrastructure + components + properties: + affinity: + description: affinity enables pod affinity/anti-affinity placement + expanding the types of constraints that can be expressed with + nodeSelector. affinity is going to be applied to the relevant + kind of pods in parallel with nodeSelector See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + apiServerReplicas: + description: ApiserverReplicas set Replicas for cdi-apiserver + format: int32 + type: integer + deploymentReplicas: + description: DeploymentReplicas set Replicas for cdi-deployment + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: 'nodeSelector is the node selector applied to the + relevant kind of pods It specifies a map of key-value pairs: + for the pod to be eligible to run on a node, the node must have + each of the indicated key-value pairs as labels (it can have + additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector' + type: object + tolerations: + description: tolerations is a list of tolerations applied to the + relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + for more info. These are additional tolerations other than default + ones. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + uploadProxyReplicas: + description: UploadproxyReplicas set Replicas for cdi-uploadproxy + format: int32 + type: integer + type: object + priorityClass: + description: PriorityClass of the CDI control plane + type: string + uninstallStrategy: + description: CDIUninstallStrategy defines the state to leave CDI on + uninstall + enum: + - RemoveWorkloads + - BlockUninstallIfWorkloadsExist + type: string + workload: + description: Restrict on which nodes CDI workload pods will be scheduled properties: affinity: description: affinity enables pod affinity/anti-affinity placement @@ -1263,6 +2266,1368 @@ spec: type: object type: array type: object + type: object + status: + description: CDIStatus defines the status of the installation + properties: + conditions: + description: A list of current conditions of the resource + items: + description: Condition represents the state of the operator's reconciliation + functionality. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + description: ConditionType is the state of the operator's reconciliation + functionality. + type: string + required: + - status + - type + type: object + type: array + observedVersion: + description: The observed version of the resource + type: string + operatorVersion: + description: The version of the resource as defined by the operator + type: string + phase: + description: Phase is the current phase of the deployment + type: string + targetVersion: + description: The desired version of the resource + type: string + type: object + required: + - spec + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.phase + name: Phase + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: CDI is the CDI Operator CRD + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CDISpec defines our specification for the CDI installation + properties: + certConfig: + description: certificate configuration + properties: + ca: + description: CA configuration CA certs are kept in the CA bundle + as long as they are valid + properties: + duration: + description: The requested 'duration' (i.e. lifetime) of the + Certificate. + type: string + renewBefore: + description: The amount of time before the currently issued + certificate's `notAfter` time that we will begin to attempt + to renew the certificate. + type: string + type: object + server: + description: Server configuration Certs are rotated and discarded + properties: + duration: + description: The requested 'duration' (i.e. lifetime) of the + Certificate. + type: string + renewBefore: + description: The amount of time before the currently issued + certificate's `notAfter` time that we will begin to attempt + to renew the certificate. + type: string + type: object + type: object + cloneStrategyOverride: + description: 'Clone strategy override: should we use a host-assisted + copy even if snapshots are available?' + enum: + - copy + - snapshot + - csi-clone + type: string + config: + description: CDIConfig at CDI level + properties: + dataVolumeTTLSeconds: + description: DataVolumeTTLSeconds is the time in seconds after + DataVolume completion it can be garbage collected. Disabled + by default. + format: int32 + type: integer + featureGates: + description: FeatureGates are a list of specific enabled feature + gates + items: + type: string + type: array + filesystemOverhead: + description: FilesystemOverhead describes the space reserved for + overhead when using Filesystem volumes. A value is between 0 + and 1, if not defined it is 0.055 (5.5% overhead) + properties: + global: + description: Global is how much space of a Filesystem volume + should be reserved for overhead. This value is used unless + overridden by a more specific value (per storageClass) + pattern: ^(0(?:\.\d{1,3})?|1)$ + type: string + storageClass: + additionalProperties: + description: 'Percent is a string that can only be a value + between [0,1) (Note: we actually rely on reconcile to + reject invalid values)' + pattern: ^(0(?:\.\d{1,3})?|1)$ + type: string + description: StorageClass specifies how much space of a Filesystem + volume should be reserved for safety. The keys are the storageClass + and the values are the overhead. This value overrides the + global value + type: object + type: object + imagePullSecrets: + description: The imagePullSecrets used to pull the container images + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + importProxy: + description: ImportProxy contains importer pod proxy configuration. + properties: + HTTPProxy: + description: HTTPProxy is the URL http://:@: + of the import proxy for HTTP requests. Empty means unset + and will not result in the import pod env var. + type: string + HTTPSProxy: + description: HTTPSProxy is the URL https://:@: + of the import proxy for HTTPS requests. Empty means unset + and will not result in the import pod env var. + type: string + noProxy: + description: NoProxy is a comma-separated list of hostnames + and/or CIDRs for which the proxy should not be used. Empty + means unset and will not result in the import pod env var. + type: string + trustedCAProxy: + description: "TrustedCAProxy is the name of a ConfigMap in + the cdi namespace that contains a user-provided trusted + certificate authority (CA) bundle. The TrustedCAProxy ConfigMap + is consumed by the DataImportCron controller for creating + cronjobs, and by the import controller referring a copy + of the ConfigMap in the import namespace. Here is an example + of the ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap + metadata: name: my-ca-proxy-cm namespace: cdi data: ca.pem: + | -----BEGIN CERTIFICATE----- ... + ... -----END CERTIFICATE-----" + type: string + type: object + insecureRegistries: + description: InsecureRegistries is a list of TLS disabled registries + items: + type: string + type: array + logVerbosity: + description: LogVerbosity overrides the default verbosity level + used to initialize loggers + format: int32 + type: integer + podResourceRequirements: + description: ResourceRequirements describes the compute resource + requirements. + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be + set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a + container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + preallocation: + description: Preallocation controls whether storage for DataVolumes + should be allocated in advance. + type: boolean + scratchSpaceStorageClass: + description: 'Override the storage class to used for scratch space + during transfer operations. The scratch space storage class + is determined in the following order: 1. value of scratchSpaceStorageClass, + if that doesn''t exist, use the default storage class, if there + is no default storage class, use the storage class of the DataVolume, + if no storage class specified, use no storage class for scratch + space' + type: string + tlsSecurityProfile: + description: TLSSecurityProfile is used by operators to apply + cluster-wide TLS security settings to operands. + properties: + custom: + description: "custom is a user-defined TLS security profile. + Be extremely careful using a custom profile as invalid configurations + can be catastrophic. An example custom profile looks like + this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 + minTLSVersion: TLSv1.1" + nullable: true + properties: + ciphers: + description: "ciphers is used to specify the cipher algorithms + that are negotiated during the TLS handshake. Operators + may remove entries their operands do not support. For + example, to use DES-CBC3-SHA (yaml): \n ciphers: - + DES-CBC3-SHA" + items: + type: string + type: array + minTLSVersion: + description: "minTLSVersion is used to specify the minimal + version of the TLS protocol that is negotiated during + the TLS handshake. For example, to use TLS versions + 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n + NOTE: currently the highest minTLSVersion allowed is + VersionTLS12" + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: "intermediate is a TLS security profile based + on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 + minTLSVersion: TLSv1.2" + nullable: true + type: object + modern: + description: "modern is a TLS security profile based on: \n + https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + nullable: true + type: object + old: + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - + ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 + - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA + - DES-CBC3-SHA minTLSVersion: TLSv1.0" + nullable: true + type: object + type: + description: "type is one of Old, Intermediate, Modern or + Custom. Custom provides the ability to specify individual + TLS security profile parameters. Old, Intermediate and Modern + are TLS security profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + \n The profiles are intent based, so they may change over + time as new ciphers are developed and existing ciphers are + found to be insecure. Depending on precisely which ciphers + are available to a process, the list may be reduced. \n + Note that the Modern profile is currently not supported + because it is not yet well adopted by common software libraries." + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + uploadProxyURLOverride: + description: Override the URL used when uploading to a DataVolume + type: string + type: object + customizeComponents: + description: CustomizeComponents defines patches for components deployed + by the CDI operator. + properties: + flags: + description: Configure the value used for deployment and daemonset + resources + properties: + api: + additionalProperties: + type: string + type: object + controller: + additionalProperties: + type: string + type: object + uploadProxy: + additionalProperties: + type: string + type: object + type: object + patches: + items: + description: CustomizeComponentsPatch defines a patch for some + resource. + properties: + patch: + type: string + resourceName: + minLength: 1 + type: string + resourceType: + minLength: 1 + type: string + type: + description: PatchType defines the patch type. + type: string + required: + - patch + - resourceName + - resourceType + - type + type: object + type: array + x-kubernetes-list-type: atomic + type: object + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull a container + image + enum: + - Always + - IfNotPresent + - Never + type: string + infra: + description: Selectors and tolerations that should apply to cdi infrastructure + components + properties: + affinity: + description: affinity enables pod affinity/anti-affinity placement + expanding the types of constraints that can be expressed with + nodeSelector. affinity is going to be applied to the relevant + kind of pods in parallel with nodeSelector See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + apiServerReplicas: + description: ApiserverReplicas set Replicas for cdi-apiserver + format: int32 + type: integer + deploymentReplicas: + description: DeploymentReplicas set Replicas for cdi-deployment + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: 'nodeSelector is the node selector applied to the + relevant kind of pods It specifies a map of key-value pairs: + for the pod to be eligible to run on a node, the node must have + each of the indicated key-value pairs as labels (it can have + additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector' + type: object + tolerations: + description: tolerations is a list of tolerations applied to the + relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + for more info. These are additional tolerations other than default + ones. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + uploadProxyReplicas: + description: UploadproxyReplicas set Replicas for cdi-uploadproxy + format: int32 + type: integer + type: object priorityClass: description: PriorityClass of the CDI control plane type: string diff --git a/crd/cdi/index.rhai b/crd/cdi/index.rhai index 51f2e8a..aa8c984 100644 --- a/crd/cdi/index.rhai +++ b/crd/cdi/index.rhai @@ -3,7 +3,7 @@ const SRC=src; const DEST=dest; const DOIT=config.apply; const PURGE=config.purge; -const crdFiles=[ +const crdFiles=if config.all {[ "apiextensions.k8s.io_v1_CustomResourceDefinition_cdis.cdi.kubevirt.io.yaml", "apiextensions.k8s.io_v1_CustomResourceDefinition_cdiconfigs.cdi.kubevirt.io.yaml", "apiextensions.k8s.io_v1_CustomResourceDefinition_dataimportcrons.cdi.kubevirt.io.yaml", @@ -14,7 +14,8 @@ const crdFiles=[ "apiextensions.k8s.io_v1_CustomResourceDefinition_volumeclonesources.cdi.kubevirt.io.yaml", "apiextensions.k8s.io_v1_CustomResourceDefinition_volumeimportsources.cdi.kubevirt.io.yaml", "apiextensions.k8s.io_v1_CustomResourceDefinition_volumeuploadsources.cdi.kubevirt.io.yaml", -]; +]} else {["apiextensions.k8s.io_v1_CustomResourceDefinition_cdis.cdi.kubevirt.io.yaml"]}; + fn pre_install() { if ! global::DOIT { return; diff --git a/crd/cdi/index.yaml b/crd/cdi/index.yaml index e72200b..5812341 100644 --- a/crd/cdi/index.yaml +++ b/crd/cdi/index.yaml @@ -6,6 +6,11 @@ metadata: name: cdi description: CRD for Containerized Data Importer options: + all: + default: false + examples: + - false + type: boolean apply: default: true examples: diff --git a/crd/kubevirt/apiextensions.k8s.io_v1_CustomResourceDefinition_kubevirts.kubevirt.io.yaml b/crd/kubevirt/apiextensions.k8s.io_v1_CustomResourceDefinition_kubevirts.kubevirt.io.yaml index 5ce6c7f..3a7e18d 100644 --- a/crd/kubevirt/apiextensions.k8s.io_v1_CustomResourceDefinition_kubevirts.kubevirt.io.yaml +++ b/crd/kubevirt/apiextensions.k8s.io_v1_CustomResourceDefinition_kubevirts.kubevirt.io.yaml @@ -2,19 +2,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" + operator.kubevirt.io: "" name: kubevirts.kubevirt.io spec: - conversion: - strategy: None group: kubevirt.io names: categories: - all kind: KubeVirt - listKind: KubeVirtList plural: kubevirts shortNames: - kv @@ -35,14 +30,19 @@ spec: description: KubeVirt represents the object deploying all KubeVirt resources properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -53,17 +53,18 @@ spec: selfSigned: properties: ca: - description: CA configuration CA certs are kept in the CA - bundle as long as they are valid + description: |- + CA configuration + CA certs are kept in the CA bundle as long as they are valid properties: duration: description: The requested 'duration' (i.e. lifetime) of the Certificate. type: string renewBefore: - description: The amount of time before the currently issued - certificate's "notAfter" time that we will begin to - attempt to renew the certificate. + description: |- + The amount of time before the currently issued certificate's "notAfter" + time that we will begin to attempt to renew the certificate. type: string type: object caOverlapInterval: @@ -77,37 +78,40 @@ spec: description: Deprecated. Use Server.Duration instead type: string server: - description: Server configuration Certs are rotated and discarded + description: |- + Server configuration + Certs are rotated and discarded properties: duration: description: The requested 'duration' (i.e. lifetime) of the Certificate. type: string renewBefore: - description: The amount of time before the currently issued - certificate's "notAfter" time that we will begin to - attempt to renew the certificate. + description: |- + The amount of time before the currently issued certificate's "notAfter" + time that we will begin to attempt to renew the certificate. type: string type: object type: object type: object configuration: - description: holds kubevirt configurations. same as the virt-configMap + description: |- + holds kubevirt configurations. + same as the virt-configMap properties: additionalGuestMemoryOverheadRatio: - description: AdditionalGuestMemoryOverheadRatio can be used to - increase the virtualization infrastructure overhead. This is - useful, since the calculation of this overhead is not accurate - and cannot be entirely known in advance. The ratio that is being - set determines by which factor to increase the overhead calculated - by Kubevirt. A higher ratio means that the VMs would be less - compromised by node pressures, but would mean that fewer VMs - could be scheduled to a node. If not set, the default is 1. + description: |- + AdditionalGuestMemoryOverheadRatio can be used to increase the virtualization infrastructure + overhead. This is useful, since the calculation of this overhead is not accurate and cannot + be entirely known in advance. The ratio that is being set determines by which factor to increase + the overhead calculated by Kubevirt. A higher ratio means that the VMs would be less compromised + by node pressures, but would mean that fewer VMs could be scheduled to a node. + If not set, the default is 1. type: string apiConfiguration: - description: ReloadableComponentConfiguration holds all generic - k8s configuration options which can be reloaded by components - without requiring a restart. + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. properties: restClient: description: RestClient can be used to tune certain aspects @@ -120,13 +124,14 @@ spec: tokenBucketRateLimiter: properties: burst: - description: Maximum burst for throttle. If it's - zero, the component default will be used + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used type: integer qps: - description: QPS indicates the maximum QPS to - the apiserver from this client. If it's zero, - the component default will be used + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used type: number required: - burst @@ -177,57 +182,59 @@ spec: type: object type: object autoCPULimitNamespaceLabelSelector: - description: When set, AutoCPULimitNamespaceLabelSelector will - set a CPU limit on virt-launcher for VMIs running inside namespaces - that match the label selector. The CPU limit will equal the - number of requested vCPUs. This setting does not apply to VMIs - with dedicated CPUs. + description: |- + When set, AutoCPULimitNamespaceLabelSelector will set a CPU limit on virt-launcher for VMIs running inside + namespaces that match the label selector. + The CPU limit will equal the number of requested vCPUs. + This setting does not apply to VMIs with dedicated CPUs. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic controllerConfiguration: - description: ReloadableComponentConfiguration holds all generic - k8s configuration options which can be reloaded by components - without requiring a restart. + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. properties: restClient: description: RestClient can be used to tune certain aspects @@ -240,13 +247,14 @@ spec: tokenBucketRateLimiter: properties: burst: - description: Maximum burst for throttle. If it's - zero, the component default will be used + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used type: integer qps: - description: QPS indicates the maximum QPS to - the apiserver from this client. If it's zero, - the component default will be used + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used type: number required: - burst @@ -269,15 +277,14 @@ spec: description: DeveloperConfiguration holds developer options properties: cpuAllocationRatio: - description: 'For each requested virtual CPU, CPUAllocationRatio - defines how much physical CPU to request per VMI from the - hosting node. The value is in fraction of a CPU thread (or - core on non-hyperthreaded nodes). For example, a value of - 1 means 1 physical CPU thread per VMI CPU thread. A value - of 100 would be 1% of a physical thread allocated for each - requested VMI thread. This option has no effect on VMIs - that request dedicated CPUs. More information at: https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio - Defaults to 10' + description: |- + For each requested virtual CPU, CPUAllocationRatio defines how much physical CPU to request per VMI + from the hosting node. The value is in fraction of a CPU thread (or core on non-hyperthreaded nodes). + For example, a value of 1 means 1 physical CPU thread per VMI CPU thread. + A value of 100 would be 1% of a physical thread allocated for each requested VMI thread. + This option has no effect on VMIs that request dedicated CPUs. More information at: + https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio + Defaults to 10 type: integer diskVerification: description: DiskVerification holds container disks verification @@ -320,57 +327,59 @@ spec: type: integer type: object memoryOvercommit: - description: MemoryOvercommit is the percentage of memory - we want to give VMIs compared to the amount given to its - parent pod (virt-launcher). For example, a value of 102 - means the VMI will "see" 2% more memory than its parent - pod. Values under 100 are effectively "undercommits". Overcommits - can lead to memory exhaustion, which in turn can lead to - crashes. Use carefully. Defaults to 100 + description: |- + MemoryOvercommit is the percentage of memory we want to give VMIs compared to the amount + given to its parent pod (virt-launcher). For example, a value of 102 means the VMI will + "see" 2% more memory than its parent pod. Values under 100 are effectively "undercommits". + Overcommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully. + Defaults to 100 type: integer minimumClusterTSCFrequency: - description: Allow overriding the automatically determined - minimum TSC frequency of the cluster and fixate the minimum - to this frequency. + description: |- + Allow overriding the automatically determined minimum TSC frequency of the cluster + and fixate the minimum to this frequency. format: int64 type: integer minimumReservePVCBytes: - description: MinimumReservePVCBytes is the amount of space, - in bytes, to leave unused on disks. Defaults to 131072 (128KiB) + description: |- + MinimumReservePVCBytes is the amount of space, in bytes, to leave unused on disks. + Defaults to 131072 (128KiB) format: int64 type: integer nodeSelectors: additionalProperties: type: string - description: NodeSelectors allows restricting VMI creation - to nodes that match a set of labels. Defaults to none + description: |- + NodeSelectors allows restricting VMI creation to nodes that match a set of labels. + Defaults to none type: object pvcTolerateLessSpaceUpToPercent: - description: LessPVCSpaceToleration determines how much smaller, - in percentage, disk PVCs are allowed to be compared to the - requested size (to account for various overheads). Defaults - to 10 + description: |- + LessPVCSpaceToleration determines how much smaller, in percentage, disk PVCs are + allowed to be compared to the requested size (to account for various overheads). + Defaults to 10 type: integer useEmulation: - description: UseEmulation can be set to true to allow fallback - to software emulation in case hardware-assisted emulation - is not available. Defaults to false + description: |- + UseEmulation can be set to true to allow fallback to software emulation + in case hardware-assisted emulation is not available. Defaults to false type: boolean type: object emulatedMachines: + description: Deprecated. Use architectureConfiguration instead. items: type: string type: array evictionStrategy: - description: EvictionStrategy defines at the cluster level if - the VirtualMachineInstance should be migrated instead of shut-off - in case of a node drain. If the VirtualMachineInstance specific + description: |- + EvictionStrategy defines at the cluster level if the VirtualMachineInstance should be + migrated instead of shut-off in case of a node drain. If the VirtualMachineInstance specific field is set it overrides the cluster level one. type: string handlerConfiguration: - description: ReloadableComponentConfiguration holds all generic - k8s configuration options which can be reloaded by components - without requiring a restart. + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. properties: restClient: description: RestClient can be used to tune certain aspects @@ -383,13 +392,14 @@ spec: tokenBucketRateLimiter: properties: burst: - description: Maximum burst for throttle. If it's - zero, the component default will be used + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used type: integer qps: - description: QPS indicates the maximum QPS to - the apiserver from this client. If it's zero, - the component default will be used + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used type: number required: - burst @@ -407,16 +417,16 @@ spec: the enabling the KSM in the nodes (if available). properties: nodeLabelSelector: - description: NodeLabelSelector is a selector that filters - in which nodes the KSM will be enabled. Empty NodeLabelSelector - will enable ksm for every node. + description: |- + NodeLabelSelector is a selector that filters in which nodes the KSM will be enabled. + Empty NodeLabelSelector will enable ksm for every node. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: @@ -424,35 +434,36 @@ spec: applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object liveUpdateConfiguration: description: LiveUpdateConfiguration holds defaults for live update @@ -463,6 +474,25 @@ spec: that can be hotplugged format: int32 type: integer + maxGuest: + anyOf: + - type: integer + - type: string + description: |- + MaxGuest defines the maximum amount memory that can be allocated + to the guest using hotplug. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + maxHotplugRatio: + description: |- + MaxHotplugRatio is the ratio used to define the max amount + of a hotplug resource that can be made available to a VM + when the specific Max* setting is not defined (MaxCpuSockets, MaxGuest) + Example: VM is configured with 512Mi of guest memory, if MaxGuest is not + defined and MaxHotplugRatio is 2 then MaxGuest = 1Gi + defaults to 4 + format: int32 + type: integer type: object machineType: description: Deprecated. Use architectureConfiguration instead. @@ -502,10 +532,10 @@ spec: nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must - be true for the vmi to fit on a node. Selector which - must match a node''s labels for the vmi to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the vmi to fit on a node. + Selector which must match a node's labels for the vmi to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object required: - nodeSelector @@ -517,90 +547,84 @@ spec: format: int32 type: integer migrations: - description: MigrationConfiguration holds migration options. Can - be overridden for specific groups of VMs though migration policies. - Visit https://kubevirt.io/user-guide/operations/migration_policies/ - for more information. + description: |- + MigrationConfiguration holds migration options. + Can be overridden for specific groups of VMs though migration policies. + Visit https://kubevirt.io/user-guide/operations/migration_policies/ for more information. properties: allowAutoConverge: - description: AllowAutoConverge allows the platform to compromise - performance/availability of VMIs to guarantee successful - VMI live migrations. Defaults to false + description: |- + AllowAutoConverge allows the platform to compromise performance/availability of VMIs to + guarantee successful VMI live migrations. Defaults to false type: boolean allowPostCopy: - description: AllowPostCopy enables post-copy live migrations. - Such migrations allow even the busiest VMIs to successfully - live-migrate. However, events like a network failure can - cause a VMI crash. If set to true, migrations will still - start in pre-copy, but switch to post-copy when CompletionTimeoutPerGiB - triggers. Defaults to false + description: |- + AllowPostCopy enables post-copy live migrations. Such migrations allow even the busiest VMIs + to successfully live-migrate. However, events like a network failure can cause a VMI crash. + If set to true, migrations will still start in pre-copy, but switch to post-copy when + CompletionTimeoutPerGiB triggers. Defaults to false type: boolean bandwidthPerMigration: anyOf: - type: integer - type: string - description: BandwidthPerMigration limits the amount of network - bandwidth live migrations are allowed to use. The value - is in quantity per second. Defaults to 0 (no limit) + description: |- + BandwidthPerMigration limits the amount of network bandwidth live migrations are allowed to use. + The value is in quantity per second. Defaults to 0 (no limit) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true completionTimeoutPerGiB: - description: CompletionTimeoutPerGiB is the maximum number - of seconds per GiB a migration is allowed to take. If a - live-migration takes longer to migrate than this value multiplied - by the size of the VMI, the migration will be cancelled, - unless AllowPostCopy is true. Defaults to 800 + description: |- + CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take. + If a live-migration takes longer to migrate than this value multiplied by the size of the VMI, + the migration will be cancelled, unless AllowPostCopy is true. Defaults to 800 format: int64 type: integer disableTLS: - description: When set to true, DisableTLS will disable the - additional layer of live migration encryption provided by - KubeVirt. This is usually a bad idea. Defaults to false + description: |- + When set to true, DisableTLS will disable the additional layer of live migration encryption + provided by KubeVirt. This is usually a bad idea. Defaults to false type: boolean matchSELinuxLevelOnMigration: - description: By default, the SELinux level of target virt-launcher - pods is forced to the level of the source virt-launcher. - When set to true, MatchSELinuxLevelOnMigration lets the - CRI auto-assign a random level to the target. That will - ensure the target virt-launcher doesn't share categories - with another pod on the node. However, migrations will fail - when using RWX volumes that don't automatically deal with - SELinux levels. + description: |- + By default, the SELinux level of target virt-launcher pods is forced to the level of the source virt-launcher. + When set to true, MatchSELinuxLevelOnMigration lets the CRI auto-assign a random level to the target. + That will ensure the target virt-launcher doesn't share categories with another pod on the node. + However, migrations will fail when using RWX volumes that don't automatically deal with SELinux levels. type: boolean network: - description: Network is the name of the CNI network to use - for live migrations. By default, migrations go through the - pod network. + description: |- + Network is the name of the CNI network to use for live migrations. By default, migrations go + through the pod network. type: string nodeDrainTaintKey: - description: 'NodeDrainTaintKey defines the taint key that - indicates a node should be drained. Note: this option relies - on the deprecated node taint feature. Default: kubevirt.io/drain' + description: |- + NodeDrainTaintKey defines the taint key that indicates a node should be drained. + Note: this option relies on the deprecated node taint feature. Default: kubevirt.io/drain type: string parallelMigrationsPerCluster: - description: ParallelMigrationsPerCluster is the total number - of concurrent live migrations allowed cluster-wide. Defaults - to 5 + description: |- + ParallelMigrationsPerCluster is the total number of concurrent live migrations + allowed cluster-wide. Defaults to 5 format: int32 type: integer parallelOutboundMigrationsPerNode: - description: ParallelOutboundMigrationsPerNode is the maximum - number of concurrent outgoing live migrations allowed per - node. Defaults to 2 + description: |- + ParallelOutboundMigrationsPerNode is the maximum number of concurrent outgoing live migrations + allowed per node. Defaults to 2 format: int32 type: integer progressTimeout: - description: ProgressTimeout is the maximum number of seconds - a live migration is allowed to make no progress. Hitting - this timeout means a migration transferred 0 data for that - many seconds. The migration is then considered stuck and - therefore cancelled. Defaults to 150 + description: |- + ProgressTimeout is the maximum number of seconds a live migration is allowed to make no progress. + Hitting this timeout means a migration transferred 0 data for that many seconds. The migration is + then considered stuck and therefore cancelled. Defaults to 150 format: int64 type: integer unsafeMigrationOverride: - description: UnsafeMigrationOverride allows live migrations - to occur even if the compatibility check indicates the migration - will be unsafe to the guest. Defaults to false + description: |- + UnsafeMigrationOverride allows live migrations to occur even if the compatibility check + indicates the migration will be unsafe to the guest. Defaults to false type: boolean type: object minCPUModel: @@ -608,11 +632,114 @@ spec: network: description: NetworkConfiguration holds network options properties: + binding: + additionalProperties: + properties: + computeResourceOverhead: + description: |- + ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding. + version: v1alphav1 + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + domainAttachmentType: + description: |- + DomainAttachmentType is a standard domain network attachment method kubevirt supports. + Supported values: "tap". + The standard domain attachment can be used instead or in addition to the sidecarImage. + version: 1alphav1 + type: string + downwardAPI: + description: |- + DownwardAPI specifies what kind of data should be exposed to the binding plugin sidecar. + Supported values: "device-info" + version: v1alphav1 + type: string + migration: + description: |- + Migration means the VM using the plugin can be safely migrated + version: 1alphav1 + properties: + method: + description: |- + Method defines a pre-defined migration methodology + version: 1alphav1 + type: string + type: object + networkAttachmentDefinition: + description: |- + NetworkAttachmentDefinition references to a NetworkAttachmentDefinition CR object. + Format: , /. + If namespace is not specified, VMI namespace is assumed. + version: 1alphav1 + type: string + sidecarImage: + description: |- + SidecarImage references a container image that runs in the virt-launcher pod. + The sidecar handles (libvirt) domain configuration and optional services. + version: 1alphav1 + type: string + type: object + type: object defaultNetworkInterface: type: string permitBridgeInterfaceOnPodNetwork: type: boolean permitSlirpInterface: + description: |- + DeprecatedPermitSlirpInterface is an alias for the deprecated PermitSlirpInterface. + Deprecated: Removed in v1.3. type: boolean type: object obsoleteCPUModels: @@ -620,6 +747,7 @@ spec: type: boolean type: object ovmfPath: + description: Deprecated. Use architectureConfiguration instead. type: string permittedHostDevices: description: PermittedHostDevices holds information about devices @@ -648,20 +776,19 @@ spec: allowed for passthrough properties: externalResourceProvider: - description: If true, KubeVirt will leave the allocation - and monitoring to an external device plugin + description: |- + If true, KubeVirt will leave the allocation and monitoring to an + external device plugin type: boolean pciVendorSelector: description: The vendor_id:product_id tuple of the PCI device type: string resourceName: - description: The name of the resource that is representing - the device. Exposed by a device plugin and requested - by VMs. Typically of the form vendor.com/product_nameThe - name of the resource that is representing the device. - Exposed by a device plugin and requested by VMs. Typically - of the form vendor.com/product_name + description: |- + The name of the resource that is representing the device. Exposed by + a device plugin and requested by VMs. Typically of the form + vendor.com/product_name type: string required: - pciVendorSelector @@ -669,6 +796,37 @@ spec: type: object type: array x-kubernetes-list-type: atomic + usb: + items: + properties: + externalResourceProvider: + description: |- + If true, KubeVirt will leave the allocation and monitoring to an + external device plugin + type: boolean + resourceName: + description: |- + Identifies the list of USB host devices. + e.g: kubevirt.io/storage, kubevirt.io/bootable-usb, etc + type: string + selectors: + items: + properties: + product: + type: string + vendor: + type: string + required: + - product + - vendor + type: object + type: array + x-kubernetes-list-type: atomic + required: + - resourceName + type: object + type: array + x-kubernetes-list-type: atomic type: object seccompConfiguration: description: SeccompConfiguration holds Seccomp configuration @@ -720,19 +878,24 @@ spec: resource requirements. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where - this field is used. It makes that resource available + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available inside a container. type: string required: @@ -749,8 +912,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -759,11 +923,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object type: @@ -790,12 +954,16 @@ spec: type: array x-kubernetes-list-type: set minTLSVersion: - description: "MinTLSVersion is a way to specify the minimum - protocol version that is acceptable for TLS connections. - Protocol versions are based on the following most common - TLS configurations: \n https://ssl-config.mozilla.org/ - \n Note that SSLv3.0 is not a supported protocol version - due to well known vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE" + description: |- + MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections. + Protocol versions are based on the following most common TLS configurations: + + + https://ssl-config.mozilla.org/ + + + Note that SSLv3.0 is not a supported protocol version due to well known + vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE enum: - VersionTLS10 - VersionTLS11 @@ -810,23 +978,36 @@ spec: regarding the virtual machine. properties: disableFreePageReporting: - description: DisableFreePageReporting disable the free page - reporting of memory balloon device https://libvirt.org/formatdomain.html#memory-balloon-device. - This will have effect only if AutoattachMemBalloon is not - false and the vmi is not requesting any high performance - feature (dedicatedCPU/realtime/hugePages), in which free - page reporting is always disabled. + description: |- + DisableFreePageReporting disable the free page reporting of + memory balloon device https://libvirt.org/formatdomain.html#memory-balloon-device. + This will have effect only if AutoattachMemBalloon is not false and the vmi is not + requesting any high performance feature (dedicatedCPU/realtime/hugePages), in which free page reporting is always disabled. + type: object + disableSerialConsoleLog: + description: |- + DisableSerialConsoleLog disables logging the auto-attached default serial console. + If not set, serial console logs will be written to a file and then streamed from a container named 'guest-console-log'. + The value can be individually overridden for each VM, not relevant if AutoattachSerialConsole is disabled. type: object type: object + vmRolloutStrategy: + description: VMRolloutStrategy defines how changes to a VM object + propagate to its VMI + enum: + - Stage + - LiveUpdate + nullable: true + type: string vmStateStorageClass: - description: VMStateStorageClass is the name of the storage class - to use for the PVCs created to preserve VM state, like TPM. + description: |- + VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM. The storage class must support RWX in filesystem mode. type: string webhookConfiguration: - description: ReloadableComponentConfiguration holds all generic - k8s configuration options which can be reloaded by components - without requiring a restart. + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. properties: restClient: description: RestClient can be used to tune certain aspects @@ -839,13 +1020,14 @@ spec: tokenBucketRateLimiter: properties: burst: - description: Maximum burst for throttle. If it's - zero, the component default will be used + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used type: integer qps: - description: QPS indicates the maximum QPS to - the apiserver from this client. If it's zero, - the component default will be used + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used type: number required: - burst @@ -900,26 +1082,32 @@ spec: description: The ImagePullPolicy to use. type: string imagePullSecrets: - description: The imagePullSecrets to pull the container images from + description: |- + The imagePullSecrets to pull the container images from Defaults to none items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object + x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic imageRegistry: - description: The image registry to pull the container images from - Defaults to the same registry the operator's container image is - pulled from. + description: |- + The image registry to pull the container images from + Defaults to the same registry the operator's container image is pulled from. type: string imageTag: - description: The image tag to use for the continer images installed. + description: |- + The image tag to use for the continer images installed. Defaults to the same tag as the operator's container image. type: string infra: @@ -927,38 +1115,36 @@ spec: infrastructure components properties: nodePlacement: - description: nodePlacement describes scheduling configuration - for specific KubeVirt components + description: |- + nodePlacement describes scheduling configuration for specific + KubeVirt components properties: affinity: - description: affinity enables pod affinity/anti-affinity placement - expanding the types of constraints that can be expressed - with nodeSelector. affinity is going to be applied to the - relevant kind of pods in parallel with nodeSelector See - https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + description: |- + affinity enables pod affinity/anti-affinity placement expanding the types of constraints + that can be expressed with nodeSelector. + affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector + See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity properties: nodeAffinity: description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term - matches all objects with implicit weight 0 (i.e. - it's a no-op). A null preferred scheduling term - matches no objects (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated @@ -968,79 +1154,72 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the @@ -1052,105 +1231,100 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to an update), the system may or may not try - to eventually evict the pod from its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them - are ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. @@ -1158,19 +1332,16 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -1181,18 +1352,18 @@ spec: associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of - resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label @@ -1200,131 +1371,144 @@ spec: to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -1332,161 +1516,179 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to a pod label update), the system may or may - not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -1494,19 +1696,16 @@ spec: etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to - the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -1517,18 +1716,18 @@ spec: associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of - resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label @@ -1536,131 +1735,144 @@ spec: to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -1668,281 +1880,311 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - anti-affinity requirements specified by this field - cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may - or may not try to eventually evict the pod from - its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object nodeSelector: additionalProperties: type: string - description: 'nodeSelector is the node selector applied to - the relevant kind of pods It specifies a map of key-value - pairs: for the pod to be eligible to run on a node, the - node must have each of the indicated key-value pairs as - labels (it can have additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector' + description: |- + nodeSelector is the node selector applied to the relevant kind of pods + It specifies a map of key-value pairs: for the pod to be eligible to run on a node, + the node must have each of the indicated key-value pairs as labels + (it can have additional labels as well). + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector type: object tolerations: - description: tolerations is a list of tolerations applied - to the relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - for more info. These are additional tolerations other than - default ones. + description: |- + tolerations is a list of tolerations applied to the relevant kind of pods + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. + These are additional tolerations other than default ones. items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule and - NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. If the - key is empty, operator must be Exists; this combination - means to match all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate all taints of - a particular category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period - of time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the - taint forever (do not evict). Zero and negative values - will be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the value should - be empty, otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object replicas: - description: 'replicas indicates how many replicas should be created - for each KubeVirt infrastructure component (like virt-api or - virt-controller). Defaults to 2. WARNING: this is an advanced - feature that prevents auto-scaling for core kubevirt components. - Please use with caution!' + description: |- + replicas indicates how many replicas should be created for each KubeVirt infrastructure + component (like virt-api or virt-controller). Defaults to 2. + WARNING: this is an advanced feature that prevents auto-scaling for core kubevirt components. Please use with caution! type: integer type: object monitorAccount: - description: The name of the Prometheus service account that needs - read-access to KubeVirt endpoints Defaults to prometheus-k8s + description: |- + The name of the Prometheus service account that needs read-access to KubeVirt endpoints + Defaults to prometheus-k8s type: string monitorNamespace: - description: The namespace Prometheus is deployed in Defaults to openshift-monitor + description: |- + The namespace Prometheus is deployed in + Defaults to openshift-monitor type: string productComponent: - description: Designate the apps.kubevirt.io/component label for KubeVirt - components. Useful if KubeVirt is included as part of a product. - If ProductComponent is not specified, the component label default - value is kubevirt. + description: |- + Designate the apps.kubevirt.io/component label for KubeVirt components. + Useful if KubeVirt is included as part of a product. + If ProductComponent is not specified, the component label default value is kubevirt. type: string productName: - description: Designate the apps.kubevirt.io/part-of label for KubeVirt - components. Useful if KubeVirt is included as part of a product. + description: |- + Designate the apps.kubevirt.io/part-of label for KubeVirt components. + Useful if KubeVirt is included as part of a product. If ProductName is not specified, the part-of label will be omitted. type: string productVersion: - description: Designate the apps.kubevirt.io/version label for KubeVirt - components. Useful if KubeVirt is included as part of a product. + description: |- + Designate the apps.kubevirt.io/version label for KubeVirt components. + Useful if KubeVirt is included as part of a product. If ProductVersion is not specified, KubeVirt's version will be used. type: string serviceMonitorNamespace: - description: The namespace the service monitor will be deployed When - ServiceMonitorNamespace is set, then we'll install the service monitor - object in that namespace otherwise we will use the monitoring namespace. + description: |- + The namespace the service monitor will be deployed + When ServiceMonitorNamespace is set, then we'll install the service monitor object in that namespace + otherwise we will use the monitoring namespace. type: string uninstallStrategy: - description: Specifies if kubevirt can be deleted if workloads are - still present. This is mainly a precaution to avoid accidental data - loss + description: |- + Specifies if kubevirt can be deleted if workloads are still present. + This is mainly a precaution to avoid accidental data loss type: string workloadUpdateStrategy: - description: WorkloadUpdateStrategy defines at the cluster level how - to handle automated workload updates + description: |- + WorkloadUpdateStrategy defines at the cluster level how to handle + automated workload updates properties: batchEvictionInterval: - description: "BatchEvictionInterval Represents the interval to - wait before issuing the next batch of shutdowns \n Defaults - to 1 minute" + description: |- + BatchEvictionInterval Represents the interval to wait before issuing the next + batch of shutdowns + + + Defaults to 1 minute type: string batchEvictionSize: - description: "BatchEvictionSize Represents the number of VMIs - that can be forced updated per the BatchShutdownInteral interval - \n Defaults to 10" + description: |- + BatchEvictionSize Represents the number of VMIs that can be forced updated per + the BatchShutdownInteral interval + + + Defaults to 10 type: integer workloadUpdateMethods: - description: "WorkloadUpdateMethods defines the methods that can - be used to disrupt workloads during automated workload updates. - When multiple methods are present, the least disruptive method - takes precedence over more disruptive methods. For example if - both LiveMigrate and Shutdown methods are listed, only VMs which - are not live migratable will be restarted/shutdown \n An empty - list defaults to no automated workload updating" + description: |- + WorkloadUpdateMethods defines the methods that can be used to disrupt workloads + during automated workload updates. + When multiple methods are present, the least disruptive method takes + precedence over more disruptive methods. For example if both LiveMigrate and Shutdown + methods are listed, only VMs which are not live migratable will be restarted/shutdown + + + An empty list defaults to no automated workload updating items: type: string type: array @@ -1953,38 +2195,36 @@ spec: workloads properties: nodePlacement: - description: nodePlacement describes scheduling configuration - for specific KubeVirt components + description: |- + nodePlacement describes scheduling configuration for specific + KubeVirt components properties: affinity: - description: affinity enables pod affinity/anti-affinity placement - expanding the types of constraints that can be expressed - with nodeSelector. affinity is going to be applied to the - relevant kind of pods in parallel with nodeSelector See - https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + description: |- + affinity enables pod affinity/anti-affinity placement expanding the types of constraints + that can be expressed with nodeSelector. + affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector + See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity properties: nodeAffinity: description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term - matches all objects with implicit weight 0 (i.e. - it's a no-op). A null preferred scheduling term - matches no objects (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated @@ -1994,79 +2234,72 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the @@ -2078,105 +2311,100 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to an update), the system may or may not try - to eventually evict the pod from its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them - are ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. @@ -2184,19 +2412,16 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -2207,18 +2432,18 @@ spec: associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of - resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label @@ -2226,131 +2451,144 @@ spec: to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -2358,161 +2596,179 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to a pod label update), the system may or may - not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -2520,19 +2776,16 @@ spec: etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to - the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -2543,18 +2796,18 @@ spec: associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of - resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label @@ -2562,131 +2815,144 @@ spec: to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -2694,224 +2960,239 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - anti-affinity requirements specified by this field - cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may - or may not try to eventually evict the pod from - its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object nodeSelector: additionalProperties: type: string - description: 'nodeSelector is the node selector applied to - the relevant kind of pods It specifies a map of key-value - pairs: for the pod to be eligible to run on a node, the - node must have each of the indicated key-value pairs as - labels (it can have additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector' + description: |- + nodeSelector is the node selector applied to the relevant kind of pods + It specifies a map of key-value pairs: for the pod to be eligible to run on a node, + the node must have each of the indicated key-value pairs as labels + (it can have additional labels as well). + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector type: object tolerations: - description: tolerations is a list of tolerations applied - to the relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - for more info. These are additional tolerations other than - default ones. + description: |- + tolerations is a list of tolerations applied to the relevant kind of pods + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. + These are additional tolerations other than default ones. items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule and - NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. If the - key is empty, operator must be Exists; this combination - means to match all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate all taints of - a particular category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period - of time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the - taint forever (do not evict). Zero and negative values - will be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the value should - be empty, otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object replicas: - description: 'replicas indicates how many replicas should be created - for each KubeVirt infrastructure component (like virt-api or - virt-controller). Defaults to 2. WARNING: this is an advanced - feature that prevents auto-scaling for core kubevirt components. - Please use with caution!' + description: |- + replicas indicates how many replicas should be created for each KubeVirt infrastructure + component (like virt-api or virt-controller). Defaults to 2. + WARNING: this is an advanced feature that prevents auto-scaling for core kubevirt components. Please use with caution! type: integer type: object type: object @@ -3034,14 +3315,19 @@ spec: description: KubeVirt represents the object deploying all KubeVirt resources properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -3052,17 +3338,18 @@ spec: selfSigned: properties: ca: - description: CA configuration CA certs are kept in the CA - bundle as long as they are valid + description: |- + CA configuration + CA certs are kept in the CA bundle as long as they are valid properties: duration: description: The requested 'duration' (i.e. lifetime) of the Certificate. type: string renewBefore: - description: The amount of time before the currently issued - certificate's "notAfter" time that we will begin to - attempt to renew the certificate. + description: |- + The amount of time before the currently issued certificate's "notAfter" + time that we will begin to attempt to renew the certificate. type: string type: object caOverlapInterval: @@ -3076,37 +3363,40 @@ spec: description: Deprecated. Use Server.Duration instead type: string server: - description: Server configuration Certs are rotated and discarded + description: |- + Server configuration + Certs are rotated and discarded properties: duration: description: The requested 'duration' (i.e. lifetime) of the Certificate. type: string renewBefore: - description: The amount of time before the currently issued - certificate's "notAfter" time that we will begin to - attempt to renew the certificate. + description: |- + The amount of time before the currently issued certificate's "notAfter" + time that we will begin to attempt to renew the certificate. type: string type: object type: object type: object configuration: - description: holds kubevirt configurations. same as the virt-configMap + description: |- + holds kubevirt configurations. + same as the virt-configMap properties: additionalGuestMemoryOverheadRatio: - description: AdditionalGuestMemoryOverheadRatio can be used to - increase the virtualization infrastructure overhead. This is - useful, since the calculation of this overhead is not accurate - and cannot be entirely known in advance. The ratio that is being - set determines by which factor to increase the overhead calculated - by Kubevirt. A higher ratio means that the VMs would be less - compromised by node pressures, but would mean that fewer VMs - could be scheduled to a node. If not set, the default is 1. + description: |- + AdditionalGuestMemoryOverheadRatio can be used to increase the virtualization infrastructure + overhead. This is useful, since the calculation of this overhead is not accurate and cannot + be entirely known in advance. The ratio that is being set determines by which factor to increase + the overhead calculated by Kubevirt. A higher ratio means that the VMs would be less compromised + by node pressures, but would mean that fewer VMs could be scheduled to a node. + If not set, the default is 1. type: string apiConfiguration: - description: ReloadableComponentConfiguration holds all generic - k8s configuration options which can be reloaded by components - without requiring a restart. + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. properties: restClient: description: RestClient can be used to tune certain aspects @@ -3119,13 +3409,14 @@ spec: tokenBucketRateLimiter: properties: burst: - description: Maximum burst for throttle. If it's - zero, the component default will be used + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used type: integer qps: - description: QPS indicates the maximum QPS to - the apiserver from this client. If it's zero, - the component default will be used + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used type: number required: - burst @@ -3176,57 +3467,59 @@ spec: type: object type: object autoCPULimitNamespaceLabelSelector: - description: When set, AutoCPULimitNamespaceLabelSelector will - set a CPU limit on virt-launcher for VMIs running inside namespaces - that match the label selector. The CPU limit will equal the - number of requested vCPUs. This setting does not apply to VMIs - with dedicated CPUs. + description: |- + When set, AutoCPULimitNamespaceLabelSelector will set a CPU limit on virt-launcher for VMIs running inside + namespaces that match the label selector. + The CPU limit will equal the number of requested vCPUs. + This setting does not apply to VMIs with dedicated CPUs. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic controllerConfiguration: - description: ReloadableComponentConfiguration holds all generic - k8s configuration options which can be reloaded by components - without requiring a restart. + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. properties: restClient: description: RestClient can be used to tune certain aspects @@ -3239,13 +3532,14 @@ spec: tokenBucketRateLimiter: properties: burst: - description: Maximum burst for throttle. If it's - zero, the component default will be used + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used type: integer qps: - description: QPS indicates the maximum QPS to - the apiserver from this client. If it's zero, - the component default will be used + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used type: number required: - burst @@ -3268,15 +3562,14 @@ spec: description: DeveloperConfiguration holds developer options properties: cpuAllocationRatio: - description: 'For each requested virtual CPU, CPUAllocationRatio - defines how much physical CPU to request per VMI from the - hosting node. The value is in fraction of a CPU thread (or - core on non-hyperthreaded nodes). For example, a value of - 1 means 1 physical CPU thread per VMI CPU thread. A value - of 100 would be 1% of a physical thread allocated for each - requested VMI thread. This option has no effect on VMIs - that request dedicated CPUs. More information at: https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio - Defaults to 10' + description: |- + For each requested virtual CPU, CPUAllocationRatio defines how much physical CPU to request per VMI + from the hosting node. The value is in fraction of a CPU thread (or core on non-hyperthreaded nodes). + For example, a value of 1 means 1 physical CPU thread per VMI CPU thread. + A value of 100 would be 1% of a physical thread allocated for each requested VMI thread. + This option has no effect on VMIs that request dedicated CPUs. More information at: + https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio + Defaults to 10 type: integer diskVerification: description: DiskVerification holds container disks verification @@ -3319,57 +3612,59 @@ spec: type: integer type: object memoryOvercommit: - description: MemoryOvercommit is the percentage of memory - we want to give VMIs compared to the amount given to its - parent pod (virt-launcher). For example, a value of 102 - means the VMI will "see" 2% more memory than its parent - pod. Values under 100 are effectively "undercommits". Overcommits - can lead to memory exhaustion, which in turn can lead to - crashes. Use carefully. Defaults to 100 + description: |- + MemoryOvercommit is the percentage of memory we want to give VMIs compared to the amount + given to its parent pod (virt-launcher). For example, a value of 102 means the VMI will + "see" 2% more memory than its parent pod. Values under 100 are effectively "undercommits". + Overcommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully. + Defaults to 100 type: integer minimumClusterTSCFrequency: - description: Allow overriding the automatically determined - minimum TSC frequency of the cluster and fixate the minimum - to this frequency. + description: |- + Allow overriding the automatically determined minimum TSC frequency of the cluster + and fixate the minimum to this frequency. format: int64 type: integer minimumReservePVCBytes: - description: MinimumReservePVCBytes is the amount of space, - in bytes, to leave unused on disks. Defaults to 131072 (128KiB) + description: |- + MinimumReservePVCBytes is the amount of space, in bytes, to leave unused on disks. + Defaults to 131072 (128KiB) format: int64 type: integer nodeSelectors: additionalProperties: type: string - description: NodeSelectors allows restricting VMI creation - to nodes that match a set of labels. Defaults to none + description: |- + NodeSelectors allows restricting VMI creation to nodes that match a set of labels. + Defaults to none type: object pvcTolerateLessSpaceUpToPercent: - description: LessPVCSpaceToleration determines how much smaller, - in percentage, disk PVCs are allowed to be compared to the - requested size (to account for various overheads). Defaults - to 10 + description: |- + LessPVCSpaceToleration determines how much smaller, in percentage, disk PVCs are + allowed to be compared to the requested size (to account for various overheads). + Defaults to 10 type: integer useEmulation: - description: UseEmulation can be set to true to allow fallback - to software emulation in case hardware-assisted emulation - is not available. Defaults to false + description: |- + UseEmulation can be set to true to allow fallback to software emulation + in case hardware-assisted emulation is not available. Defaults to false type: boolean type: object emulatedMachines: + description: Deprecated. Use architectureConfiguration instead. items: type: string type: array evictionStrategy: - description: EvictionStrategy defines at the cluster level if - the VirtualMachineInstance should be migrated instead of shut-off - in case of a node drain. If the VirtualMachineInstance specific + description: |- + EvictionStrategy defines at the cluster level if the VirtualMachineInstance should be + migrated instead of shut-off in case of a node drain. If the VirtualMachineInstance specific field is set it overrides the cluster level one. type: string handlerConfiguration: - description: ReloadableComponentConfiguration holds all generic - k8s configuration options which can be reloaded by components - without requiring a restart. + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. properties: restClient: description: RestClient can be used to tune certain aspects @@ -3382,13 +3677,14 @@ spec: tokenBucketRateLimiter: properties: burst: - description: Maximum burst for throttle. If it's - zero, the component default will be used + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used type: integer qps: - description: QPS indicates the maximum QPS to - the apiserver from this client. If it's zero, - the component default will be used + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used type: number required: - burst @@ -3406,16 +3702,16 @@ spec: the enabling the KSM in the nodes (if available). properties: nodeLabelSelector: - description: NodeLabelSelector is a selector that filters - in which nodes the KSM will be enabled. Empty NodeLabelSelector - will enable ksm for every node. + description: |- + NodeLabelSelector is a selector that filters in which nodes the KSM will be enabled. + Empty NodeLabelSelector will enable ksm for every node. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: @@ -3423,35 +3719,36 @@ spec: applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object liveUpdateConfiguration: description: LiveUpdateConfiguration holds defaults for live update @@ -3462,6 +3759,25 @@ spec: that can be hotplugged format: int32 type: integer + maxGuest: + anyOf: + - type: integer + - type: string + description: |- + MaxGuest defines the maximum amount memory that can be allocated + to the guest using hotplug. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + maxHotplugRatio: + description: |- + MaxHotplugRatio is the ratio used to define the max amount + of a hotplug resource that can be made available to a VM + when the specific Max* setting is not defined (MaxCpuSockets, MaxGuest) + Example: VM is configured with 512Mi of guest memory, if MaxGuest is not + defined and MaxHotplugRatio is 2 then MaxGuest = 1Gi + defaults to 4 + format: int32 + type: integer type: object machineType: description: Deprecated. Use architectureConfiguration instead. @@ -3501,10 +3817,10 @@ spec: nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must - be true for the vmi to fit on a node. Selector which - must match a node''s labels for the vmi to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the vmi to fit on a node. + Selector which must match a node's labels for the vmi to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object required: - nodeSelector @@ -3516,90 +3832,84 @@ spec: format: int32 type: integer migrations: - description: MigrationConfiguration holds migration options. Can - be overridden for specific groups of VMs though migration policies. - Visit https://kubevirt.io/user-guide/operations/migration_policies/ - for more information. + description: |- + MigrationConfiguration holds migration options. + Can be overridden for specific groups of VMs though migration policies. + Visit https://kubevirt.io/user-guide/operations/migration_policies/ for more information. properties: allowAutoConverge: - description: AllowAutoConverge allows the platform to compromise - performance/availability of VMIs to guarantee successful - VMI live migrations. Defaults to false + description: |- + AllowAutoConverge allows the platform to compromise performance/availability of VMIs to + guarantee successful VMI live migrations. Defaults to false type: boolean allowPostCopy: - description: AllowPostCopy enables post-copy live migrations. - Such migrations allow even the busiest VMIs to successfully - live-migrate. However, events like a network failure can - cause a VMI crash. If set to true, migrations will still - start in pre-copy, but switch to post-copy when CompletionTimeoutPerGiB - triggers. Defaults to false + description: |- + AllowPostCopy enables post-copy live migrations. Such migrations allow even the busiest VMIs + to successfully live-migrate. However, events like a network failure can cause a VMI crash. + If set to true, migrations will still start in pre-copy, but switch to post-copy when + CompletionTimeoutPerGiB triggers. Defaults to false type: boolean bandwidthPerMigration: anyOf: - type: integer - type: string - description: BandwidthPerMigration limits the amount of network - bandwidth live migrations are allowed to use. The value - is in quantity per second. Defaults to 0 (no limit) + description: |- + BandwidthPerMigration limits the amount of network bandwidth live migrations are allowed to use. + The value is in quantity per second. Defaults to 0 (no limit) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true completionTimeoutPerGiB: - description: CompletionTimeoutPerGiB is the maximum number - of seconds per GiB a migration is allowed to take. If a - live-migration takes longer to migrate than this value multiplied - by the size of the VMI, the migration will be cancelled, - unless AllowPostCopy is true. Defaults to 800 + description: |- + CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take. + If a live-migration takes longer to migrate than this value multiplied by the size of the VMI, + the migration will be cancelled, unless AllowPostCopy is true. Defaults to 800 format: int64 type: integer disableTLS: - description: When set to true, DisableTLS will disable the - additional layer of live migration encryption provided by - KubeVirt. This is usually a bad idea. Defaults to false + description: |- + When set to true, DisableTLS will disable the additional layer of live migration encryption + provided by KubeVirt. This is usually a bad idea. Defaults to false type: boolean matchSELinuxLevelOnMigration: - description: By default, the SELinux level of target virt-launcher - pods is forced to the level of the source virt-launcher. - When set to true, MatchSELinuxLevelOnMigration lets the - CRI auto-assign a random level to the target. That will - ensure the target virt-launcher doesn't share categories - with another pod on the node. However, migrations will fail - when using RWX volumes that don't automatically deal with - SELinux levels. + description: |- + By default, the SELinux level of target virt-launcher pods is forced to the level of the source virt-launcher. + When set to true, MatchSELinuxLevelOnMigration lets the CRI auto-assign a random level to the target. + That will ensure the target virt-launcher doesn't share categories with another pod on the node. + However, migrations will fail when using RWX volumes that don't automatically deal with SELinux levels. type: boolean network: - description: Network is the name of the CNI network to use - for live migrations. By default, migrations go through the - pod network. + description: |- + Network is the name of the CNI network to use for live migrations. By default, migrations go + through the pod network. type: string nodeDrainTaintKey: - description: 'NodeDrainTaintKey defines the taint key that - indicates a node should be drained. Note: this option relies - on the deprecated node taint feature. Default: kubevirt.io/drain' + description: |- + NodeDrainTaintKey defines the taint key that indicates a node should be drained. + Note: this option relies on the deprecated node taint feature. Default: kubevirt.io/drain type: string parallelMigrationsPerCluster: - description: ParallelMigrationsPerCluster is the total number - of concurrent live migrations allowed cluster-wide. Defaults - to 5 + description: |- + ParallelMigrationsPerCluster is the total number of concurrent live migrations + allowed cluster-wide. Defaults to 5 format: int32 type: integer parallelOutboundMigrationsPerNode: - description: ParallelOutboundMigrationsPerNode is the maximum - number of concurrent outgoing live migrations allowed per - node. Defaults to 2 + description: |- + ParallelOutboundMigrationsPerNode is the maximum number of concurrent outgoing live migrations + allowed per node. Defaults to 2 format: int32 type: integer progressTimeout: - description: ProgressTimeout is the maximum number of seconds - a live migration is allowed to make no progress. Hitting - this timeout means a migration transferred 0 data for that - many seconds. The migration is then considered stuck and - therefore cancelled. Defaults to 150 + description: |- + ProgressTimeout is the maximum number of seconds a live migration is allowed to make no progress. + Hitting this timeout means a migration transferred 0 data for that many seconds. The migration is + then considered stuck and therefore cancelled. Defaults to 150 format: int64 type: integer unsafeMigrationOverride: - description: UnsafeMigrationOverride allows live migrations - to occur even if the compatibility check indicates the migration - will be unsafe to the guest. Defaults to false + description: |- + UnsafeMigrationOverride allows live migrations to occur even if the compatibility check + indicates the migration will be unsafe to the guest. Defaults to false type: boolean type: object minCPUModel: @@ -3607,11 +3917,114 @@ spec: network: description: NetworkConfiguration holds network options properties: + binding: + additionalProperties: + properties: + computeResourceOverhead: + description: |- + ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding. + version: v1alphav1 + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + domainAttachmentType: + description: |- + DomainAttachmentType is a standard domain network attachment method kubevirt supports. + Supported values: "tap". + The standard domain attachment can be used instead or in addition to the sidecarImage. + version: 1alphav1 + type: string + downwardAPI: + description: |- + DownwardAPI specifies what kind of data should be exposed to the binding plugin sidecar. + Supported values: "device-info" + version: v1alphav1 + type: string + migration: + description: |- + Migration means the VM using the plugin can be safely migrated + version: 1alphav1 + properties: + method: + description: |- + Method defines a pre-defined migration methodology + version: 1alphav1 + type: string + type: object + networkAttachmentDefinition: + description: |- + NetworkAttachmentDefinition references to a NetworkAttachmentDefinition CR object. + Format: , /. + If namespace is not specified, VMI namespace is assumed. + version: 1alphav1 + type: string + sidecarImage: + description: |- + SidecarImage references a container image that runs in the virt-launcher pod. + The sidecar handles (libvirt) domain configuration and optional services. + version: 1alphav1 + type: string + type: object + type: object defaultNetworkInterface: type: string permitBridgeInterfaceOnPodNetwork: type: boolean permitSlirpInterface: + description: |- + DeprecatedPermitSlirpInterface is an alias for the deprecated PermitSlirpInterface. + Deprecated: Removed in v1.3. type: boolean type: object obsoleteCPUModels: @@ -3619,6 +4032,7 @@ spec: type: boolean type: object ovmfPath: + description: Deprecated. Use architectureConfiguration instead. type: string permittedHostDevices: description: PermittedHostDevices holds information about devices @@ -3647,20 +4061,19 @@ spec: allowed for passthrough properties: externalResourceProvider: - description: If true, KubeVirt will leave the allocation - and monitoring to an external device plugin + description: |- + If true, KubeVirt will leave the allocation and monitoring to an + external device plugin type: boolean pciVendorSelector: description: The vendor_id:product_id tuple of the PCI device type: string resourceName: - description: The name of the resource that is representing - the device. Exposed by a device plugin and requested - by VMs. Typically of the form vendor.com/product_nameThe - name of the resource that is representing the device. - Exposed by a device plugin and requested by VMs. Typically - of the form vendor.com/product_name + description: |- + The name of the resource that is representing the device. Exposed by + a device plugin and requested by VMs. Typically of the form + vendor.com/product_name type: string required: - pciVendorSelector @@ -3668,6 +4081,37 @@ spec: type: object type: array x-kubernetes-list-type: atomic + usb: + items: + properties: + externalResourceProvider: + description: |- + If true, KubeVirt will leave the allocation and monitoring to an + external device plugin + type: boolean + resourceName: + description: |- + Identifies the list of USB host devices. + e.g: kubevirt.io/storage, kubevirt.io/bootable-usb, etc + type: string + selectors: + items: + properties: + product: + type: string + vendor: + type: string + required: + - product + - vendor + type: object + type: array + x-kubernetes-list-type: atomic + required: + - resourceName + type: object + type: array + x-kubernetes-list-type: atomic type: object seccompConfiguration: description: SeccompConfiguration holds Seccomp configuration @@ -3719,19 +4163,24 @@ spec: resource requirements. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where - this field is used. It makes that resource available + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available inside a container. type: string required: @@ -3748,8 +4197,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -3758,11 +4208,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object type: @@ -3789,12 +4239,16 @@ spec: type: array x-kubernetes-list-type: set minTLSVersion: - description: "MinTLSVersion is a way to specify the minimum - protocol version that is acceptable for TLS connections. - Protocol versions are based on the following most common - TLS configurations: \n https://ssl-config.mozilla.org/ - \n Note that SSLv3.0 is not a supported protocol version - due to well known vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE" + description: |- + MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections. + Protocol versions are based on the following most common TLS configurations: + + + https://ssl-config.mozilla.org/ + + + Note that SSLv3.0 is not a supported protocol version due to well known + vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE enum: - VersionTLS10 - VersionTLS11 @@ -3809,23 +4263,36 @@ spec: regarding the virtual machine. properties: disableFreePageReporting: - description: DisableFreePageReporting disable the free page - reporting of memory balloon device https://libvirt.org/formatdomain.html#memory-balloon-device. - This will have effect only if AutoattachMemBalloon is not - false and the vmi is not requesting any high performance - feature (dedicatedCPU/realtime/hugePages), in which free - page reporting is always disabled. + description: |- + DisableFreePageReporting disable the free page reporting of + memory balloon device https://libvirt.org/formatdomain.html#memory-balloon-device. + This will have effect only if AutoattachMemBalloon is not false and the vmi is not + requesting any high performance feature (dedicatedCPU/realtime/hugePages), in which free page reporting is always disabled. + type: object + disableSerialConsoleLog: + description: |- + DisableSerialConsoleLog disables logging the auto-attached default serial console. + If not set, serial console logs will be written to a file and then streamed from a container named 'guest-console-log'. + The value can be individually overridden for each VM, not relevant if AutoattachSerialConsole is disabled. type: object type: object + vmRolloutStrategy: + description: VMRolloutStrategy defines how changes to a VM object + propagate to its VMI + enum: + - Stage + - LiveUpdate + nullable: true + type: string vmStateStorageClass: - description: VMStateStorageClass is the name of the storage class - to use for the PVCs created to preserve VM state, like TPM. + description: |- + VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM. The storage class must support RWX in filesystem mode. type: string webhookConfiguration: - description: ReloadableComponentConfiguration holds all generic - k8s configuration options which can be reloaded by components - without requiring a restart. + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. properties: restClient: description: RestClient can be used to tune certain aspects @@ -3838,13 +4305,14 @@ spec: tokenBucketRateLimiter: properties: burst: - description: Maximum burst for throttle. If it's - zero, the component default will be used + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used type: integer qps: - description: QPS indicates the maximum QPS to - the apiserver from this client. If it's zero, - the component default will be used + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used type: number required: - burst @@ -3899,26 +4367,32 @@ spec: description: The ImagePullPolicy to use. type: string imagePullSecrets: - description: The imagePullSecrets to pull the container images from + description: |- + The imagePullSecrets to pull the container images from Defaults to none items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object + x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic imageRegistry: - description: The image registry to pull the container images from - Defaults to the same registry the operator's container image is - pulled from. + description: |- + The image registry to pull the container images from + Defaults to the same registry the operator's container image is pulled from. type: string imageTag: - description: The image tag to use for the continer images installed. + description: |- + The image tag to use for the continer images installed. Defaults to the same tag as the operator's container image. type: string infra: @@ -3926,38 +4400,36 @@ spec: infrastructure components properties: nodePlacement: - description: nodePlacement describes scheduling configuration - for specific KubeVirt components + description: |- + nodePlacement describes scheduling configuration for specific + KubeVirt components properties: affinity: - description: affinity enables pod affinity/anti-affinity placement - expanding the types of constraints that can be expressed - with nodeSelector. affinity is going to be applied to the - relevant kind of pods in parallel with nodeSelector See - https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + description: |- + affinity enables pod affinity/anti-affinity placement expanding the types of constraints + that can be expressed with nodeSelector. + affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector + See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity properties: nodeAffinity: description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term - matches all objects with implicit weight 0 (i.e. - it's a no-op). A null preferred scheduling term - matches no objects (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated @@ -3967,79 +4439,72 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the @@ -4051,105 +4516,100 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to an update), the system may or may not try - to eventually evict the pod from its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them - are ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. @@ -4157,19 +4617,16 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -4180,18 +4637,18 @@ spec: associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of - resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label @@ -4199,131 +4656,144 @@ spec: to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -4331,161 +4801,179 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to a pod label update), the system may or may - not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -4493,19 +4981,16 @@ spec: etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to - the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -4516,18 +5001,18 @@ spec: associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of - resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label @@ -4535,131 +5020,144 @@ spec: to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -4667,281 +5165,311 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - anti-affinity requirements specified by this field - cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may - or may not try to eventually evict the pod from - its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object nodeSelector: additionalProperties: type: string - description: 'nodeSelector is the node selector applied to - the relevant kind of pods It specifies a map of key-value - pairs: for the pod to be eligible to run on a node, the - node must have each of the indicated key-value pairs as - labels (it can have additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector' + description: |- + nodeSelector is the node selector applied to the relevant kind of pods + It specifies a map of key-value pairs: for the pod to be eligible to run on a node, + the node must have each of the indicated key-value pairs as labels + (it can have additional labels as well). + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector type: object tolerations: - description: tolerations is a list of tolerations applied - to the relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - for more info. These are additional tolerations other than - default ones. + description: |- + tolerations is a list of tolerations applied to the relevant kind of pods + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. + These are additional tolerations other than default ones. items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule and - NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. If the - key is empty, operator must be Exists; this combination - means to match all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate all taints of - a particular category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period - of time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the - taint forever (do not evict). Zero and negative values - will be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the value should - be empty, otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object replicas: - description: 'replicas indicates how many replicas should be created - for each KubeVirt infrastructure component (like virt-api or - virt-controller). Defaults to 2. WARNING: this is an advanced - feature that prevents auto-scaling for core kubevirt components. - Please use with caution!' + description: |- + replicas indicates how many replicas should be created for each KubeVirt infrastructure + component (like virt-api or virt-controller). Defaults to 2. + WARNING: this is an advanced feature that prevents auto-scaling for core kubevirt components. Please use with caution! type: integer type: object monitorAccount: - description: The name of the Prometheus service account that needs - read-access to KubeVirt endpoints Defaults to prometheus-k8s + description: |- + The name of the Prometheus service account that needs read-access to KubeVirt endpoints + Defaults to prometheus-k8s type: string monitorNamespace: - description: The namespace Prometheus is deployed in Defaults to openshift-monitor + description: |- + The namespace Prometheus is deployed in + Defaults to openshift-monitor type: string productComponent: - description: Designate the apps.kubevirt.io/component label for KubeVirt - components. Useful if KubeVirt is included as part of a product. - If ProductComponent is not specified, the component label default - value is kubevirt. + description: |- + Designate the apps.kubevirt.io/component label for KubeVirt components. + Useful if KubeVirt is included as part of a product. + If ProductComponent is not specified, the component label default value is kubevirt. type: string productName: - description: Designate the apps.kubevirt.io/part-of label for KubeVirt - components. Useful if KubeVirt is included as part of a product. + description: |- + Designate the apps.kubevirt.io/part-of label for KubeVirt components. + Useful if KubeVirt is included as part of a product. If ProductName is not specified, the part-of label will be omitted. type: string productVersion: - description: Designate the apps.kubevirt.io/version label for KubeVirt - components. Useful if KubeVirt is included as part of a product. + description: |- + Designate the apps.kubevirt.io/version label for KubeVirt components. + Useful if KubeVirt is included as part of a product. If ProductVersion is not specified, KubeVirt's version will be used. type: string serviceMonitorNamespace: - description: The namespace the service monitor will be deployed When - ServiceMonitorNamespace is set, then we'll install the service monitor - object in that namespace otherwise we will use the monitoring namespace. + description: |- + The namespace the service monitor will be deployed + When ServiceMonitorNamespace is set, then we'll install the service monitor object in that namespace + otherwise we will use the monitoring namespace. type: string uninstallStrategy: - description: Specifies if kubevirt can be deleted if workloads are - still present. This is mainly a precaution to avoid accidental data - loss + description: |- + Specifies if kubevirt can be deleted if workloads are still present. + This is mainly a precaution to avoid accidental data loss type: string workloadUpdateStrategy: - description: WorkloadUpdateStrategy defines at the cluster level how - to handle automated workload updates + description: |- + WorkloadUpdateStrategy defines at the cluster level how to handle + automated workload updates properties: batchEvictionInterval: - description: "BatchEvictionInterval Represents the interval to - wait before issuing the next batch of shutdowns \n Defaults - to 1 minute" + description: |- + BatchEvictionInterval Represents the interval to wait before issuing the next + batch of shutdowns + + + Defaults to 1 minute type: string batchEvictionSize: - description: "BatchEvictionSize Represents the number of VMIs - that can be forced updated per the BatchShutdownInteral interval - \n Defaults to 10" + description: |- + BatchEvictionSize Represents the number of VMIs that can be forced updated per + the BatchShutdownInteral interval + + + Defaults to 10 type: integer workloadUpdateMethods: - description: "WorkloadUpdateMethods defines the methods that can - be used to disrupt workloads during automated workload updates. - When multiple methods are present, the least disruptive method - takes precedence over more disruptive methods. For example if - both LiveMigrate and Shutdown methods are listed, only VMs which - are not live migratable will be restarted/shutdown \n An empty - list defaults to no automated workload updating" + description: |- + WorkloadUpdateMethods defines the methods that can be used to disrupt workloads + during automated workload updates. + When multiple methods are present, the least disruptive method takes + precedence over more disruptive methods. For example if both LiveMigrate and Shutdown + methods are listed, only VMs which are not live migratable will be restarted/shutdown + + + An empty list defaults to no automated workload updating items: type: string type: array @@ -4952,38 +5480,36 @@ spec: workloads properties: nodePlacement: - description: nodePlacement describes scheduling configuration - for specific KubeVirt components + description: |- + nodePlacement describes scheduling configuration for specific + KubeVirt components properties: affinity: - description: affinity enables pod affinity/anti-affinity placement - expanding the types of constraints that can be expressed - with nodeSelector. affinity is going to be applied to the - relevant kind of pods in parallel with nodeSelector See - https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + description: |- + affinity enables pod affinity/anti-affinity placement expanding the types of constraints + that can be expressed with nodeSelector. + affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector + See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity properties: nodeAffinity: description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term - matches all objects with implicit weight 0 (i.e. - it's a no-op). A null preferred scheduling term - matches no objects (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated @@ -4993,79 +5519,72 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the @@ -5077,105 +5596,100 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to an update), the system may or may not try - to eventually evict the pod from its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them - are ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. @@ -5183,19 +5697,16 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -5206,18 +5717,18 @@ spec: associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of - resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label @@ -5225,131 +5736,144 @@ spec: to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -5357,161 +5881,179 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to a pod label update), the system may or may - not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -5519,19 +6061,16 @@ spec: etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to - the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -5542,18 +6081,18 @@ spec: associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of - resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label @@ -5561,131 +6100,144 @@ spec: to. type: string operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -5693,224 +6245,239 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - anti-affinity requirements specified by this field - cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may - or may not try to eventually evict the pod from - its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object nodeSelector: additionalProperties: type: string - description: 'nodeSelector is the node selector applied to - the relevant kind of pods It specifies a map of key-value - pairs: for the pod to be eligible to run on a node, the - node must have each of the indicated key-value pairs as - labels (it can have additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector' + description: |- + nodeSelector is the node selector applied to the relevant kind of pods + It specifies a map of key-value pairs: for the pod to be eligible to run on a node, + the node must have each of the indicated key-value pairs as labels + (it can have additional labels as well). + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector type: object tolerations: - description: tolerations is a list of tolerations applied - to the relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - for more info. These are additional tolerations other than - default ones. + description: |- + tolerations is a list of tolerations applied to the relevant kind of pods + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. + These are additional tolerations other than default ones. items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule and - NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. If the - key is empty, operator must be Exists; this combination - means to match all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate all taints of - a particular category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period - of time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the - taint forever (do not evict). Zero and negative values - will be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the value should - be empty, otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object replicas: - description: 'replicas indicates how many replicas should be created - for each KubeVirt infrastructure component (like virt-api or - virt-controller). Defaults to 2. WARNING: this is an advanced - feature that prevents auto-scaling for core kubevirt components. - Please use with caution!' + description: |- + replicas indicates how many replicas should be created for each KubeVirt infrastructure + component (like virt-api or virt-controller). Defaults to 2. + WARNING: this is an advanced feature that prevents auto-scaling for core kubevirt components. Please use with caution! type: integer type: object type: object diff --git a/crd/kubevirt/index.rhai b/crd/kubevirt/index.rhai index 0a78916..d98d4d3 100644 --- a/crd/kubevirt/index.rhai +++ b/crd/kubevirt/index.rhai @@ -1,9 +1,8 @@ -const VERSION="3.5.5"; const SRC=src; const DEST=dest; const DOIT=config.apply; const PURGE=config.purge; -const crdFiles=[ +const crdFiles=if config.all {[ "apiextensions.k8s.io_v1_CustomResourceDefinition_kubevirts.kubevirt.io.yaml", "apiextensions.k8s.io_v1_CustomResourceDefinition_migrationpolicies.migrations.kubevirt.io.yaml", "apiextensions.k8s.io_v1_CustomResourceDefinition_virtualmachineclones.clone.kubevirt.io.yaml", @@ -21,7 +20,7 @@ const crdFiles=[ "apiextensions.k8s.io_v1_CustomResourceDefinition_virtualmachines.kubevirt.io.yaml", "apiextensions.k8s.io_v1_CustomResourceDefinition_virtualmachinesnapshotcontents.snapshot.kubevirt.io.yaml", "apiextensions.k8s.io_v1_CustomResourceDefinition_virtualmachinesnapshots.snapshot.kubevirt.io.yaml", -]; +]} else {["apiextensions.k8s.io_v1_CustomResourceDefinition_kubevirts.kubevirt.io.yaml"]}; fn pre_install() { if ! global::DOIT { return; diff --git a/crd/kubevirt/index.yaml b/crd/kubevirt/index.yaml index 856ce9c..e70b5bc 100644 --- a/crd/kubevirt/index.yaml +++ b/crd/kubevirt/index.yaml @@ -6,6 +6,11 @@ metadata: name: kubevirt description: CRD for kube-virt options: + all: + default: false + examples: + - false + type: boolean apply: default: true examples: diff --git a/crd/multus/apiextensions.k8s.io_v1_CustomResourceDefinition_network-attachment-definitions.k8s.cni.cncf.io.yaml b/crd/multus/apiextensions.k8s.io_v1_CustomResourceDefinition_network-attachment-definitions.k8s.cni.cncf.io.yaml new file mode 100644 index 0000000..846a701 --- /dev/null +++ b/crd/multus/apiextensions.k8s.io_v1_CustomResourceDefinition_network-attachment-definitions.k8s.cni.cncf.io.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: network-attachment-definitions.k8s.cni.cncf.io +spec: + group: k8s.cni.cncf.io + scope: Namespaced + names: + plural: network-attachment-definitions + singular: network-attachment-definition + kind: NetworkAttachmentDefinition + shortNames: + - net-attach-def + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing + Working Group to express the intent for attaching pods to one or more logical or physical + networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this represen + tation of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment' + type: object + properties: + config: + description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration' + type: string \ No newline at end of file diff --git a/crd/multus/datas.tf b/crd/multus/datas.tf new file mode 100644 index 0000000..3fdb671 --- /dev/null +++ b/crd/multus/datas.tf @@ -0,0 +1,17 @@ + +locals { + common-labels = { + "vynil.solidite.fr/owner-name" = var.instance + "vynil.solidite.fr/owner-namespace" = var.namespace + "vynil.solidite.fr/owner-category" = var.category + "vynil.solidite.fr/owner-component" = var.component + "app.kubernetes.io/managed-by" = "vynil" + "app.kubernetes.io/name" = var.component + "app.kubernetes.io/instance" = var.instance + } +} +data "kustomization_overlay" "data" { + common_labels = local.common-labels + namespace = var.namespace + resources = [] +} diff --git a/crd/multus/index.rhai b/crd/multus/index.rhai new file mode 100644 index 0000000..be6a962 --- /dev/null +++ b/crd/multus/index.rhai @@ -0,0 +1,21 @@ +const SRC=src; +const DEST=dest; +const DOIT=config.apply; +const PURGE=config.purge; +const crdFiles=["apiextensions.k8s.io_v1_CustomResourceDefinition_network-attachment-definitions.k8s.cni.cncf.io.yaml"]; +fn pre_install() { + if ! global::DOIT { + return; + } + for file in global::crdFiles { + shell(`kubectl replace -f ${global::SRC}/${file} || kubectl create -f ${global::SRC}/${file}`); + } +} +fn post_destroy() { + if ! global::PURGE { + return; + } + for file in global::crdFiles { + shell(`kubectl delete -f ${global::SRC}/${file}`); + } +} diff --git a/crd/multus/index.yaml b/crd/multus/index.yaml new file mode 100644 index 0000000..3a26b06 --- /dev/null +++ b/crd/multus/index.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: vinyl.solidite.fr/v1beta1 +kind: Component +category: crd +metadata: + name: multus + description: CRD for multus +options: + apply: + default: true + examples: + - true + type: boolean + purge: + default: false + examples: + - false + type: boolean +dependencies: [] +providers: null +tfaddtype: null diff --git a/crd/whereabouts/index.rhai b/crd/whereabouts/index.rhai index cbcb4b2..2d1225b 100644 --- a/crd/whereabouts/index.rhai +++ b/crd/whereabouts/index.rhai @@ -1,4 +1,4 @@ -const VERSION="0.6.3"; +const VERSION="0.7.0"; const SRC=src; const DEST=dest; const DOIT=config.apply; diff --git a/dbo/minio/common.tf b/dbo/minio/common.tf new file mode 100644 index 0000000..ef3c93f --- /dev/null +++ b/dbo/minio/common.tf @@ -0,0 +1,12 @@ + +locals { + common-labels = { + "vynil.solidite.fr/owner-name" = var.instance + "vynil.solidite.fr/owner-namespace" = var.namespace + "vynil.solidite.fr/owner-category" = var.category + "vynil.solidite.fr/owner-component" = var.component + "app.kubernetes.io/managed-by" = "vynil" + "app.kubernetes.io/name" = var.component + "app.kubernetes.io/instance" = var.instance + } +} diff --git a/dbo/minio/index.yaml b/dbo/minio/index.yaml new file mode 100644 index 0000000..e9fd28b --- /dev/null +++ b/dbo/minio/index.yaml @@ -0,0 +1,115 @@ +--- +apiVersion: vinyl.solidite.fr/v1beta1 +kind: Component +category: dbo +metadata: + name: minio + description: null +options: + app-group: + default: infra + examples: + - infra + type: string + domain: + default: your-company + examples: + - your-company + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + images: + default: + operator: + pullPolicy: IfNotPresent + registry: docker.io + repository: to-be/defined + tag: v1.0.0 + examples: + - operator: + pullPolicy: IfNotPresent + registry: docker.io + repository: to-be/defined + tag: v1.0.0 + properties: + operator: + default: + pullPolicy: IfNotPresent + registry: docker.io + repository: to-be/defined + tag: v1.0.0 + properties: + pullPolicy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: to-be/defined + type: string + tag: + default: v1.0.0 + type: string + type: object + type: object + ingress-class: + default: traefik + examples: + - traefik + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + storage: + default: + accessMode: ReadWriteOnce + size: 1Gi + type: Filesystem + examples: + - accessMode: ReadWriteOnce + size: 1Gi + type: Filesystem + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 1Gi + type: string + type: + default: Filesystem + enum: + - Filesystem + - Block + type: string + type: object + sub-domain: + default: to-be-set + examples: + - to-be-set + type: string +dependencies: [] +providers: + kubernetes: true + authentik: true + kubectl: true + postgresql: null + mysql: null + restapi: null + http: null + gitea: null +tfaddtype: null diff --git a/meta/addons/common.tf b/meta/addons/common.tf new file mode 100644 index 0000000..ef3c93f --- /dev/null +++ b/meta/addons/common.tf @@ -0,0 +1,12 @@ + +locals { + common-labels = { + "vynil.solidite.fr/owner-name" = var.instance + "vynil.solidite.fr/owner-namespace" = var.namespace + "vynil.solidite.fr/owner-category" = var.category + "vynil.solidite.fr/owner-component" = var.component + "app.kubernetes.io/managed-by" = "vynil" + "app.kubernetes.io/name" = var.component + "app.kubernetes.io/instance" = var.instance + } +} diff --git a/meta/addons/crds.tf b/meta/addons/crds.tf index a93ac4a..99f97a6 100644 --- a/meta/addons/crds.tf +++ b/meta/addons/crds.tf @@ -20,6 +20,7 @@ locals { crd-tekton_triggers = { for k, v in var.crds.tekton_triggers : k => v if k!="enable" } crd-kubevirt = { for k, v in var.crds.kubevirt : k => v if k!="enable" } crd-cdi = { for k, v in var.crds.cdi : k => v if k!="enable" } + crd-multus = { for k, v in var.crds.multus : k => v if k!="enable" } } resource "kubectl_manifest" "crd-kubevirt" { @@ -56,6 +57,23 @@ resource "kubectl_manifest" "crd-cdi" { EOF } +resource "kubectl_manifest" "crd-multus" { + count = (var.crds.multus.enable || var.virt.enable && var.virt.multus.enable) ? 1 : 0 + yaml_body = <<-EOF + apiVersion: "vynil.solidite.fr/v1" + kind: "Install" + metadata: + name: "crd-multus" + namespace: "${var.namespace}" + labels: ${jsonencode(local.common-labels)} + spec: + distrib: "${var.component}" + category: "crd" + component: "multus" + options: ${jsonencode(local.crd-multus)} + EOF +} + resource "kubectl_manifest" "crd-tekton_pipelines" { count = (var.crds.tekton_pipelines.enable || var.tekton.enable && var.tekton.tekton_pipelines.enable) ? 1 : 0 yaml_body = <<-EOF @@ -278,7 +296,7 @@ resource "kubectl_manifest" "crd-argo-workflows" { } resource "kubectl_manifest" "crd-whereabouts" { - count = (var.crds.whereabouts.enable ) ? 1 : 0 + count = (var.crds.whereabouts.enable || var.virt.enable && var.virt.whereabouts.enable ) ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" diff --git a/meta/addons/index.yaml b/meta/addons/index.yaml index 22c5b34..8908c92 100644 --- a/meta/addons/index.yaml +++ b/meta/addons/index.yaml @@ -6,153 +6,6 @@ metadata: name: addons description: addons meta-component installing all the addons components options: -<<<<<<< HEAD -======= - olm: - default: - enable: false - namespace: olm - examples: - - enable: false - namespace: olm - properties: - enable: - default: false - type: boolean - namespace: - default: olm - type: string - type: object - flux: - default: - enable: false - namespace: flux - examples: - - enable: false - namespace: flux - properties: - enable: - default: false - type: boolean - namespace: - default: flux - type: string - type: object - tools: - default: - keda: - enable: false - namespace: vynil-addons - node_problem_detector: - enable: false - examples: - - keda: - enable: false - namespace: vynil-addons - node_problem_detector: - enable: false - properties: - keda: - default: - enable: false - properties: - enable: - default: false - type: boolean - type: object - namespace: - default: vynil-addons - type: string - node_problem_detector: - default: - enable: false - properties: - enable: - default: false - type: boolean - type: object - type: object - monitor: - default: - jaeger: - enable: false - namespace: vynil-monitor - opentelemetry: - enable: false - prometheus: - enable: true - examples: - - jaeger: - enable: false - namespace: vynil-monitor - opentelemetry: - enable: false - prometheus: - enable: true - properties: - jaeger: - default: - enable: false - properties: - enable: - default: false - type: boolean - type: object - namespace: - default: vynil-monitor - type: string - opentelemetry: - default: - enable: false - properties: - enable: - default: false - type: boolean - type: object - prometheus: - default: - enable: true - properties: - enable: - default: true - type: boolean - type: object - type: object - tekton: - default: - namespace: tekton - tekton_pipelines: - enable: false - tekton_triggers: - enable: false - examples: - - namespace: tekton - tekton_pipelines: - enable: false - tekton_triggers: - enable: false - properties: - namespace: - default: tekton - type: string - tekton_pipelines: - default: - enable: false - properties: - enable: - default: false - type: boolean - type: object - tekton_triggers: - default: - enable: false - properties: - enable: - default: false - type: boolean - type: object - type: object ->>>>>>> e51ed83 (Disable olm and flux by default) crds: default: argo-cd: @@ -175,6 +28,8 @@ options: enable: false minio: enable: false + multus: + enable: false olm: enable: false opentelemetry: @@ -210,6 +65,8 @@ options: enable: false minio: enable: false + multus: + enable: false olm: enable: false opentelemetry: @@ -305,6 +162,14 @@ options: default: false type: boolean type: object + multus: + default: + enable: false + properties: + enable: + default: false + type: boolean + type: object olm: default: enable: false @@ -362,7 +227,6 @@ options: type: boolean type: object type: object -<<<<<<< HEAD fission: default: enable: false @@ -529,20 +393,40 @@ options: type: object virt: default: + bridges: + enable: true cdi: enable: true enable: false kubevirt: enable: true + multus: + enable: true namespace: vynil-virt + whereabouts: + enable: true examples: - - cdi: + - bridges: + enable: true + cdi: enable: true enable: false kubevirt: enable: true + multus: + enable: true namespace: vynil-virt + whereabouts: + enable: true properties: + bridges: + default: + enable: true + properties: + enable: + default: true + type: boolean + type: object cdi: default: enable: true @@ -562,12 +446,26 @@ options: default: true type: boolean type: object + multus: + default: + enable: true + properties: + enable: + default: true + type: boolean + type: object namespace: default: vynil-virt type: string + whereabouts: + default: + enable: true + properties: + enable: + default: true + type: boolean + type: object type: object -======= ->>>>>>> e51ed83 (Disable olm and flux by default) dependencies: [] providers: kubernetes: true diff --git a/meta/addons/virt.tf b/meta/addons/virt.tf index 429acf9..caf9d10 100644 --- a/meta/addons/virt.tf +++ b/meta/addons/virt.tf @@ -1,10 +1,13 @@ locals { cdi = { for k, v in var.virt.cdi : k => v if k!="enable" } kubevirt = { for k, v in var.virt.kubevirt : k => v if k!="enable" } + bridges = { for k, v in var.virt.bridges : k => v if k!="enable" } + multus = { for k, v in var.virt.multus : k => v if k!="enable" } + whereabouts = { for k, v in var.virt.whereabouts : k => v if k!="enable" } } resource "kubernetes_namespace_v1" "virt-ns" { - count = var.virt.enable && ( var.virt.cdi.enable || var.virt.kubevirt.enable)? 1 : 0 + count = var.virt.enable && ( var.virt.bridges.enable || var.virt.multus.enable || var.virt.whereabouts.enable || var.virt.cdi.enable || var.virt.kubevirt.enable)? 1 : 0 metadata { annotations = local.annotations labels = local.common-labels @@ -30,6 +33,60 @@ resource "kubectl_manifest" "cdi" { EOF } +resource "kubectl_manifest" "bridges" { + count = var.virt.enable && var.virt.bridges.enable ? 1 : 0 + depends_on = [kubernetes_namespace_v1.virt-ns] + yaml_body = <<-EOF + apiVersion: "vynil.solidite.fr/v1" + kind: "Install" + metadata: + name: "bridges" + namespace: "${var.virt.namespace}" + labels: ${jsonencode(local.common-labels)} + spec: + distrib: "${var.component}" + category: "virt" + component: "bridges" + options: ${jsonencode(local.bridges)} + EOF +} + +resource "kubectl_manifest" "multus" { + count = var.virt.enable && var.virt.multus.enable ? 1 : 0 + depends_on = [kubernetes_namespace_v1.virt-ns] + yaml_body = <<-EOF + apiVersion: "vynil.solidite.fr/v1" + kind: "Install" + metadata: + name: "multus" + namespace: "${var.virt.namespace}" + labels: ${jsonencode(local.common-labels)} + spec: + distrib: "${var.component}" + category: "virt" + component: "multus" + options: ${jsonencode(local.multus)} + EOF +} + +resource "kubectl_manifest" "whereabouts" { + count = var.virt.enable && var.virt.whereabouts.enable ? 1 : 0 + depends_on = [kubernetes_namespace_v1.virt-ns] + yaml_body = <<-EOF + apiVersion: "vynil.solidite.fr/v1" + kind: "Install" + metadata: + name: "whereabouts" + namespace: "${var.virt.namespace}" + labels: ${jsonencode(local.common-labels)} + spec: + distrib: "${var.component}" + category: "virt" + component: "whereabouts" + options: ${jsonencode(local.whereabouts)} + EOF +} + resource "kubectl_manifest" "kubevirt" { count = var.virt.enable && var.virt.kubevirt.enable ? 1 : 0 depends_on = [kubernetes_namespace_v1.virt-ns] diff --git a/virt/bridges/common.tf b/virt/bridges/common.tf new file mode 100644 index 0000000..ef3c93f --- /dev/null +++ b/virt/bridges/common.tf @@ -0,0 +1,12 @@ + +locals { + common-labels = { + "vynil.solidite.fr/owner-name" = var.instance + "vynil.solidite.fr/owner-namespace" = var.namespace + "vynil.solidite.fr/owner-category" = var.category + "vynil.solidite.fr/owner-component" = var.component + "app.kubernetes.io/managed-by" = "vynil" + "app.kubernetes.io/name" = var.component + "app.kubernetes.io/instance" = var.instance + } +} diff --git a/virt/bridges/index.yaml b/virt/bridges/index.yaml new file mode 100644 index 0000000..20f4cd9 --- /dev/null +++ b/virt/bridges/index.yaml @@ -0,0 +1,103 @@ +--- +apiVersion: vinyl.solidite.fr/v1beta1 +kind: Component +category: virt +metadata: + name: bridges + description: Bridge CNI plugin and associated devices marker +options: + cni: + default: + bin_dir: /opt/cni/bin + examples: + - bin_dir: /opt/cni/bin + properties: + bin_dir: + default: /opt/cni/bin + description: use /var/lib/rancher/k3s/data/current/bin for k3s + type: string + type: object + images: + default: + marker: + pull_policy: IfNotPresent + registry: quay.io + repository: kubevirt/bridge-marker + tag: 0.11.1 + plugin: + pull_policy: IfNotPresent + registry: quay.io + repository: kubevirt/cni-default-plugins + tag: v1.4.0 + examples: + - marker: + pull_policy: IfNotPresent + registry: quay.io + repository: kubevirt/bridge-marker + tag: 0.11.1 + plugin: + pull_policy: IfNotPresent + registry: quay.io + repository: kubevirt/cni-default-plugins + tag: v1.4.0 + properties: + marker: + default: + pull_policy: IfNotPresent + registry: quay.io + repository: kubevirt/bridge-marker + tag: 0.11.1 + properties: + pull_policy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: quay.io + type: string + repository: + default: kubevirt/bridge-marker + type: string + tag: + default: 0.11.1 + type: string + type: object + plugin: + default: + pull_policy: IfNotPresent + registry: quay.io + repository: kubevirt/cni-default-plugins + tag: v1.4.0 + properties: + pull_policy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: quay.io + type: string + repository: + default: kubevirt/cni-default-plugins + type: string + tag: + default: v1.4.0 + type: string + type: object + type: object +dependencies: [] +providers: + kubernetes: true + authentik: null + kubectl: true + postgresql: null + mysql: null + restapi: null + http: null + gitea: null +tfaddtype: null diff --git a/virt/bridges/marker.tf b/virt/bridges/marker.tf new file mode 100644 index 0000000..32a3d54 --- /dev/null +++ b/virt/bridges/marker.tf @@ -0,0 +1,56 @@ +resource "kubectl_manifest" "marker" { + yaml_body = <<-EOF + apiVersion: apps/v1 + kind: DaemonSet + metadata: + name: bridge-marker + namespace: ${var.namespace} + labels: ${jsonencode(local.common-labels)} + ownerReferences: ${jsonencode(var.install_owner)} + spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + name: bridge-marker + template: + metadata: + annotations: + description: Bridge marker exposes network bridges available on nodes as node + resources + creationTimestamp: null + labels: + app: bridge-marker + app.kubernetes.io/component: network + name: bridge-marker + tier: node + spec: + containers: + - args: + - -node-name + - $(NODE_NAME) + env: + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + image: ${var.images.marker.registry}/${var.images.marker.repository}:${var.images.marker.tag} + imagePullPolicy: ${var.images.marker.pull_policy} + name: bridge-marker + resources: + requests: + cpu: 10m + memory: 15Mi + hostNetwork: true + nodeSelector: + kubernetes.io/arch: amd64 + priorityClassName: system-node-critical + restartPolicy: Always + serviceAccount: bridge-marker + serviceAccountName: bridge-marker + tolerations: + - effect: NoSchedule + operator: Exists +EOF +} + diff --git a/virt/bridges/plugin.tf b/virt/bridges/plugin.tf new file mode 100644 index 0000000..d1b84c8 --- /dev/null +++ b/virt/bridges/plugin.tf @@ -0,0 +1,75 @@ +resource "kubectl_manifest" "plugin" { + yaml_body = <<-EOF + apiVersion: apps/v1 + kind: DaemonSet + metadata: + name: kube-cni-linux-bridge-plugin + namespace: ${var.namespace} + labels: ${jsonencode(local.common-labels)} + ownerReferences: ${jsonencode(var.install_owner)} + spec: + selector: + matchLabels: + name: kube-cni-linux-bridge-plugin + template: + metadata: + annotations: + description: LinuxBridge installs 'bridge' CNI on cluster nodes, so it can + be later used to attach Pods/VMs to Linux bridges + labels: + app: cni-plugins + app.kubernetes.io/component: network + name: kube-cni-linux-bridge-plugin + tier: node + spec: + containers: + - command: + - /bin/bash + - -ce + - | + echo 'Installing bridge and tuning CNIs' + cni_mount_dir=/opt/cni/bin + sourcebinpath=/usr/src/github.com/containernetworking/plugins/bin + cp --remove-destination $${sourcebinpath}/bridge $${cni_mount_dir}/cnv-bridge + cp --remove-destination $${sourcebinpath}/tuning $${cni_mount_dir}/cnv-tuning + + echo 'Checking bridge and tuning CNIs deployment on node' + printf -v bridgechecksum "%s" "$(<$sourcebinpath/bridge.checksum)" + printf -v tuningchecksum "%s" "$(<$sourcebinpath/tuning.checksum)" + printf "%s %s" "$${bridgechecksum% *}" "$${cni_mount_dir}/cnv-bridge" | sha256sum --check + printf "%s %s" "$${tuningchecksum% *}" "$${cni_mount_dir}/cnv-tuning" | sha256sum --check + + # Some projects (e.g. openshift/console) use cnv- prefix to distinguish between + # binaries shipped by OpenShift and those shipped by KubeVirt (D/S matters). + # Following two lines make sure we will provide both names when needed. + find $${cni_mount_dir}/bridge &>/dev/null || ln -s $${cni_mount_dir}/cnv-bridge $${cni_mount_dir}/bridge + find $${cni_mount_dir}/tuning &>/dev/null || ln -s $${cni_mount_dir}/cnv-tuning $${cni_mount_dir}/tuning + echo 'Entering sleep... (success)' + sleep infinity + image: ${var.images.plugin.registry}/${var.images.plugin.repository}:${var.images.plugin.tag} + imagePullPolicy: ${var.images.plugin.pull_policy} + name: cni-plugins + resources: + requests: + cpu: 10m + memory: 15Mi + securityContext: + privileged: true + volumeMounts: + - mountPath: /opt/cni/bin + name: cnibin + nodeSelector: + kubernetes.io/arch: amd64 + priorityClassName: system-cluster-critical + restartPolicy: Always + tolerations: + - effect: NoSchedule + operator: Exists + volumes: + - hostPath: + path: "${var.cni.bin_dir}" + type: "" + name: cnibin +EOF +} + diff --git a/virt/bridges/rbac.tf b/virt/bridges/rbac.tf new file mode 100644 index 0000000..25683f1 --- /dev/null +++ b/virt/bridges/rbac.tf @@ -0,0 +1,50 @@ +resource "kubectl_manifest" "sa" { + yaml_body = <<-EOF + apiVersion: v1 + kind: ServiceAccount + metadata: + name: bridge-marker + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + labels: ${jsonencode(local.common-labels)} +EOF +} + +resource "kubectl_manifest" "crb" { + yaml_body = <<-EOF + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: bridge-marker-crb + labels: ${jsonencode(local.common-labels)} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: bridge-marker-cr + subjects: + - kind: ServiceAccount + name: bridge-marker + namespace: ${var.namespace} +EOF +} + +resource "kubectl_manifest" "cr" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: bridge-marker-cr + labels: ${jsonencode(local.common-labels)} + rules: + - apiGroups: + - "" + resources: + - nodes + - nodes/status + verbs: + - get + - update + - patch +EOF +} + diff --git a/virt/cdi/additionnal_rbac.tf b/virt/cdi/additionnal_rbac.tf new file mode 100644 index 0000000..e9a99ef --- /dev/null +++ b/virt/cdi/additionnal_rbac.tf @@ -0,0 +1,13 @@ +// Allow duplication for terraform +resource "kubectl_manifest" "datavolume_cloner" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: datavolume-cloner + rules: + - apiGroups: ["cdi.kubevirt.io"] + resources: ["datavolumes/source"] + verbs: ["create"] +EOF +} diff --git a/virt/cdi/admissionregistration.k8s.io_v1_MutatingWebhookConfiguration_cdi-api-datavolume-mutate.yaml.hbs b/virt/cdi/admissionregistration.k8s.io_v1_MutatingWebhookConfiguration_cdi-api-datavolume-mutate.yaml.hbs deleted file mode 100644 index 6b1dd7b..0000000 --- a/virt/cdi/admissionregistration.k8s.io_v1_MutatingWebhookConfiguration_cdi-api-datavolume-mutate.yaml.hbs +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: "{{ namespace }}/cdi-apiserver-server-cert" - labels: - cdi.kubevirt.io: cdi-api - name: cdi-api-datavolume-mutate -webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: cdi-api - namespace: "{{ namespace }}" - path: /datavolume-mutate - port: 443 - failurePolicy: Fail - matchPolicy: Exact - name: datavolume-mutate.cdi.kubevirt.io - namespaceSelector: {} - objectSelector: {} - reinvocationPolicy: Never - rules: - - apiGroups: - - cdi.kubevirt.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - datavolumes - scope: '*' - sideEffects: None - timeoutSeconds: 30 \ No newline at end of file diff --git a/virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_cdi-api-dataimportcron-validate.yaml.hbs b/virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_cdi-api-dataimportcron-validate.yaml.hbs deleted file mode 100644 index ad59fe0..0000000 --- a/virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_cdi-api-dataimportcron-validate.yaml.hbs +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: "{{ namespace }}/cdi-apiserver-server-cert" - labels: - cdi.kubevirt.io: cdi-api - name: cdi-api-dataimportcron-validate -webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: cdi-api - namespace: "{{ namespace }}" - path: /dataimportcron-validate - port: 443 - failurePolicy: Fail - matchPolicy: Exact - name: dataimportcron-validate.cdi.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - cdi.kubevirt.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - dataimportcrons - scope: '*' - sideEffects: None - timeoutSeconds: 30 \ No newline at end of file diff --git a/virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_cdi-api-datavolume-validate.yaml.hbs b/virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_cdi-api-datavolume-validate.yaml.hbs deleted file mode 100644 index 7d60070..0000000 --- a/virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_cdi-api-datavolume-validate.yaml.hbs +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: "{{ namespace }}/cdi-apiserver-server-cert" - labels: - cdi.kubevirt.io: cdi-api - name: cdi-api-datavolume-validate -webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: cdi-api - namespace: "{{ namespace }}" - path: /datavolume-validate - port: 443 - failurePolicy: Fail - matchPolicy: Exact - name: datavolume-validate.cdi.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - cdi.kubevirt.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - datavolumes - scope: '*' - sideEffects: None - timeoutSeconds: 30 \ No newline at end of file diff --git a/virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_cdi-api-populator-validate.yaml.hbs b/virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_cdi-api-populator-validate.yaml.hbs deleted file mode 100644 index 4034869..0000000 --- a/virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_cdi-api-populator-validate.yaml.hbs +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: "{{ namespace }}/cdi-apiserver-server-cert" - labels: - cdi.kubevirt.io: cdi-api - name: cdi-api-populator-validate -webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: cdi-api - namespace: "{{ namespace }}" - path: /populator-validate - port: 443 - failurePolicy: Fail - matchPolicy: Exact - name: populator-validate.cdi.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - cdi.kubevirt.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - volumeimportsources - - volumeuploadsources - scope: '*' - sideEffects: None - timeoutSeconds: 30 \ No newline at end of file diff --git a/virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_cdi-api-validate.yaml.hbs b/virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_cdi-api-validate.yaml.hbs deleted file mode 100644 index 8443a30..0000000 --- a/virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_cdi-api-validate.yaml.hbs +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: "{{ namespace }}/cdi-apiserver-server-cert" - labels: - cdi.kubevirt.io: cdi-api - name: cdi-api-validate -webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: cdi-api - namespace: "{{ namespace }}" - path: /cdi-validate - port: 443 - failurePolicy: Fail - matchPolicy: Exact - name: cdi-validate.cdi.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - cdi.kubevirt.io - apiVersions: - - v1beta1 - operations: - - DELETE - resources: - - cdis - scope: '*' - sideEffects: None - timeoutSeconds: 30 \ No newline at end of file diff --git a/virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_objecttransfer-api-validate.yaml.hbs b/virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_objecttransfer-api-validate.yaml.hbs deleted file mode 100644 index f7f30de..0000000 --- a/virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_objecttransfer-api-validate.yaml.hbs +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: "{{ namespace }}/cdi-apiserver-server-cert" - labels: - cdi.kubevirt.io: cdi-api - name: objecttransfer-api-validate -webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: cdi-api - namespace: "{{ namespace }}" - path: /objecttransfer-validate - port: 443 - failurePolicy: Fail - matchPolicy: Exact - name: objecttransfer-validate.cdi.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - cdi.kubevirt.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - objecttransfers - scope: '*' - sideEffects: None - timeoutSeconds: 30 \ No newline at end of file diff --git a/virt/cdi/apiregistration.k8s.io_v1_APIService_v1beta1.upload.cdi.kubevirt.io.yaml.hbs b/virt/cdi/apiregistration.k8s.io_v1_APIService_v1beta1.upload.cdi.kubevirt.io.yaml.hbs deleted file mode 100644 index f4c3074..0000000 --- a/virt/cdi/apiregistration.k8s.io_v1_APIService_v1beta1.upload.cdi.kubevirt.io.yaml.hbs +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - annotations: - cert-manager.io/inject-ca-from: "{{ namespace }}/cdi-apiserver-server-cert" - labels: - cdi.kubevirt.io: cdi-api - name: v1beta1.upload.cdi.kubevirt.io -spec: - group: upload.cdi.kubevirt.io - groupPriorityMinimum: 1000 - service: - name: cdi-api - namespace: "{{ namespace }}" - port: 443 - version: v1beta1 - versionPriority: 15 \ No newline at end of file diff --git a/virt/cdi/apps_v1_Deployment_cdi-apiserver.yaml.hbs b/virt/cdi/apps_v1_Deployment_cdi-apiserver.yaml.hbs deleted file mode 100644 index 9eb31ab..0000000 --- a/virt/cdi/apps_v1_Deployment_cdi-apiserver.yaml.hbs +++ /dev/null @@ -1,108 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: cdi-apiserver - name: cdi-apiserver - namespace: "{{ namespace }}" -spec: - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - cdi.kubevirt.io: cdi-apiserver - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: cdi-apiserver - spec: - containers: - - args: - - -v=1 - env: - - name: INSTALLER_PART_OF_LABEL - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.labels['app.kubernetes.io/part-of'] - - name: INSTALLER_VERSION_LABEL - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.labels['app.kubernetes.io/version'] - image: quay.io/kubevirt/cdi-apiserver@sha256:e9e39408413b1478d2e98eba68913f9e20c93000558b190b47de73bdfd1d9ac4 - imagePullPolicy: IfNotPresent - name: cdi-apiserver - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - initialDelaySeconds: 2 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 10m - memory: 150Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /var/run/certs/cdi-apiserver-signer-bundle - name: ca-bundle - readOnly: true - - mountPath: /var/run/certs/cdi-apiserver-server-cert - name: server-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - priorityClassName: cdi-cluster-critical - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - runAsNonRoot: true - serviceAccount: cdi-apiserver - serviceAccountName: cdi-apiserver - terminationGracePeriodSeconds: 30 - tolerations: - - key: CriticalAddonsOnly - operator: Exists - volumes: - - secret: - defaultMode: 420 - items: - - key: ca.crt - path: ca-bundle.crt - secretName: cdi-apiserver-server-cert - name: ca-bundle - - name: server-cert - secret: - defaultMode: 420 - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - secretName: cdi-apiserver-server-cert \ No newline at end of file diff --git a/virt/cdi/apps_v1_Deployment_cdi-deployment.yaml.hbs b/virt/cdi/apps_v1_Deployment_cdi-deployment.yaml.hbs deleted file mode 100644 index 75ebbf3..0000000 --- a/virt/cdi/apps_v1_Deployment_cdi-deployment.yaml.hbs +++ /dev/null @@ -1,155 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: containerized-data-importer - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - prometheus.cdi.kubevirt.io: "true" - name: cdi-deployment - namespace: "{{ namespace }}" -spec: - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: containerized-data-importer - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - app: containerized-data-importer - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - prometheus.cdi.kubevirt.io: "true" - spec: - containers: - - args: - - -v=1 - env: - - name: IMPORTER_IMAGE - value: quay.io/kubevirt/cdi-importer@sha256:3143bbc67cdc6267eb48b7eaac664b8551ac4c11401dfbf4921efd3f233e6ce9 - - name: CLONER_IMAGE - value: quay.io/kubevirt/cdi-cloner@sha256:9d31b14f23259398c5bac636f5ead13ad0afd6fe8eeab4499e8e047b4d85074f - - name: UPLOADSERVER_IMAGE - value: quay.io/kubevirt/cdi-uploadserver@sha256:30f1827d3696cf996b081c22c3267ca78e7219c872fdb54950198fa54359f6ee - - name: UPLOADPROXY_SERVICE - value: cdi-uploadproxy - - name: PULL_POLICY - value: IfNotPresent - - name: INSTALLER_PART_OF_LABEL - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.labels['app.kubernetes.io/part-of'] - - name: INSTALLER_VERSION_LABEL - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.labels['app.kubernetes.io/version'] - image: quay.io/kubevirt/cdi-controller@sha256:27c47883a08226f83757971d3adafb0cd9bcb26e58fbcf7208236070e0adf37e - imagePullPolicy: IfNotPresent - name: cdi-controller - ports: - - containerPort: 8080 - name: metrics - protocol: TCP - readinessProbe: - exec: - command: - - cat - - /tmp/ready - failureThreshold: 3 - initialDelaySeconds: 2 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 10m - memory: 150Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /var/run/cdi/token/keys - name: cdi-api-signing-key - - mountPath: /var/run/certs/cdi-uploadserver-signer - name: uploadserver-ca-cert - - mountPath: /var/run/certs/cdi-uploadserver-client-signer - name: uploadserver-client-ca-cert - - mountPath: /var/run/ca-bundle/cdi-uploadserver-signer-bundle - name: uploadserver-ca-bundle - - mountPath: /var/run/ca-bundle/cdi-uploadserver-client-signer-bundle - name: uploadserver-client-ca-bundle - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - priorityClassName: cdi-cluster-critical - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - runAsNonRoot: true - serviceAccount: cdi-sa - serviceAccountName: cdi-sa - terminationGracePeriodSeconds: 30 - tolerations: - - key: CriticalAddonsOnly - operator: Exists - volumes: - - name: cdi-api-signing-key - secret: - defaultMode: 420 - items: - - key: publickey.pem - path: id_rsa.pub - - key: privatekey.pem - path: id_rsa - secretName: cdi-api-signing-key - - name: uploadserver-ca-cert - secret: - defaultMode: 420 - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - secretName: cdi-uploadserver-signer - - name: uploadserver-client-ca-cert - secret: - defaultMode: 420 - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - secretName: cdi-uploadserver-client-signer - - secret: - defaultMode: 420 - items: - - key: tls.crt - path: ca-bundle.crt - secretName: cdi-uploadserver-signer - name: uploadserver-ca-bundle - - secret: - defaultMode: 420 - items: - - key: tls.crt - path: ca-bundle.crt - secretName: cdi-uploadserver-client-signer - name: uploadserver-client-ca-bundle \ No newline at end of file diff --git a/virt/cdi/apps_v1_Deployment_cdi-uploadproxy.yaml.hbs b/virt/cdi/apps_v1_Deployment_cdi-uploadproxy.yaml.hbs deleted file mode 100644 index 50e44f6..0000000 --- a/virt/cdi/apps_v1_Deployment_cdi-uploadproxy.yaml.hbs +++ /dev/null @@ -1,105 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: cdi-uploadproxy - name: cdi-uploadproxy - namespace: "{{ namespace }}" -spec: - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - cdi.kubevirt.io: cdi-uploadproxy - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: cdi-uploadproxy - spec: - containers: - - args: - - -v=1 - env: - - name: APISERVER_PUBLIC_KEY - valueFrom: - secretKeyRef: - key: publickey.pem - name: cdi-api-signing-key - image: quay.io/kubevirt/cdi-uploadproxy@sha256:551221d79902a5053d1c734b81163d69f087217e2ac13c49bdf6900336ef0786 - imagePullPolicy: IfNotPresent - name: cdi-uploadproxy - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - initialDelaySeconds: 2 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 10m - memory: 150Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /var/run/certs/cdi-uploadproxy-server-cert - name: server-cert - readOnly: true - - mountPath: /var/run/certs/cdi-uploadserver-client-cert - name: client-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - priorityClassName: cdi-cluster-critical - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - runAsNonRoot: true - serviceAccount: cdi-uploadproxy - serviceAccountName: cdi-uploadproxy - terminationGracePeriodSeconds: 30 - tolerations: - - key: CriticalAddonsOnly - operator: Exists - volumes: - - name: server-cert - secret: - defaultMode: 420 - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - secretName: cdi-uploadproxy-server-cert - - name: client-cert - secret: - defaultMode: 420 - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - secretName: cdi-uploadserver-client-cert \ No newline at end of file diff --git a/virt/cdi/cdi.kubevirt.io_v1beta1_CDIConfig_config.yaml b/virt/cdi/cdi.kubevirt.io_v1beta1_CDIConfig_config.yaml deleted file mode 100644 index d5f674b..0000000 --- a/virt/cdi/cdi.kubevirt.io_v1beta1_CDIConfig_config.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: cdi.kubevirt.io/v1beta1 -kind: CDIConfig -metadata: - name: config -spec: - featureGates: - - HonorWaitForFirstConsumer \ No newline at end of file diff --git a/virt/cdi/cdi.kubevirt.io_v1beta1_CDI_cdi.yaml b/virt/cdi/cdi.kubevirt.io_v1beta1_CDI_cdi.yaml deleted file mode 100644 index 8f31272..0000000 --- a/virt/cdi/cdi.kubevirt.io_v1beta1_CDI_cdi.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: cdi.kubevirt.io/v1beta1 -kind: CDI -metadata: - name: cdi -spec: - config: - featureGates: - - HonorWaitForFirstConsumer - imagePullPolicy: IfNotPresent - infra: - nodeSelector: - kubernetes.io/os: linux - tolerations: - - key: CriticalAddonsOnly - operator: Exists - workload: - nodeSelector: - kubernetes.io/os: linux \ No newline at end of file diff --git a/virt/cdi/certs.tf b/virt/cdi/certs.tf deleted file mode 100644 index 89a6185..0000000 --- a/virt/cdi/certs.tf +++ /dev/null @@ -1,187 +0,0 @@ -resource "kubectl_manifest" "issuer" { - yaml_body = <<-EOF - apiVersion: "cert-manager.io/v1" - kind: "Issuer" - metadata: - name: "cdi-selfsigned" - namespace: "${var.namespace}" - labels: ${jsonencode(local.common-labels)} - spec: - selfSigned: {} - EOF -} -resource "kubectl_manifest" "cdi-apiserver-signer-cert" { - yaml_body = <<-EOF - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: cdi-apiserver-signer - namespace: "${var.namespace}" - labels: ${jsonencode(local.common-labels)} - spec: - isCA: true - duration: "${var.duration}" - commonName: "cdi-apiserver-signer" - secretName: cdi-apiserver-signer - issuerRef: - name: cdi-selfsigned - EOF -} -resource "kubectl_manifest" "cdi-uploadproxy-signer-cert" { - yaml_body = <<-EOF - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: cdi-uploadproxy-signer - namespace: "${var.namespace}" - labels: ${jsonencode(local.common-labels)} - spec: - isCA: true - duration: "${var.duration}" - commonName: "cdi-uploadproxy-signer" - secretName: cdi-uploadproxy-signer - issuerRef: - name: cdi-selfsigned - EOF -} -resource "kubectl_manifest" "cdi-uploadserver-client-signer-cert" { - yaml_body = <<-EOF - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: cdi-uploadserver-client-signer - namespace: "${var.namespace}" - labels: ${jsonencode(local.common-labels)} - spec: - isCA: true - duration: "${var.duration}" - commonName: "cdi-uploadserver-client-signer" - secretName: cdi-uploadserver-client-signer - issuerRef: - name: cdi-selfsigned - EOF -} -resource "kubectl_manifest" "cdi-uploadserver-signer-cert" { - yaml_body = <<-EOF - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: cdi-uploadserver-signer - namespace: "${var.namespace}" - labels: ${jsonencode(local.common-labels)} - spec: - isCA: true - duration: "${var.duration}" - commonName: "cdi-uploadserver-signer" - secretName: cdi-uploadserver-signer - issuerRef: - name: cdi-selfsigned - EOF -} -resource "kubectl_manifest" "cdi-uploadproxy-signer" { - yaml_body = <<-EOF - apiVersion: "cert-manager.io/v1" - kind: "Issuer" - metadata: - name: "cdi-uploadproxy-signer" - namespace: ${var.namespace} - labels: ${jsonencode(local.common-labels)} - spec: - ca: - secretName: "cdi-uploadproxy-signer" - EOF -} -resource "kubectl_manifest" "cdi-uploadserver-client-signer" { - yaml_body = <<-EOF - apiVersion: "cert-manager.io/v1" - kind: "Issuer" - metadata: - name: "cdi-uploadserver-client-signer" - namespace: ${var.namespace} - labels: ${jsonencode(local.common-labels)} - spec: - ca: - secretName: "cdi-uploadserver-client-signer" - EOF -} -resource "kubectl_manifest" "cdi-apiserver-signer" { - yaml_body = <<-EOF - apiVersion: "cert-manager.io/v1" - kind: "Issuer" - metadata: - name: "cdi-apiserver-signer" - namespace: ${var.namespace} - labels: ${jsonencode(local.common-labels)} - spec: - ca: - secretName: "cdi-apiserver-signer" - EOF -} -resource "kubectl_manifest" "cdi-apiserver-server-cert" { - yaml_body = <<-EOF - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: "cdi-apiserver-server-cert" - labels: ${jsonencode(local.common-labels)} - namespace: ${var.namespace} - spec: - dnsNames: - - cdi-api - - cdi-api.${var.namespace} - - cdi-api.${var.namespace}.svc - - cdi-api.${var.namespace}.svc.cluster.local - issuerRef: - kind: Issuer - name: cdi-apiserver-signer - secretName: cdi-apiserver-server-cert - subject: - organizationalUnits: - - cdi-api - EOF -} -resource "kubectl_manifest" "cdi-uploadproxy-server-cert" { - yaml_body = <<-EOF - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: "cdi-uploadproxy-server-cert" - labels: ${jsonencode(local.common-labels)} - namespace: ${var.namespace} - spec: - dnsNames: - - cdi-uploadproxy - - cdi-uploadproxy.${var.namespace} - - cdi-uploadproxy.${var.namespace}.svc - - cdi-uploadproxy.${var.namespace}.svc.cluster.local - issuerRef: - kind: Issuer - name: cdi-uploadproxy-signer - secretName: cdi-uploadproxy-server-cert - subject: - organizationalUnits: - - cdi-uploadproxy - EOF -} -resource "kubectl_manifest" "cdi-uploadserver-client-cert" { - yaml_body = <<-EOF - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: "cdi-uploadserver-client-cert" - labels: ${jsonencode(local.common-labels)} - namespace: ${var.namespace} - spec: - usages: - - digital signature - - client auth - commonName: "cdi-uploadserver-client-cert" - issuerRef: - kind: Issuer - name: cdi-uploadserver-client-signer - secretName: cdi-uploadserver-client-cert - subject: - organizationalUnits: - - cdi-uploadserver-client - EOF -} diff --git a/virt/cdi/common.tf b/virt/cdi/common.tf new file mode 100644 index 0000000..ef3c93f --- /dev/null +++ b/virt/cdi/common.tf @@ -0,0 +1,12 @@ + +locals { + common-labels = { + "vynil.solidite.fr/owner-name" = var.instance + "vynil.solidite.fr/owner-namespace" = var.namespace + "vynil.solidite.fr/owner-category" = var.category + "vynil.solidite.fr/owner-component" = var.component + "app.kubernetes.io/managed-by" = "vynil" + "app.kubernetes.io/name" = var.component + "app.kubernetes.io/instance" = var.instance + } +} diff --git a/virt/cdi/cr_CDI.tf b/virt/cdi/cr_CDI.tf new file mode 100644 index 0000000..06ba740 --- /dev/null +++ b/virt/cdi/cr_CDI.tf @@ -0,0 +1,24 @@ +resource "kubectl_manifest" "CDI_cdi" { + yaml_body = <<-EOF + apiVersion: cdi.kubevirt.io/v1beta1 + kind: CDI + metadata: + name: cdi + labels: ${jsonencode(local.common-labels)} + spec: + config: + featureGates: + - HonorWaitForFirstConsumer + imagePullPolicy: IfNotPresent + infra: + nodeSelector: + kubernetes.io/os: linux + tolerations: + - key: CriticalAddonsOnly + operator: Exists + workload: + nodeSelector: + kubernetes.io/os: linux +EOF +} + diff --git a/virt/cdi/datas.tf b/virt/cdi/datas.tf deleted file mode 100644 index 0794500..0000000 --- a/virt/cdi/datas.tf +++ /dev/null @@ -1,32 +0,0 @@ - -locals { - common-labels = { - "vynil.solidite.fr/owner-name" = var.instance - "vynil.solidite.fr/owner-namespace" = var.namespace - "vynil.solidite.fr/owner-category" = var.category - "vynil.solidite.fr/owner-component" = var.component - "app.kubernetes.io/managed-by" = "vynil" - "app.kubernetes.io/name" = var.component - "app.kubernetes.io/instance" = var.instance - } -} - -data "kustomization_overlay" "data" { - common_labels = local.common-labels - resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"] - images { - name = "quay.io/kubevirt/cdi-apiserver" - new_name = "${var.images.apiserver.registry}/${var.images.apiserver.repository}" - new_tag = "${var.images.apiserver.tag}" - } - images { - name = "quay.io/kubevirt/cdi-controller" - new_name = "${var.images.controller.registry}/${var.images.controller.repository}" - new_tag = "${var.images.controller.tag}" - } - images { - name = "quay.io/kubevirt/cdi-uploadproxy" - new_name = "${var.images.uploadproxy.registry}/${var.images.uploadproxy.repository}" - new_tag = "${var.images.uploadproxy.tag}" - } -} diff --git a/virt/cdi/index.rhai b/virt/cdi/index.rhai deleted file mode 100644 index 4f1d2d3..0000000 --- a/virt/cdi/index.rhai +++ /dev/null @@ -1,6 +0,0 @@ -const DEST=dest; -fn pre_install() { - shell(`openssl genrsa -out ${global::DEST}/privatekey.pem 4096`); - shell(`openssl rsa -in ${global::DEST}/privatekey.pem -pubout -out ${global::DEST}/publickey.pem`); - shell(`kubectl get secret -n $NAMESPACE cdi-api-signing-key|| kubectl create secret generic -n $NAMESPACE cdi-api-signing-key --from-file=privatekey.pem=${global::DEST}/privatekey.pem --from-file=publickey.pem=${global::DEST}/publickey.pem`); -} diff --git a/virt/cdi/index.yaml b/virt/cdi/index.yaml index 2c18556..06ae729 100644 --- a/virt/cdi/index.yaml +++ b/virt/cdi/index.yaml @@ -6,50 +6,105 @@ metadata: name: cdi description: Containerized Data Importer options: - duration: - default: 87660h - examples: - - 87660h - type: string images: default: apiserver: + pull_policy: IfNotPresent registry: quay.io repository: kubevirt/cdi-apiserver tag: v1.59.0 + cloner: + registry: quay.io + repository: kubevirt/cdi-cloner + tag: v1.59.0 controller: registry: quay.io repository: kubevirt/cdi-controller tag: v1.59.0 + importer: + registry: quay.io + repository: kubevirt/cdi-importer + tag: v1.59.0 + operator: + pull_policy: IfNotPresent + registry: quay.io + repository: kubevirt/cdi-operator + tag: v1.59.0 uploadproxy: registry: quay.io repository: kubevirt/cdi-uploadproxy tag: v1.59.0 + uploadserver: + registry: quay.io + repository: kubevirt/cdi-uploadserver + tag: v1.59.0 examples: - apiserver: + pull_policy: IfNotPresent registry: quay.io repository: kubevirt/cdi-apiserver tag: v1.59.0 + cloner: + registry: quay.io + repository: kubevirt/cdi-cloner + tag: v1.59.0 controller: registry: quay.io repository: kubevirt/cdi-controller tag: v1.59.0 + importer: + registry: quay.io + repository: kubevirt/cdi-importer + tag: v1.59.0 + operator: + pull_policy: IfNotPresent + registry: quay.io + repository: kubevirt/cdi-operator + tag: v1.59.0 uploadproxy: registry: quay.io repository: kubevirt/cdi-uploadproxy tag: v1.59.0 + uploadserver: + registry: quay.io + repository: kubevirt/cdi-uploadserver + tag: v1.59.0 properties: apiserver: default: + pull_policy: IfNotPresent registry: quay.io repository: kubevirt/cdi-apiserver tag: v1.59.0 + properties: + pull_policy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: quay.io + type: string + repository: + default: kubevirt/cdi-apiserver + type: string + tag: + default: v1.59.0 + type: string + type: object + cloner: + default: + registry: quay.io + repository: kubevirt/cdi-cloner + tag: v1.59.0 properties: registry: default: quay.io type: string repository: - default: kubevirt/cdi-apiserver + default: kubevirt/cdi-cloner type: string tag: default: v1.59.0 @@ -71,6 +126,46 @@ options: default: v1.59.0 type: string type: object + importer: + default: + registry: quay.io + repository: kubevirt/cdi-importer + tag: v1.59.0 + properties: + registry: + default: quay.io + type: string + repository: + default: kubevirt/cdi-importer + type: string + tag: + default: v1.59.0 + type: string + type: object + operator: + default: + pull_policy: IfNotPresent + registry: quay.io + repository: kubevirt/cdi-operator + tag: v1.59.0 + properties: + pull_policy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: quay.io + type: string + repository: + default: kubevirt/cdi-operator + type: string + tag: + default: v1.59.0 + type: string + type: object uploadproxy: default: registry: quay.io @@ -87,14 +182,24 @@ options: default: v1.59.0 type: string type: object + uploadserver: + default: + registry: quay.io + repository: kubevirt/cdi-uploadserver + tag: v1.59.0 + properties: + registry: + default: quay.io + type: string + repository: + default: kubevirt/cdi-uploadserver + type: string + tag: + default: v1.59.0 + type: string + type: object type: object dependencies: -- dist: null - category: core - component: cert-manager -- dist: null - category: core - component: secret-generator - dist: null category: crd component: cdi diff --git a/virt/cdi/monitoring.coreos.com_v1_PrometheusRule_prometheus-cdi-rules.yaml.hbs b/virt/cdi/monitoring.coreos.com_v1_PrometheusRule_prometheus-cdi-rules.yaml.hbs deleted file mode 100644 index cf0118a..0000000 --- a/virt/cdi/monitoring.coreos.com_v1_PrometheusRule_prometheus-cdi-rules.yaml.hbs +++ /dev/null @@ -1,79 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - prometheus.cdi.kubevirt.io: "true" - name: prometheus-cdi-rules - namespace: "{{ namespace }}" -spec: - groups: - - name: cdi.rules - rules: - - expr: sum(up{namespace='{{ namespace }}', pod=~'cdi-operator-.*'} or vector(0)) - record: kubevirt_cdi_operator_up_total - - expr: count(kube_pod_container_status_restarts_total{pod=~'importer-.*', container='importer'} > 3) - record: kubevirt_cdi_import_dv_unusual_restartcount_total - - expr: count(kube_pod_container_status_restarts_total{pod=~'cdi-upload-.*', container='cdi-upload-server'} > 3) - record: kubevirt_cdi_upload_dv_unusual_restartcount_total - - expr: count(kube_pod_container_status_restarts_total{pod=~'.*-source-pod', container='cdi-clone-source'} > 3) - record: kubevirt_cdi_clone_dv_unusual_restartcount_total - - expr: sum(kubevirt_cdi_dataimportcron_outdated or vector(0)) - record: kubevirt_cdi_dataimportcron_outdated_total - - alert: CDIOperatorDown - annotations: - runbook_url: https://kubevirt.io/monitoring/runbooks/CDIOperatorDown - summary: CDI operator is down - expr: kubevirt_cdi_operator_up_total == 0 - for: 5m - labels: - kubernetes_operator_component: containerized-data-importer - kubernetes_operator_part_of: kubevirt - operator_health_impact: critical - severity: warning - - alert: CDINotReady - annotations: - runbook_url: https://kubevirt.io/monitoring/runbooks/CDINotReady - summary: CDI is not available to use - expr: kubevirt_cdi_cr_ready == 0 - for: 5m - labels: - kubernetes_operator_component: containerized-data-importer - kubernetes_operator_part_of: kubevirt - operator_health_impact: critical - severity: warning - - alert: CDIDataVolumeUnusualRestartCount - annotations: - runbook_url: https://kubevirt.io/monitoring/runbooks/CDIDataVolumeUnusualRestartCount - summary: Cluster has DataVolumes (PVC population request) with an unusual restart count, meaning they are probably failing and need to be investigated - expr: kubevirt_cdi_import_dv_unusual_restartcount_total > 0 or kubevirt_cdi_upload_dv_unusual_restartcount_total > 0 or kubevirt_cdi_clone_dv_unusual_restartcount_total > 0 - for: 5m - labels: - kubernetes_operator_component: containerized-data-importer - kubernetes_operator_part_of: kubevirt - operator_health_impact: warning - severity: warning - - alert: CDIStorageProfilesIncomplete - annotations: - runbook_url: https://kubevirt.io/monitoring/runbooks/CDIStorageProfilesIncomplete - summary: Incomplete StorageProfiles exist, accessMode/volumeMode cannot be inferred by CDI for PVC population request - expr: kubevirt_cdi_incomplete_storageprofiles_total > 0 - for: 5m - labels: - kubernetes_operator_component: containerized-data-importer - kubernetes_operator_part_of: kubevirt - operator_health_impact: warning - severity: info - - alert: CDIDataImportCronOutdated - annotations: - runbook_url: https://kubevirt.io/monitoring/runbooks/CDIDataImportCronOutdated - summary: DataImportCron (recurring polling of VM templates disk image sources, also known as golden images) PVCs are not being updated on the defined schedule - expr: kubevirt_cdi_dataimportcron_outdated_total > 0 - for: 15m - labels: - kubernetes_operator_component: containerized-data-importer - kubernetes_operator_part_of: kubevirt - operator_health_impact: warning - severity: info \ No newline at end of file diff --git a/virt/cdi/monitoring.coreos.com_v1_ServiceMonitor_service-monitor-cdi.yaml.hbs b/virt/cdi/monitoring.coreos.com_v1_ServiceMonitor_service-monitor-cdi.yaml.hbs deleted file mode 100644 index cfdeccf..0000000 --- a/virt/cdi/monitoring.coreos.com_v1_ServiceMonitor_service-monitor-cdi.yaml.hbs +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - openshift.io/cluster-monitoring: "" - prometheus.cdi.kubevirt.io: "true" - name: service-monitor-cdi - namespace: "{{ namespace }}" -spec: - endpoints: - - bearerTokenSecret: - key: "" - port: metrics - scheme: http - tlsConfig: - ca: {} - cert: {} - insecureSkipVerify: true - namespaceSelector: - matchNames: - - "{{ namespace }}" - selector: - matchLabels: - prometheus.cdi.kubevirt.io: "true" \ No newline at end of file diff --git a/virt/cdi/operator_rbac.tf b/virt/cdi/operator_rbac.tf new file mode 100644 index 0000000..049dcc4 --- /dev/null +++ b/virt/cdi/operator_rbac.tf @@ -0,0 +1,584 @@ +resource "kubectl_manifest" "ServiceAccount_cdi-operator" { + yaml_body = <<-EOF + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: ${jsonencode(local.common-labels)} + name: cdi-operator + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} +EOF +} + +resource "kubectl_manifest" "ClusterRoleBinding_cdi-operator" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: ${jsonencode(local.common-labels)} + name: cdi-operator + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cdi-operator-cluster + subjects: + - kind: ServiceAccount + name: cdi-operator + namespace: ${var.namespace} +EOF +} + +resource "kubectl_manifest" "RoleBinding_cdi-operator" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: ${jsonencode(local.common-labels)} + name: cdi-operator + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cdi-operator + subjects: + - kind: ServiceAccount + name: cdi-operator + namespace: ${var.namespace} +EOF +} + +resource "kubectl_manifest" "ClusterRole_cdi-operator-cluster" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: ${jsonencode(local.common-labels)} + name: cdi-operator-cluster + rules: + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - get + - list + - watch + - update + - create + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + - customresourcedefinitions/status + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - cdi.kubevirt.io + - upload.cdi.kubevirt.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - list + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - cdi-api-dataimportcron-validate + - cdi-api-populator-validate + - cdi-api-datavolume-validate + - cdi-api-validate + - objecttransfer-api-validate + resources: + - validatingwebhookconfigurations + verbs: + - get + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - cdi-api-datavolume-mutate + - cdi-api-pvc-mutate + resources: + - mutatingwebhookconfigurations + verbs: + - get + - update + - delete + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - namespaces + verbs: + - get + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list + - watch + - apiGroups: + - cdi.kubevirt.io + resources: + - datavolumes + verbs: + - list + - get + - apiGroups: + - cdi.kubevirt.io + resources: + - datasources + verbs: + - get + - apiGroups: + - cdi.kubevirt.io + resources: + - volumeclonesources + verbs: + - get + - list + - watch + - apiGroups: + - cdi.kubevirt.io + resources: + - storageprofiles + verbs: + - get + - list + - watch + - apiGroups: + - cdi.kubevirt.io + resources: + - cdis + verbs: + - get + - list + - watch + - apiGroups: + - cdi.kubevirt.io + resources: + - cdiconfigs + verbs: + - get + - list + - watch + - apiGroups: + - cdi.kubevirt.io + resources: + - cdis/finalizers + verbs: + - update + - apiGroups: + - '' + resources: + - events + verbs: + - create + - patch + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - deletecollection + - patch + - apiGroups: + - '' + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - apiGroups: + - '' + resources: + - persistentvolumeclaims/finalizers + - pods/finalizers + verbs: + - update + - apiGroups: + - '' + resources: + - pods + - services + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - create + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - csidrivers + verbs: + - get + - list + - watch + - apiGroups: + - config.openshift.io + resources: + - proxies + verbs: + - get + - list + - watch + - apiGroups: + - config.openshift.io + resources: + - clusterversions + verbs: + - get + - apiGroups: + - cdi.kubevirt.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + - volumesnapshotclasses + - volumesnapshotcontents + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - update + - deletecollection + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - scheduling.k8s.io + resources: + - priorityclasses + verbs: + - get + - list + - watch + - apiGroups: + - image.openshift.io + resources: + - imagestreams + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - secrets + verbs: + - create + - apiGroups: + - kubevirt.io + resources: + - virtualmachines/finalizers + verbs: + - update + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - get + - apiGroups: + - cdi.kubevirt.io + resources: + - dataimportcrons + verbs: + - get + - list + - update +EOF +} + +resource "kubectl_manifest" "Role_cdi-operator" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: ${jsonencode(local.common-labels)} + name: cdi-operator + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + rules: + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - '' + resources: + - serviceaccounts + - configmaps + - events + - secrets + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - watch + - create + - update + - apiGroups: + - config.openshift.io + resources: + - proxies + verbs: + - get + - list + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + - prometheusrules + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update + - apiGroups: + - '' + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch + - create + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - '' + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + verbs: + - get + - list + - watch + - create + - update + - deletecollection + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - deletecollection + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - apiGroups: + - '' + resources: + - services + - endpoints + - pods + verbs: + - get + - list + - watch +EOF +} + diff --git a/virt/cdi/operator_workload.tf b/virt/cdi/operator_workload.tf new file mode 100644 index 0000000..e8ed21d --- /dev/null +++ b/virt/cdi/operator_workload.tf @@ -0,0 +1,89 @@ +resource "kubectl_manifest" "Deployment_cdi-operator" { + yaml_body = <<-EOF + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: ${jsonencode(local.common-labels)} + name: cdi-operator + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + spec: + replicas: 1 + selector: + matchLabels: + name: cdi-operator + operator.cdi.kubevirt.io: '' + strategy: {} + template: + metadata: + labels: + cdi.kubevirt.io: cdi-operator + name: cdi-operator + operator.cdi.kubevirt.io: '' + prometheus.cdi.kubevirt.io: 'true' + spec: + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: cdi.kubevirt.io + operator: In + values: + - cdi-operator + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - env: + - name: DEPLOY_CLUSTER_RESOURCES + value: 'true' + - name: OPERATOR_VERSION + value: ${var.images.apiserver.tag} + - name: CONTROLLER_IMAGE + value: ${var.images.controller.registry}/${var.images.controller.repository}:${var.images.controller.tag} + - name: IMPORTER_IMAGE + value: ${var.images.importer.registry}/${var.images.importer.repository}:${var.images.importer.tag} + - name: CLONER_IMAGE + value: ${var.images.cloner.registry}/${var.images.cloner.repository}:${var.images.cloner.tag} + - name: APISERVER_IMAGE + value: ${var.images.apiserver.registry}/${var.images.apiserver.repository}:${var.images.apiserver.tag} + - name: UPLOAD_SERVER_IMAGE + value: ${var.images.uploadserver.registry}/${var.images.uploadserver.repository}:${var.images.uploadserver.tag} + - name: UPLOAD_PROXY_IMAGE + value: ${var.images.uploadproxy.registry}/${var.images.uploadproxy.repository}:${var.images.uploadproxy.tag} + - name: VERBOSITY + value: '1' + - name: PULL_POLICY + value: ${var.images.apiserver.pull_policy} + - name: MONITORING_NAMESPACE + image: ${var.images.operator.registry}/${var.images.operator.repository}:${var.images.operator.tag} + imagePullPolicy: ${var.images.operator.pull_policy} + name: cdi-operator + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + requests: + cpu: 100m + memory: 150Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + serviceAccountName: cdi-operator + tolerations: + - key: CriticalAddonsOnly + operator: Exists +EOF +} + diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi-apiserver.yaml.hbs b/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi-apiserver.yaml.hbs deleted file mode 100644 index a210f07..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi-apiserver.yaml.hbs +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi-apiserver -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cdi-apiserver -subjects: - - kind: ServiceAccount - name: cdi-apiserver - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi-cronjob.yaml.hbs b/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi-cronjob.yaml.hbs deleted file mode 100644 index 98490cf..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi-cronjob.yaml.hbs +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi-cronjob -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cdi-cronjob -subjects: - - kind: ServiceAccount - name: cdi-cronjob - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi-sa.yaml.hbs b/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi-sa.yaml.hbs deleted file mode 100644 index e2d4c4a..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi-sa.yaml.hbs +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi-sa -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cdi -subjects: - - kind: ServiceAccount - name: cdi-sa - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi-uploadproxy.yaml.hbs b/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi-uploadproxy.yaml.hbs deleted file mode 100644 index c6ee0b0..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi-uploadproxy.yaml.hbs +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi-uploadproxy -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cdi-uploadproxy -subjects: - - kind: ServiceAccount - name: cdi-uploadproxy - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi.kubevirt.io:config-reader.yaml b/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi.kubevirt.io:config-reader.yaml deleted file mode 100644 index 9cb40d6..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi.kubevirt.io:config-reader.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi.kubevirt.io:config-reader -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cdi.kubevirt.io:config-reader -subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:authenticated - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:serviceaccount \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi-apiserver.yaml b/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi-apiserver.yaml deleted file mode 100644 index 6ac78df..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi-apiserver.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi-apiserver -rules: - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - get - - apiGroups: - - cdi.kubevirt.io - resources: - - datavolumes - verbs: - - list - - get - - apiGroups: - - cdi.kubevirt.io - resources: - - datasources - verbs: - - list - - get - - apiGroups: - - cdi.kubevirt.io - resources: - - cdis - verbs: - - get - - apiGroups: - - cdi.kubevirt.io - resources: - - cdis/finalizers - verbs: - - '*' \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi-cronjob.yaml b/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi-cronjob.yaml deleted file mode 100644 index 7f6c750..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi-cronjob.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi-cronjob -rules: - - apiGroups: - - cdi.kubevirt.io - resources: - - dataimportcrons - verbs: - - get - - list - - update \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi-uploadproxy.yaml b/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi-uploadproxy.yaml deleted file mode 100644 index 0dce55b..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi-uploadproxy.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi-uploadproxy -rules: - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.kubevirt.io:admin.yaml b/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.kubevirt.io:admin.yaml deleted file mode 100644 index e7d8828..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.kubevirt.io:admin.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - rbac.authorization.k8s.io/aggregate-to-admin: "true" - name: cdi.kubevirt.io:admin -rules: - - apiGroups: - - cdi.kubevirt.io - resources: - - datavolumes - verbs: - - '*' - - apiGroups: - - cdi.kubevirt.io - resources: - - datavolumes/source - verbs: - - create - - apiGroups: - - upload.cdi.kubevirt.io - resources: - - uploadtokenrequests - verbs: - - '*' \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.kubevirt.io:config-reader.yaml b/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.kubevirt.io:config-reader.yaml deleted file mode 100644 index 6ad7dab..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.kubevirt.io:config-reader.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi.kubevirt.io:config-reader -rules: - - apiGroups: - - cdi.kubevirt.io - resources: - - cdiconfigs - - storageprofiles - verbs: - - get - - list - - watch \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.kubevirt.io:edit.yaml b/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.kubevirt.io:edit.yaml deleted file mode 100644 index 9fafc6d..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.kubevirt.io:edit.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - name: cdi.kubevirt.io:edit -rules: - - apiGroups: - - cdi.kubevirt.io - resources: - - datavolumes - verbs: - - '*' - - apiGroups: - - cdi.kubevirt.io - resources: - - datavolumes/source - verbs: - - create - - apiGroups: - - upload.cdi.kubevirt.io - resources: - - uploadtokenrequests - verbs: - - '*' \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.kubevirt.io:view.yaml b/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.kubevirt.io:view.yaml deleted file mode 100644 index 9ba2d65..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.kubevirt.io:view.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: cdi.kubevirt.io:view -rules: - - apiGroups: - - cdi.kubevirt.io - resources: - - cdiconfigs - - dataimportcrons - - datasources - - datavolumes - - objecttransfers - - storageprofiles - - volumeimportsources - - volumeuploadsources - - volumeclonesources - verbs: - - get - - list - - watch - - apiGroups: - - cdi.kubevirt.io - resources: - - datavolumes/source - verbs: - - create \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.yaml b/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.yaml deleted file mode 100644 index 0f5a94b..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.yaml +++ /dev/null @@ -1,134 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi -rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - "" - resources: - - persistentvolumes - - persistentvolumeclaims - verbs: - - get - - list - - watch - - create - - update - - delete - - deletecollection - - patch - - apiGroups: - - "" - resources: - - persistentvolumeclaims/finalizers - - pods/finalizers - verbs: - - update - - apiGroups: - - "" - resources: - - pods - - services - verbs: - - get - - list - - watch - - create - - delete - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - create - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - - csidrivers - verbs: - - get - - list - - watch - - apiGroups: - - config.openshift.io - resources: - - proxies - verbs: - - get - - list - - watch - - apiGroups: - - cdi.kubevirt.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - snapshot.storage.k8s.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - scheduling.k8s.io - resources: - - priorityclasses - verbs: - - get - - list - - watch - - apiGroups: - - image.openshift.io - resources: - - imagestreams - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - apiGroups: - - batch - resources: - - cronjobs - verbs: - - list - - watch - - apiGroups: - - batch - resources: - - jobs - verbs: - - list - - watch - - apiGroups: - - kubevirt.io - resources: - - virtualmachines/finalizers - verbs: - - update \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_RoleBinding_cdi-apiserver.yaml.hbs b/virt/cdi/rbac.authorization.k8s.io_v1_RoleBinding_cdi-apiserver.yaml.hbs deleted file mode 100644 index 5b5f918..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_RoleBinding_cdi-apiserver.yaml.hbs +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi-apiserver - namespace: "{{ namespace }}" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cdi-apiserver -subjects: - - kind: ServiceAccount - name: cdi-apiserver \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_RoleBinding_cdi-deployment.yaml.hbs b/virt/cdi/rbac.authorization.k8s.io_v1_RoleBinding_cdi-deployment.yaml.hbs deleted file mode 100644 index 888abbc..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_RoleBinding_cdi-deployment.yaml.hbs +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi-deployment - namespace: "{{ namespace }}" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cdi-deployment -subjects: - - kind: ServiceAccount - name: cdi-sa \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_RoleBinding_cdi-monitoring.yaml.hbs b/virt/cdi/rbac.authorization.k8s.io_v1_RoleBinding_cdi-monitoring.yaml.hbs deleted file mode 100644 index 21b8690..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_RoleBinding_cdi-monitoring.yaml.hbs +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - prometheus.cdi.kubevirt.io: "true" - name: cdi-monitoring - namespace: "{{ namespace }}" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cdi-monitoring -subjects: - - kind: ServiceAccount - name: prometheus-k8s - namespace: monitoring \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_RoleBinding_cdi-uploadproxy.yaml.hbs b/virt/cdi/rbac.authorization.k8s.io_v1_RoleBinding_cdi-uploadproxy.yaml.hbs deleted file mode 100644 index d03038a..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_RoleBinding_cdi-uploadproxy.yaml.hbs +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi-uploadproxy - namespace: "{{ namespace }}" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cdi-uploadproxy -subjects: - - kind: ServiceAccount - name: cdi-uploadproxy \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_Role_cdi-apiserver.yaml.hbs b/virt/cdi/rbac.authorization.k8s.io_v1_Role_cdi-apiserver.yaml.hbs deleted file mode 100644 index 67696b9..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_Role_cdi-apiserver.yaml.hbs +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi-apiserver - namespace: "{{ namespace }}" -rules: - - apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - '*' \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_Role_cdi-deployment.yaml.hbs b/virt/cdi/rbac.authorization.k8s.io_v1_Role_cdi-deployment.yaml.hbs deleted file mode 100644 index 8858687..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_Role_cdi-deployment.yaml.hbs +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi-deployment - namespace: "{{ namespace }}" -rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - '*' - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - batch - resources: - - cronjobs - verbs: - - get - - list - - watch - - create - - update - - delete - - apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - '*' - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - route.openshift.io - resources: - - routes - verbs: - - get - - list - - watch \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_Role_cdi-monitoring.yaml.hbs b/virt/cdi/rbac.authorization.k8s.io_v1_Role_cdi-monitoring.yaml.hbs deleted file mode 100644 index f138e18..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_Role_cdi-monitoring.yaml.hbs +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - prometheus.cdi.kubevirt.io: "true" - name: cdi-monitoring - namespace: "{{ namespace }}" -rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch \ No newline at end of file diff --git a/virt/cdi/rbac.authorization.k8s.io_v1_Role_cdi-uploadproxy.yaml.hbs b/virt/cdi/rbac.authorization.k8s.io_v1_Role_cdi-uploadproxy.yaml.hbs deleted file mode 100644 index e92207c..0000000 --- a/virt/cdi/rbac.authorization.k8s.io_v1_Role_cdi-uploadproxy.yaml.hbs +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi-uploadproxy - namespace: "{{ namespace }}" -rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get \ No newline at end of file diff --git a/virt/cdi/scheduling.k8s.io_v1_PriorityClass_cdi-cluster-critical.yaml b/virt/cdi/scheduling.k8s.io_v1_PriorityClass_cdi-cluster-critical.yaml deleted file mode 100644 index 9cd0696..0000000 --- a/virt/cdi/scheduling.k8s.io_v1_PriorityClass_cdi-cluster-critical.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for KubeVirt core components only. -kind: PriorityClass -metadata: - name: cdi-cluster-critical -preemptionPolicy: PreemptLowerPriority -value: 1000000000 \ No newline at end of file diff --git a/virt/cdi/v1_ConfigMap_cdi-config.yaml.hbs b/virt/cdi/v1_ConfigMap_cdi-config.yaml.hbs deleted file mode 100644 index c6f1a97..0000000 --- a/virt/cdi/v1_ConfigMap_cdi-config.yaml.hbs +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - name: cdi-config - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/cdi/v1_ServiceAccount_cdi-apiserver.yaml.hbs b/virt/cdi/v1_ServiceAccount_cdi-apiserver.yaml.hbs deleted file mode 100644 index 030fc0d..0000000 --- a/virt/cdi/v1_ServiceAccount_cdi-apiserver.yaml.hbs +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi-apiserver - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/cdi/v1_ServiceAccount_cdi-cronjob.yaml.hbs b/virt/cdi/v1_ServiceAccount_cdi-cronjob.yaml.hbs deleted file mode 100644 index f943218..0000000 --- a/virt/cdi/v1_ServiceAccount_cdi-cronjob.yaml.hbs +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi-cronjob - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/cdi/v1_ServiceAccount_cdi-sa.yaml.hbs b/virt/cdi/v1_ServiceAccount_cdi-sa.yaml.hbs deleted file mode 100644 index f778c85..0000000 --- a/virt/cdi/v1_ServiceAccount_cdi-sa.yaml.hbs +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi-sa - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/cdi/v1_ServiceAccount_cdi-uploadproxy.yaml.hbs b/virt/cdi/v1_ServiceAccount_cdi-uploadproxy.yaml.hbs deleted file mode 100644 index 1e72da4..0000000 --- a/virt/cdi/v1_ServiceAccount_cdi-uploadproxy.yaml.hbs +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - name: cdi-uploadproxy - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/cdi/v1_Service_cdi-api.yaml.hbs b/virt/cdi/v1_Service_cdi-api.yaml.hbs deleted file mode 100644 index 22cf0cc..0000000 --- a/virt/cdi/v1_Service_cdi-api.yaml.hbs +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: cdi-apiserver - name: cdi-api - namespace: "{{ namespace }}" -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 8443 - selector: - cdi.kubevirt.io: cdi-apiserver - sessionAffinity: None - type: ClusterIP \ No newline at end of file diff --git a/virt/cdi/v1_Service_cdi-prometheus-metrics.yaml.hbs b/virt/cdi/v1_Service_cdi-prometheus-metrics.yaml.hbs deleted file mode 100644 index 38fbd4c..0000000 --- a/virt/cdi/v1_Service_cdi-prometheus-metrics.yaml.hbs +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: "" - prometheus.cdi.kubevirt.io: "true" - name: cdi-prometheus-metrics - namespace: "{{ namespace }}" -spec: - ports: - - name: metrics - port: 8080 - protocol: TCP - targetPort: metrics - selector: - prometheus.cdi.kubevirt.io: "true" - sessionAffinity: None - type: ClusterIP \ No newline at end of file diff --git a/virt/cdi/v1_Service_cdi-uploadproxy.yaml.hbs b/virt/cdi/v1_Service_cdi-uploadproxy.yaml.hbs deleted file mode 100644 index 82055c0..0000000 --- a/virt/cdi/v1_Service_cdi-uploadproxy.yaml.hbs +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: storage - app.kubernetes.io/managed-by: cdi-operator - cdi.kubevirt.io: cdi-uploadproxy - name: cdi-uploadproxy - namespace: "{{ namespace }}" -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 8443 - selector: - cdi.kubevirt.io: cdi-uploadproxy - sessionAffinity: None - type: ClusterIP \ No newline at end of file diff --git a/virt/kubevirt/admissionregistration.k8s.io_v1_MutatingWebhookConfiguration_virt-api-mutator.yaml.hbs b/virt/kubevirt/admissionregistration.k8s.io_v1_MutatingWebhookConfiguration_virt-api-mutator.yaml.hbs deleted file mode 100644 index cfffd74..0000000 --- a/virt/kubevirt/admissionregistration.k8s.io_v1_MutatingWebhookConfiguration_virt-api-mutator.yaml.hbs +++ /dev/null @@ -1,124 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: "{{ namespace }}/kubevirt-virt-api-certs" - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: virt-api-mutator - name: virt-api-mutator -webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /virtualmachines-mutate - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: virtualmachines-mutator.kubevirt.io - namespaceSelector: {} - objectSelector: {} - reinvocationPolicy: Never - rules: - - apiGroups: - - kubevirt.io - apiVersions: - - v1alpha3 - - v1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachines - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /virtualmachineinstances-mutate - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: virtualmachineinstances-mutator.kubevirt.io - namespaceSelector: {} - objectSelector: {} - reinvocationPolicy: Never - rules: - - apiGroups: - - kubevirt.io - apiVersions: - - v1alpha3 - - v1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachineinstances - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /migration-mutate-create - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: migrations-mutator.kubevirt.io - namespaceSelector: {} - objectSelector: {} - reinvocationPolicy: Never - rules: - - apiGroups: - - kubevirt.io - apiVersions: - - v1alpha3 - - v1 - operations: - - CREATE - resources: - - virtualmachineinstancemigrations - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /vm-clone-mutate-create - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: virtualmachineclones-mutator.kubevirt.io - namespaceSelector: {} - objectSelector: {} - reinvocationPolicy: Never - rules: - - apiGroups: - - clone.kubevirt.io - apiVersions: - - v1alpha1 - operations: - - CREATE - resources: - - virtualmachineclones - scope: '*' - sideEffects: None - timeoutSeconds: 10 \ No newline at end of file diff --git a/virt/kubevirt/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_virt-api-validator.yaml.hbs b/virt/kubevirt/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_virt-api-validator.yaml.hbs deleted file mode 100644 index a0aa193..0000000 --- a/virt/kubevirt/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_virt-api-validator.yaml.hbs +++ /dev/null @@ -1,537 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: "{{ namespace }}/kubevirt-virt-api-certs" - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: virt-api-validator - name: virt-api-validator -webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /launcher-eviction-validate - port: 443 - failurePolicy: Ignore - matchPolicy: Equivalent - name: virt-launcher-eviction-interceptor.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - '*' - resources: - - pods/eviction - scope: '*' - sideEffects: NoneOnDryRun - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /virtualmachineinstances-validate-create - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: virtualmachineinstances-create-validator.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - kubevirt.io - apiVersions: - - v1alpha3 - - v1 - operations: - - CREATE - resources: - - virtualmachineinstances - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /virtualmachineinstances-validate-update - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: virtualmachineinstances-update-validator.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - kubevirt.io - apiVersions: - - v1alpha3 - - v1 - operations: - - UPDATE - resources: - - virtualmachineinstances - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /virtualmachines-validate - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: virtualmachine-validator.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - kubevirt.io - apiVersions: - - v1alpha3 - - v1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachines - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /virtualmachinereplicaset-validate - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: virtualmachinereplicaset-validator.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - kubevirt.io - apiVersions: - - v1alpha3 - - v1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachineinstancereplicasets - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /virtualmachinepool-validate - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: virtualmachinepool-validator.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - pool.kubevirt.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachinepools - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /vmipreset-validate - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: virtualmachinepreset-validator.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - kubevirt.io - apiVersions: - - v1alpha3 - - v1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachineinstancepresets - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /migration-validate-create - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: migration-create-validator.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - kubevirt.io - apiVersions: - - v1alpha3 - - v1 - operations: - - CREATE - resources: - - virtualmachineinstancemigrations - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /migration-validate-update - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: migration-update-validator.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - kubevirt.io - apiVersions: - - v1alpha3 - - v1 - operations: - - UPDATE - resources: - - virtualmachineinstancemigrations - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /virtualmachinesnapshots-validate - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: virtualmachinesnapshot-validator.snapshot.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - snapshot.kubevirt.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachinesnapshots - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /virtualmachinerestores-validate - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: virtualmachinerestore-validator.snapshot.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - snapshot.kubevirt.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachinerestores - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /virtualmachineexports-validate - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: virtualmachineexport-validator.export.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - export.kubevirt.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachineexports - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /virtualmachineinstancetypes-validate - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: virtualmachineinstancetype-validator.instancetype.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - instancetype.kubevirt.io - apiVersions: - - v1alpha1 - - v1alpha2 - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachineinstancetypes - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /virtualmachineclusterinstancetypes-validate - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: virtualmachineclusterinstancetype-validator.instancetype.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - instancetype.kubevirt.io - apiVersions: - - v1alpha1 - - v1alpha2 - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachineclusterinstancetypes - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /virtualmachinepreferences-validate - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: virtualmachinepreference-validator.instancetype.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - instancetype.kubevirt.io - apiVersions: - - v1alpha1 - - v1alpha2 - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachinepreferences - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /virtualmachineclusterpreferences-validate - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: virtualmachineclusterpreference-validator.instancetype.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - instancetype.kubevirt.io - apiVersions: - - v1alpha1 - - v1alpha2 - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachineclusterpreferences - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /status-validate - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: kubevirt-crd-status-validator.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - kubevirt.io - apiVersions: - - v1alpha3 - - v1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachines/status - - virtualmachineinstancereplicasets/status - - virtualmachineinstancemigrations/status - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /migration-policy-validate-create - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: migration-policy-validator.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - migrations.kubevirt.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - migrationpolicies - scope: '*' - sideEffects: None - timeoutSeconds: 10 - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: virt-api - namespace: "{{ namespace }}" - path: /vm-clone-validate-create - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: vm-clone-validator.kubevirt.io - namespaceSelector: {} - objectSelector: {} - rules: - - apiGroups: - - clone.kubevirt.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachineclones - scope: '*' - sideEffects: None - timeoutSeconds: 10 \ No newline at end of file diff --git a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1.subresources.kubevirt.io.yaml.hbs b/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1.subresources.kubevirt.io.yaml.hbs deleted file mode 100644 index f7b3d15..0000000 --- a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1.subresources.kubevirt.io.yaml.hbs +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - annotations: - cert-manager.io/inject-ca-from: "{{ namespace }}/kubevirt-virt-api-certs" - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: virt-api-aggregator - name: v1.subresources.kubevirt.io -spec: - group: subresources.kubevirt.io - groupPriorityMinimum: 1000 - service: - name: virt-api - namespace: "{{ namespace }}" - port: 443 - version: v1 - versionPriority: 15 \ No newline at end of file diff --git a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.clone.kubevirt.io.yaml b/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.clone.kubevirt.io.yaml deleted file mode 100644 index ab3b97d..0000000 --- a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.clone.kubevirt.io.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - labels: - kube-aggregator.kubernetes.io/automanaged: "true" - name: v1alpha1.clone.kubevirt.io -spec: - group: clone.kubevirt.io - groupPriorityMinimum: 1000 - version: v1alpha1 - versionPriority: 100 \ No newline at end of file diff --git a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.export.kubevirt.io.yaml b/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.export.kubevirt.io.yaml deleted file mode 100644 index 8663624..0000000 --- a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.export.kubevirt.io.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - labels: - kube-aggregator.kubernetes.io/automanaged: "true" - name: v1alpha1.export.kubevirt.io -spec: - group: export.kubevirt.io - groupPriorityMinimum: 1000 - version: v1alpha1 - versionPriority: 100 \ No newline at end of file diff --git a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.instancetype.kubevirt.io.yaml b/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.instancetype.kubevirt.io.yaml deleted file mode 100644 index 0d51e3a..0000000 --- a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.instancetype.kubevirt.io.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - labels: - kube-aggregator.kubernetes.io/automanaged: "true" - name: v1alpha1.instancetype.kubevirt.io -spec: - group: instancetype.kubevirt.io - groupPriorityMinimum: 1000 - version: v1alpha1 - versionPriority: 100 \ No newline at end of file diff --git a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.migrations.kubevirt.io.yaml b/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.migrations.kubevirt.io.yaml deleted file mode 100644 index f0b50c9..0000000 --- a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.migrations.kubevirt.io.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - labels: - kube-aggregator.kubernetes.io/automanaged: "true" - name: v1alpha1.migrations.kubevirt.io -spec: - group: migrations.kubevirt.io - groupPriorityMinimum: 1000 - version: v1alpha1 - versionPriority: 100 \ No newline at end of file diff --git a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.pool.kubevirt.io.yaml b/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.pool.kubevirt.io.yaml deleted file mode 100644 index c11c317..0000000 --- a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.pool.kubevirt.io.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - labels: - kube-aggregator.kubernetes.io/automanaged: "true" - name: v1alpha1.pool.kubevirt.io -spec: - group: pool.kubevirt.io - groupPriorityMinimum: 1000 - version: v1alpha1 - versionPriority: 100 \ No newline at end of file diff --git a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.snapshot.kubevirt.io.yaml b/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.snapshot.kubevirt.io.yaml deleted file mode 100644 index 02684a6..0000000 --- a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.snapshot.kubevirt.io.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - labels: - kube-aggregator.kubernetes.io/automanaged: "true" - name: v1alpha1.snapshot.kubevirt.io -spec: - group: snapshot.kubevirt.io - groupPriorityMinimum: 1000 - version: v1alpha1 - versionPriority: 100 \ No newline at end of file diff --git a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha2.instancetype.kubevirt.io.yaml b/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha2.instancetype.kubevirt.io.yaml deleted file mode 100644 index 46bba33..0000000 --- a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha2.instancetype.kubevirt.io.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - labels: - kube-aggregator.kubernetes.io/automanaged: "true" - name: v1alpha2.instancetype.kubevirt.io -spec: - group: instancetype.kubevirt.io - groupPriorityMinimum: 1000 - version: v1alpha2 - versionPriority: 100 \ No newline at end of file diff --git a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha3.subresources.kubevirt.io.yaml.hbs b/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha3.subresources.kubevirt.io.yaml.hbs deleted file mode 100644 index a3429ff..0000000 --- a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha3.subresources.kubevirt.io.yaml.hbs +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - annotations: - cert-manager.io/inject-ca-from: "{{ namespace }}/kubevirt-virt-api-certs" - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: virt-api-aggregator - name: v1alpha3.subresources.kubevirt.io -spec: - group: subresources.kubevirt.io - groupPriorityMinimum: 1000 - service: - name: virt-api - namespace: "{{ namespace }}" - port: 443 - version: v1alpha3 - versionPriority: 15 \ No newline at end of file diff --git a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1beta1.instancetype.kubevirt.io.yaml b/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1beta1.instancetype.kubevirt.io.yaml deleted file mode 100644 index 4f106de..0000000 --- a/virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1beta1.instancetype.kubevirt.io.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - labels: - kube-aggregator.kubernetes.io/automanaged: "true" - name: v1beta1.instancetype.kubevirt.io -spec: - group: instancetype.kubevirt.io - groupPriorityMinimum: 1000 - version: v1beta1 - versionPriority: 100 \ No newline at end of file diff --git a/virt/kubevirt/apps_v1_DaemonSet_virt-handler.yaml.hbs b/virt/kubevirt/apps_v1_DaemonSet_virt-handler.yaml.hbs deleted file mode 100644 index 50e4af4..0000000 --- a/virt/kubevirt/apps_v1_DaemonSet_virt-handler.yaml.hbs +++ /dev/null @@ -1,209 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - app.kubernetes.io/version: v1.0.1 - kubevirt.io: virt-handler - name: virt-handler - namespace: "{{ namespace }}" -spec: - revisionHistoryLimit: 10 - selector: - matchLabels: - kubevirt.io: virt-handler - template: - metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - app.kubernetes.io/version: v1.0.1 - kubevirt.io: virt-handler - prometheus.kubevirt.io: "true" - name: virt-handler - spec: - containers: - - args: - - --port - - "8443" - - --hostname-override - - $(NODE_NAME) - - --pod-ip-address - - $(MY_POD_IP) - - --max-metric-requests - - "3" - - --console-server-port - - "8186" - - --graceful-shutdown-seconds - - "315" - - -v - - "2" - command: - - virt-handler - env: - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: MY_POD_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - image: quay.io/kubevirt/virt-handler@sha256:138dfda5fea8622f3da0d6413fe214fef80c2fd6a6f9533592a0dbfa7e1865b5 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - initialDelaySeconds: 15 - periodSeconds: 45 - successThreshold: 1 - timeoutSeconds: 10 - name: virt-handler - ports: - - containerPort: 8443 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - initialDelaySeconds: 15 - periodSeconds: 20 - successThreshold: 1 - timeoutSeconds: 10 - resources: - requests: - cpu: 10m - memory: 325Mi - securityContext: - privileged: true - seLinuxOptions: - level: s0 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /etc/virt-handler/clientcertificates - name: kubevirt-virt-handler-certs - readOnly: true - - mountPath: /etc/virt-handler/servercertificates - name: kubevirt-virt-handler-server-certs - readOnly: true - - mountPath: /profile-data - name: profile-data - - mountPath: /var/run/kubevirt-libvirt-runtimes - name: libvirt-runtimes - - mountPath: /var/run/kubevirt - mountPropagation: Bidirectional - name: virt-share-dir - - mountPath: /var/lib/kubevirt - name: virt-lib-dir - - mountPath: /var/run/kubevirt-private - name: virt-private-dir - - mountPath: /var/lib/kubelet/device-plugins - name: device-plugin - - mountPath: /pods - name: kubelet-pods-shortened - - mountPath: /var/lib/kubelet/pods - mountPropagation: Bidirectional - name: kubelet-pods - - mountPath: /var/lib/kubevirt-node-labeller - name: node-labeller - - mountPath: /etc/podinfo - name: podinfo - dnsPolicy: ClusterFirst - hostPID: true - initContainers: - - args: - - node-labeller.sh - command: - - /bin/sh - - -c - image: quay.io/kubevirt/virt-launcher@sha256:4c5fce3de2e2589197de72fb0c9436490ea318aca952c05a622c43e067023f35 - imagePullPolicy: IfNotPresent - name: virt-launcher - resources: {} - securityContext: - privileged: true - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /var/lib/kubevirt-node-labeller - name: node-labeller - nodeSelector: - kubernetes.io/os: linux - priorityClassName: kubevirt-cluster-critical - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - serviceAccount: kubevirt-handler - serviceAccountName: kubevirt-handler - terminationGracePeriodSeconds: 30 - tolerations: - - key: CriticalAddonsOnly - operator: Exists - volumes: - - name: kubevirt-virt-handler-certs - secret: - defaultMode: 420 - optional: true - secretName: kubevirt-virt-handler-certs - - name: kubevirt-virt-handler-server-certs - secret: - defaultMode: 420 - optional: true - secretName: kubevirt-virt-handler-server-certs - - emptyDir: {} - name: profile-data - - hostPath: - path: /var/run/kubevirt-libvirt-runtimes - type: "" - name: libvirt-runtimes - - hostPath: - path: /var/run/kubevirt - type: "" - name: virt-share-dir - - hostPath: - path: /var/lib/kubevirt - type: "" - name: virt-lib-dir - - hostPath: - path: /var/run/kubevirt-private - type: "" - name: virt-private-dir - - hostPath: - path: /var/lib/kubelet/device-plugins - type: "" - name: device-plugin - - hostPath: - path: /var/lib/kubelet/pods - type: "" - name: kubelet-pods-shortened - - hostPath: - path: /var/lib/kubelet/pods - type: "" - name: kubelet-pods - - hostPath: - path: /var/lib/kubevirt-node-labeller - type: "" - name: node-labeller - - downwardAPI: - defaultMode: 420 - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.annotations['k8s.v1.cni.cncf.io/network-status'] - path: network-status - name: podinfo - updateStrategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate \ No newline at end of file diff --git a/virt/kubevirt/apps_v1_Deployment_virt-api.yaml.hbs b/virt/kubevirt/apps_v1_Deployment_virt-api.yaml.hbs deleted file mode 100644 index 654513a..0000000 --- a/virt/kubevirt/apps_v1_Deployment_virt-api.yaml.hbs +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - app.kubernetes.io/name: virt-api - app.kubernetes.io/version: v1.0.1 - kubevirt.io: virt-api - name: virt-api - namespace: "{{ namespace }}" -spec: - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - kubevirt.io: virt-api - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - app.kubernetes.io/version: v1.0.1 - kubevirt.io: virt-api - prometheus.kubevirt.io: "true" - name: virt-api - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: kubevirt.io - operator: In - values: - - virt-api - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - args: - - --port - - "8443" - - --console-server-port - - "8186" - - --subresources-only - - -v - - "2" - command: - - virt-api - image: quay.io/kubevirt/virt-api@sha256:707003b221496b4432da2f507d1e36e528b45888b5d321e06d460f0678da44ae - imagePullPolicy: IfNotPresent - name: virt-api - ports: - - containerPort: 8443 - name: virt-api - protocol: TCP - - containerPort: 8443 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /apis/subresources.kubevirt.io/v1/healthz - port: 8443 - scheme: HTTPS - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 5m - memory: 500Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /etc/virt-api/certificates - name: kubevirt-virt-api-certs - readOnly: true - - mountPath: /etc/virt-handler/clientcertificates - name: kubevirt-virt-handler-certs - readOnly: true - - mountPath: /profile-data - name: profile-data - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - priorityClassName: kubevirt-cluster-critical - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccount: kubevirt-apiserver - serviceAccountName: kubevirt-apiserver - terminationGracePeriodSeconds: 30 - tolerations: - - key: CriticalAddonsOnly - operator: Exists - volumes: - - name: kubevirt-virt-api-certs - secret: - defaultMode: 420 - optional: true - secretName: kubevirt-virt-api-certs - - name: kubevirt-virt-handler-certs - secret: - defaultMode: 420 - optional: true - secretName: kubevirt-virt-handler-certs - - emptyDir: {} - name: profile-data \ No newline at end of file diff --git a/virt/kubevirt/apps_v1_Deployment_virt-controller.yaml.hbs b/virt/kubevirt/apps_v1_Deployment_virt-controller.yaml.hbs deleted file mode 100644 index 921421d..0000000 --- a/virt/kubevirt/apps_v1_Deployment_virt-controller.yaml.hbs +++ /dev/null @@ -1,135 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - app.kubernetes.io/name: virt-controller - app.kubernetes.io/version: v1.0.1 - kubevirt.io: virt-controller - name: virt-controller - namespace: "{{ namespace }}" -spec: - progressDeadlineSeconds: 600 - replicas: 2 - revisionHistoryLimit: 10 - selector: - matchLabels: - kubevirt.io: virt-controller - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - app.kubernetes.io/version: v1.0.1 - kubevirt.io: virt-controller - prometheus.kubevirt.io: "true" - name: virt-controller - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: kubevirt.io - operator: In - values: - - virt-controller - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - args: - - --launcher-image - - quay.io/kubevirt/virt-launcher@sha256:4c5fce3de2e2589197de72fb0c9436490ea318aca952c05a622c43e067023f35 - - --exporter-image - - quay.io/kubevirt/virt-exportserver@sha256:73311f79a9c71007f8572b3cc40cd6f6da404c7ef0a9c6509fb717d979546582 - - --port - - "8443" - - -v - - "2" - command: - - virt-controller - image: quay.io/kubevirt/virt-controller@sha256:0789fafed2913b35a771e3db882748502b3250be04ece86d97f30201779b4e54 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 8 - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - name: virt-controller - ports: - - containerPort: 8443 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /leader - port: 8443 - scheme: HTTPS - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - resources: - requests: - cpu: 10m - memory: 275Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /etc/virt-controller/certificates - name: kubevirt-controller-certs - readOnly: true - - mountPath: /etc/virt-controller/exportca - name: kubevirt-export-ca - readOnly: true - - mountPath: /profile-data - name: profile-data - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - priorityClassName: kubevirt-cluster-critical - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccount: kubevirt-controller - serviceAccountName: kubevirt-controller - terminationGracePeriodSeconds: 30 - tolerations: - - key: CriticalAddonsOnly - operator: Exists - volumes: - - name: kubevirt-controller-certs - secret: - defaultMode: 420 - optional: true - secretName: kubevirt-controller-certs - - name: kubevirt-export-ca - secret: - defaultMode: 420 - optional: true - secretName: kubevirt-export-ca - - emptyDir: {} - name: profile-data \ No newline at end of file diff --git a/virt/kubevirt/certs.tf b/virt/kubevirt/certs.tf deleted file mode 100644 index 195adf8..0000000 --- a/virt/kubevirt/certs.tf +++ /dev/null @@ -1,209 +0,0 @@ -resource "kubectl_manifest" "issuer" { - yaml_body = <<-EOF - apiVersion: "cert-manager.io/v1" - kind: "Issuer" - metadata: - name: "kubevirt-selfsigned" - namespace: "${var.namespace}" - labels: ${jsonencode(local.common-labels)} - spec: - selfSigned: {} - EOF -} -resource "kubectl_manifest" "kubevirt-ca-cert" { - yaml_body = <<-EOF - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: kubevirt-ca - namespace: "${var.namespace}" - labels: ${jsonencode(local.common-labels)} - spec: - isCA: true - duration: "${var.duration}" - commonName: "kubevirt-ca" - secretName: kubevirt-ca - issuerRef: - name: kubevirt-selfsigned - EOF -} -resource "kubectl_manifest" "kubevirt-export-ca-cert" { - yaml_body = <<-EOF - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: kubevirt-export-ca - namespace: "${var.namespace}" - labels: ${jsonencode(local.common-labels)} - spec: - isCA: true - duration: "${var.duration}" - commonName: "kubevirt-export-ca" - secretName: kubevirt-export-ca - issuerRef: - name: kubevirt-selfsigned - EOF -} -resource "kubectl_manifest" "kubevirt-export-ca" { - yaml_body = <<-EOF - apiVersion: "cert-manager.io/v1" - kind: "Issuer" - metadata: - name: "kubevirt-export-ca" - namespace: ${var.namespace} - labels: ${jsonencode(local.common-labels)} - spec: - ca: - secretName: "kubevirt-export-ca" - EOF -} -resource "kubectl_manifest" "kubevirt-ca" { - yaml_body = <<-EOF - apiVersion: "cert-manager.io/v1" - kind: "Issuer" - metadata: - name: "kubevirt-ca" - namespace: ${var.namespace} - labels: ${jsonencode(local.common-labels)} - spec: - ca: - secretName: "kubevirt-ca" - EOF -} -resource "kubectl_manifest" "kubevirt-virt-api-certs" { - yaml_body = <<-EOF - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: "kubevirt-virt-api-certs" - labels: ${jsonencode(local.common-labels)} - namespace: ${var.namespace} - spec: - dnsNames: - - virt-api - - virt-api.${var.namespace} - - virt-api.${var.namespace}.svc - - virt-api.${var.namespace}.svc.cluster.local - issuerRef: - kind: Issuer - name: kubevirt-ca - secretName: kubevirt-virt-api-certs - subject: - organizationalUnits: - - kubevirt-virt-api - EOF -} -resource "kubectl_manifest" "kubevirt-controller-certs" { - yaml_body = <<-EOF - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: "kubevirt-controller-certs" - labels: ${jsonencode(local.common-labels)} - namespace: ${var.namespace} - spec: - dnsNames: - - virt-controller - - virt-controller.${var.namespace} - - virt-controller.${var.namespace}.svc - - virt-controller.${var.namespace}.svc.cluster.local - issuerRef: - kind: Issuer - name: kubevirt-ca - secretName: kubevirt-controller-certs - subject: - organizationalUnits: - - kubevirt-virt-controller - EOF -} -resource "kubectl_manifest" "kubevirt-exportproxy-certs" { - yaml_body = <<-EOF - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: "kubevirt-exportproxy-certs" - labels: ${jsonencode(local.common-labels)} - namespace: ${var.namespace} - spec: - dnsNames: - - virt-exportproxy - - virt-exportproxy.${var.namespace} - - virt-exportproxy.${var.namespace}.svc - - virt-exportproxy.${var.namespace}.svc.cluster.local - issuerRef: - kind: Issuer - name: kubevirt-ca - secretName: kubevirt-exportproxy-certs - subject: - organizationalUnits: - - kubevirt-virt-controller - EOF -} -resource "kubectl_manifest" "kubevirt-operator-certs" { - yaml_body = <<-EOF - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: "kubevirt-operator-certs" - labels: ${jsonencode(local.common-labels)} - namespace: ${var.namespace} - spec: - dnsNames: - - kubevirt-operator-webhook - - kubevirt-operator-webhook.${var.namespace} - - kubevirt-operator-webhook.${var.namespace}.svc - - kubevirt-operator-webhook.${var.namespace}.svc.cluster.local - issuerRef: - kind: Issuer - name: kubevirt-ca - secretName: kubevirt-operator-certs - subject: - organizationalUnits: - - kubevirt-operator-webhook - EOF -} -resource "kubectl_manifest" "kubevirt-virt-handler-server-certs" { - yaml_body = <<-EOF - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: "kubevirt-virt-handler-server-certs" - labels: ${jsonencode(local.common-labels)} - namespace: ${var.namespace} - spec: - dnsNames: - - virt-handler - - virt-handler.${var.namespace} - - virt-handler.${var.namespace}.svc - - virt-handler.${var.namespace}.svc.cluster.local - issuerRef: - kind: Issuer - name: kubevirt-ca - secretName: kubevirt-virt-handler-server-certs - subject: - organizationalUnits: - - kubevirt-virt-handler - EOF -} -resource "kubectl_manifest" "kubevirt-virt-handler-certs" { - yaml_body = <<-EOF - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: "kubevirt-virt-handler-certs" - labels: ${jsonencode(local.common-labels)} - namespace: ${var.namespace} - spec: - usages: - - digital signature - - client auth - commonName: "kubevirt-virt-handler-certs" - issuerRef: - kind: Issuer - name: kubevirt-ca - secretName: kubevirt-virt-handler-certs - subject: - organizationalUnits: - - kubevirt-virt-handler-certs - EOF -} diff --git a/virt/kubevirt/common.tf b/virt/kubevirt/common.tf new file mode 100644 index 0000000..ef3c93f --- /dev/null +++ b/virt/kubevirt/common.tf @@ -0,0 +1,12 @@ + +locals { + common-labels = { + "vynil.solidite.fr/owner-name" = var.instance + "vynil.solidite.fr/owner-namespace" = var.namespace + "vynil.solidite.fr/owner-category" = var.category + "vynil.solidite.fr/owner-component" = var.component + "app.kubernetes.io/managed-by" = "vynil" + "app.kubernetes.io/name" = var.component + "app.kubernetes.io/instance" = var.instance + } +} diff --git a/virt/kubevirt/cr_KubeVirt.tf b/virt/kubevirt/cr_KubeVirt.tf new file mode 100644 index 0000000..48aa743 --- /dev/null +++ b/virt/kubevirt/cr_KubeVirt.tf @@ -0,0 +1,20 @@ +resource "kubectl_manifest" "KubeVirt_kubevirt" { + yaml_body = <<-EOF + apiVersion: kubevirt.io/v1 + kind: KubeVirt + metadata: + name: kubevirt + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + labels: ${jsonencode(local.common-labels)} + spec: + certificateRotateStrategy: {} + configuration: + developerConfiguration: + featureGates: [] + customizeComponents: {} + imagePullPolicy: IfNotPresent + workloadUpdateStrategy: {} +EOF +} + diff --git a/virt/kubevirt/datas.tf b/virt/kubevirt/datas.tf deleted file mode 100644 index 5e1ced4..0000000 --- a/virt/kubevirt/datas.tf +++ /dev/null @@ -1,52 +0,0 @@ - -locals { - common-labels = { - "vynil.solidite.fr/owner-name" = var.instance - "vynil.solidite.fr/owner-namespace" = var.namespace - "vynil.solidite.fr/owner-category" = var.category - "vynil.solidite.fr/owner-component" = var.component - "app.kubernetes.io/managed-by" = "vynil" - "app.kubernetes.io/name" = var.component - "app.kubernetes.io/instance" = var.instance - } -} - -data "kustomization_overlay" "data" { - common_labels = local.common-labels - resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"] - images { - name = "quay.io/kubevirt/virt-handler" - new_name = "${var.images.handler.registry}/${var.images.handler.repository}" - new_tag = "${var.images.handler.tag}" - } - images { - name = "quay.io/kubevirt/virt-api" - new_name = "${var.images.api.registry}/${var.images.api.repository}" - new_tag = "${var.images.api.tag}" - } - images { - name = "quay.io/kubevirt/virt-controller" - new_name = "${var.images.controller.registry}/${var.images.controller.repository}" - new_tag = "${var.images.controller.tag}" - } - patches { - target { - kind = "Deployment" - name = "virt-controller" - } - patch = <<-EOF - - op: replace - path: /spec/template/spec/containers/0/imagePullPolicy - value: "${var.images.controller.pull_policy}" - - op: replace - path: /spec/template/spec/containers/0/image - value: "${var.images.controller.registry}/${var.images.controller.repository}:${var.images.controller.tag}" - - op: replace - path: /spec/template/spec/containers/0/args/1 - value: "${var.images.launcher.registry}/${var.images.launcher.repository}:${var.images.launcher.tag}" - - op: replace - path: /spec/template/spec/containers/0/args/3 - value: "${var.images.exportserver.registry}/${var.images.exportserver.repository}:${var.images.exportserver.tag}" - EOF - } -} diff --git a/virt/kubevirt/index.yaml b/virt/kubevirt/index.yaml index 19d7431..bc90b33 100644 --- a/virt/kubevirt/index.yaml +++ b/virt/kubevirt/index.yaml @@ -6,79 +6,26 @@ metadata: name: kubevirt description: null options: - duration: - default: 87660h - examples: - - 87660h - type: string images: default: - api: - registry: quay.io - repository: kubevirt/virt-api - tag: v1.2.0 - controller: + operator: pull_policy: IfNotPresent registry: quay.io - repository: kubevirt/virt-controller - tag: v1.2.0 - exportserver: - registry: quay.io - repository: kubevirt/virt-exportserver - tag: v1.2.0 - handler: - registry: quay.io - repository: kubevirt/virt-handler - tag: v1.2.0 - launcher: - registry: quay.io - repository: kubevirt/virt-launcher - tag: v1.2.0 + repository: kubevirt/virt-operator + tag: v1.3.1 examples: - - api: - registry: quay.io - repository: kubevirt/virt-api - tag: v1.2.0 - controller: + - operator: pull_policy: IfNotPresent registry: quay.io - repository: kubevirt/virt-controller - tag: v1.2.0 - exportserver: - registry: quay.io - repository: kubevirt/virt-exportserver - tag: v1.2.0 - handler: - registry: quay.io - repository: kubevirt/virt-handler - tag: v1.2.0 - launcher: - registry: quay.io - repository: kubevirt/virt-launcher - tag: v1.2.0 + repository: kubevirt/virt-operator + tag: v1.3.1 properties: - api: - default: - registry: quay.io - repository: kubevirt/virt-api - tag: v1.2.0 - properties: - registry: - default: quay.io - type: string - repository: - default: kubevirt/virt-api - type: string - tag: - default: v1.2.0 - type: string - type: object - controller: + operator: default: pull_policy: IfNotPresent registry: quay.io - repository: kubevirt/virt-controller - tag: v1.2.0 + repository: kubevirt/virt-operator + tag: v1.3.1 properties: pull_policy: default: IfNotPresent @@ -91,65 +38,14 @@ options: default: quay.io type: string repository: - default: kubevirt/virt-controller + default: kubevirt/virt-operator type: string tag: - default: v1.2.0 - type: string - type: object - exportserver: - default: - registry: quay.io - repository: kubevirt/virt-exportserver - tag: v1.2.0 - properties: - registry: - default: quay.io - type: string - repository: - default: kubevirt/virt-exportserver - type: string - tag: - default: v1.2.0 - type: string - type: object - handler: - default: - registry: quay.io - repository: kubevirt/virt-handler - tag: v1.2.0 - properties: - registry: - default: quay.io - type: string - repository: - default: kubevirt/virt-handler - type: string - tag: - default: v1.2.0 - type: string - type: object - launcher: - default: - registry: quay.io - repository: kubevirt/virt-launcher - tag: v1.2.0 - properties: - registry: - default: quay.io - type: string - repository: - default: kubevirt/virt-launcher - type: string - tag: - default: v1.2.0 + default: v1.3.1 type: string type: object type: object dependencies: -- dist: null - category: core - component: cert-manager - dist: null category: crd component: kubevirt diff --git a/virt/kubevirt/operator_PriorityClass.tf b/virt/kubevirt/operator_PriorityClass.tf new file mode 100644 index 0000000..bb8d7ed --- /dev/null +++ b/virt/kubevirt/operator_PriorityClass.tf @@ -0,0 +1,13 @@ +resource "kubectl_manifest" "PriorityClass_kubevirt-cluster-critical" { + yaml_body = <<-EOF + apiVersion: scheduling.k8s.io/v1 + kind: PriorityClass + metadata: + name: kubevirt-cluster-critical + labels: ${jsonencode(local.common-labels)} + value: 1000000000 + globalDefault: false + description: This priority class should be used for core kubevirt components only. +EOF +} + diff --git a/virt/kubevirt/operator_rbac.tf b/virt/kubevirt/operator_rbac.tf new file mode 100644 index 0000000..2777516 --- /dev/null +++ b/virt/kubevirt/operator_rbac.tf @@ -0,0 +1,1269 @@ +resource "kubectl_manifest" "RoleBinding_kubevirt-operator-rolebinding" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: ${jsonencode(local.common-labels)} + name: kubevirt-operator-rolebinding + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubevirt-operator + subjects: + - kind: ServiceAccount + name: kubevirt-operator + namespace: ${var.namespace} +EOF +} + +resource "kubectl_manifest" "Role_kubevirt-operator" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: ${jsonencode(local.common-labels)} + name: kubevirt-operator + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + rules: + - apiGroups: + - '' + resourceNames: + - kubevirt-ca + - kubevirt-export-ca + - kubevirt-virt-handler-certs + - kubevirt-virt-handler-server-certs + - kubevirt-operator-certs + - kubevirt-virt-api-certs + - kubevirt-controller-certs + - kubevirt-exportproxy-certs + resources: + - secrets + verbs: + - create + - get + - list + - watch + - patch + - delete + - apiGroups: + - '' + resources: + - configmaps + verbs: + - create + - get + - list + - watch + - patch + - delete + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - get + - list + - watch + - patch + - delete + - apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - delete + - update + - create + - patch + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - list + - get + - watch + - apiGroups: + - '' + resources: + - secrets + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - get + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - delete + - update + - create + - patch + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - '' + resourceNames: + - kubevirt-export-ca + resources: + - configmaps + verbs: + - get + - list + - watch +EOF +} + +resource "kubectl_manifest" "ServiceAccount_kubevirt-operator" { + yaml_body = <<-EOF + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: ${jsonencode(local.common-labels)} + name: kubevirt-operator + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} +EOF +} + +resource "kubectl_manifest" "ClusterRole_kubevirt_io_operator" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: kubevirt.io:operator + labels: ${jsonencode(local.common-labels)} + rules: + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection +EOF +} + +resource "kubectl_manifest" "ClusterRole_kubevirt-operator" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: ${jsonencode(local.common-labels)} + name: kubevirt-operator + rules: + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - watch + - patch + - update + - patch + - apiGroups: + - '' + resources: + - serviceaccounts + - services + - endpoints + - pods/exec + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - apiGroups: + - '' + resources: + - configmaps + verbs: + - patch + - delete + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - delete + - patch + - apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - watch + - list + - create + - delete + - patch + - apiGroups: + - apps + resources: + - deployments + - daemonsets + verbs: + - get + - list + - watch + - create + - delete + - patch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - delete + - patch + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - create + - get + - list + - watch + - apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - get + - patch + - update + - apiGroups: + - security.openshift.io + resourceNames: + - kubevirt-handler + - kubevirt-controller + resources: + - securitycontextconstraints + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + - validatingadmissionpolicybindings + - validatingadmissionpolicies + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + - prometheusrules + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - '' + resources: + - namespaces + verbs: + - get + - list + - watch + - patch + - apiGroups: + - '' + resources: + - pods + verbs: + - get + - list + - delete + - patch + - apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + verbs: + - get + - list + - watch + - patch + - update + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - get + - apiGroups: + - kubevirt.io + resources: + - virtualmachines/status + verbs: + - patch + - apiGroups: + - kubevirt.io + resources: + - virtualmachineinstancemigrations + verbs: + - create + - get + - list + - watch + - patch + - apiGroups: + - kubevirt.io + resources: + - virtualmachineinstancepresets + verbs: + - watch + - list + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - limitranges + verbs: + - watch + - list + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.kubevirt.io + resources: + - virtualmachinesnapshots + - virtualmachinerestores + - virtualmachinesnapshotcontents + verbs: + - get + - list + - watch + - apiGroups: + - cdi.kubevirt.io + resources: + - datasources + - datavolumes + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences + verbs: + - get + - list + - watch + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - create + - list + - get + - apiGroups: + - '' + resources: + - namespaces + verbs: + - get + - list + - watch + - patch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - delete + - create + - patch + - apiGroups: + - '' + resources: + - pods + - configmaps + - endpoints + - services + verbs: + - get + - list + - watch + - delete + - update + - create + - patch + - apiGroups: + - '' + resources: + - events + verbs: + - update + - create + - patch + - apiGroups: + - '' + resources: + - secrets + verbs: + - create + - apiGroups: + - '' + resources: + - pods/finalizers + verbs: + - update + - apiGroups: + - '' + resources: + - pods/eviction + verbs: + - create + - apiGroups: + - '' + resources: + - pods/status + verbs: + - patch + - apiGroups: + - '' + resources: + - nodes + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - list + - apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - watch + - list + - create + - delete + - get + - update + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - apiGroups: + - snapshot.kubevirt.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - export.kubevirt.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - pool.kubevirt.io + resources: + - virtualmachinepools + - virtualmachinepools/finalizers + - virtualmachinepools/status + - virtualmachinepools/scale + verbs: + - watch + - list + - create + - delete + - update + - patch + - get + - apiGroups: + - kubevirt.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/addvolume + - virtualmachineinstances/removevolume + - virtualmachineinstances/freeze + - virtualmachineinstances/unfreeze + - virtualmachineinstances/softreboot + - virtualmachineinstances/sev/setupsession + - virtualmachineinstances/sev/injectlaunchsecret + verbs: + - update + - apiGroups: + - cdi.kubevirt.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences + verbs: + - get + - list + - watch + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + - virtualmachineclones/status + - virtualmachineclones/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiGroups: + - '' + resources: + - namespaces + verbs: + - get + - apiGroups: + - '' + resources: + - resourcequotas + verbs: + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - virtualmachineinstances + verbs: + - update + - list + - watch + - apiGroups: + - '' + resources: + - nodes + verbs: + - patch + - list + - watch + - get + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - events + verbs: + - create + - patch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - watch + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - export.kubevirt.io + resources: + - virtualmachineexports + verbs: + - get + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - apiGroups: + - subresources.kubevirt.io + resources: + - version + - guestfs + verbs: + - get + - list + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/console + - virtualmachineinstances/vnc + - virtualmachineinstances/vnc/screenshot + - virtualmachineinstances/portforward + - virtualmachineinstances/guestosinfo + - virtualmachineinstances/filesystemlist + - virtualmachineinstances/userlist + - virtualmachineinstances/sev/fetchcertchain + - virtualmachineinstances/sev/querylaunchmeasurement + verbs: + - get + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/pause + - virtualmachineinstances/unpause + - virtualmachineinstances/addvolume + - virtualmachineinstances/removevolume + - virtualmachineinstances/freeze + - virtualmachineinstances/unfreeze + - virtualmachineinstances/softreboot + - virtualmachineinstances/sev/setupsession + - virtualmachineinstances/sev/injectlaunchsecret + verbs: + - update + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/expand-spec + - virtualmachines/portforward + verbs: + - get + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/start + - virtualmachines/stop + - virtualmachines/restart + - virtualmachines/addvolume + - virtualmachines/removevolume + - virtualmachines/migrate + - virtualmachines/memorydump + verbs: + - update + - apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec + verbs: + - update + - apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + - virtualmachineinstancepresets + - virtualmachineinstancereplicasets + - virtualmachineinstancemigrations + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - snapshot.kubevirt.io + resources: + - virtualmachinesnapshots + - virtualmachinesnapshotcontents + - virtualmachinerestores + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - export.kubevirt.io + resources: + - virtualmachineexports + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - pool.kubevirt.io + resources: + - virtualmachinepools + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/console + - virtualmachineinstances/vnc + - virtualmachineinstances/vnc/screenshot + - virtualmachineinstances/portforward + - virtualmachineinstances/guestosinfo + - virtualmachineinstances/filesystemlist + - virtualmachineinstances/userlist + - virtualmachineinstances/sev/fetchcertchain + - virtualmachineinstances/sev/querylaunchmeasurement + verbs: + - get + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/pause + - virtualmachineinstances/unpause + - virtualmachineinstances/addvolume + - virtualmachineinstances/removevolume + - virtualmachineinstances/freeze + - virtualmachineinstances/unfreeze + - virtualmachineinstances/softreboot + - virtualmachineinstances/sev/setupsession + - virtualmachineinstances/sev/injectlaunchsecret + verbs: + - update + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/expand-spec + - virtualmachines/portforward + verbs: + - get + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/start + - virtualmachines/stop + - virtualmachines/restart + - virtualmachines/addvolume + - virtualmachines/removevolume + - virtualmachines/migrate + - virtualmachines/memorydump + verbs: + - update + - apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec + verbs: + - update + - apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + - virtualmachineinstancepresets + - virtualmachineinstancereplicasets + - virtualmachineinstancemigrations + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - snapshot.kubevirt.io + resources: + - virtualmachinesnapshots + - virtualmachinesnapshotcontents + - virtualmachinerestores + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - export.kubevirt.io + resources: + - virtualmachineexports + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - pool.kubevirt.io + resources: + - virtualmachinepools + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/expand-spec + - virtualmachineinstances/guestosinfo + - virtualmachineinstances/filesystemlist + - virtualmachineinstances/userlist + - virtualmachineinstances/sev/fetchcertchain + - virtualmachineinstances/sev/querylaunchmeasurement + verbs: + - get + - apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec + verbs: + - update + - apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + - virtualmachineinstancepresets + - virtualmachineinstancereplicasets + - virtualmachineinstancemigrations + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.kubevirt.io + resources: + - virtualmachinesnapshots + - virtualmachinesnapshotcontents + - virtualmachinerestores + verbs: + - get + - list + - watch + - apiGroups: + - export.kubevirt.io + resources: + - virtualmachineexports + verbs: + - get + - list + - watch + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences + verbs: + - get + - list + - watch + - apiGroups: + - pool.kubevirt.io + resources: + - virtualmachinepools + verbs: + - get + - list + - watch + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineclusterinstancetypes + - virtualmachineclusterpreferences + verbs: + - get + - list + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +EOF +} + +resource "kubectl_manifest" "ClusterRoleBinding_kubevirt-operator" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: ${jsonencode(local.common-labels)} + name: kubevirt-operator + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubevirt-operator + subjects: + - kind: ServiceAccount + name: kubevirt-operator + namespace: ${var.namespace} +EOF +} + diff --git a/virt/kubevirt/operator_workload.tf b/virt/kubevirt/operator_workload.tf new file mode 100644 index 0000000..4034ed1 --- /dev/null +++ b/virt/kubevirt/operator_workload.tf @@ -0,0 +1,108 @@ +resource "kubectl_manifest" "Deployment_virt-operator" { + yaml_body = <<-EOF + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: ${jsonencode(local.common-labels)} + name: virt-operator + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + spec: + replicas: 1 + selector: + matchLabels: + kubevirt.io: virt-operator + strategy: + type: RollingUpdate + template: + metadata: + labels: + kubevirt.io: virt-operator + name: virt-operator + prometheus.kubevirt.io: 'true' + name: virt-operator + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: kubevirt.io + operator: In + values: + - virt-operator + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - args: + - --port + - '8443' + - -v + - '2' + command: + - virt-operator + env: + - name: VIRT_OPERATOR_IMAGE + value: ${var.images.operator.registry}/${var.images.operator.repository}:${var.images.operator.tag} + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: KUBEVIRT_VERSION + value: ${var.images.operator.tag} + image: ${var.images.operator.registry}/${var.images.operator.repository}:${var.images.operator.tag} + imagePullPolicy: ${var.images.operator.pull_policy} + name: virt-operator + ports: + - containerPort: 8443 + name: metrics + protocol: TCP + - containerPort: 8444 + name: webhooks + protocol: TCP + readinessProbe: + httpGet: + path: /metrics + port: 8443 + scheme: HTTPS + initialDelaySeconds: 5 + timeoutSeconds: 10 + resources: + requests: + cpu: 10m + memory: 450Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/virt-operator/certificates + name: kubevirt-operator-certs + readOnly: true + - mountPath: /profile-data + name: profile-data + nodeSelector: + kubernetes.io/os: linux + priorityClassName: kubevirt-cluster-critical + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: kubevirt-operator + tolerations: + - key: CriticalAddonsOnly + operator: Exists + volumes: + - name: kubevirt-operator-certs + secret: + optional: true + secretName: kubevirt-operator-certs + - emptyDir: {} + name: profile-data +EOF +} + diff --git a/virt/kubevirt/policy_v1_PodDisruptionBudget_virt-controller-pdb.yaml.hbs b/virt/kubevirt/policy_v1_PodDisruptionBudget_virt-controller-pdb.yaml.hbs deleted file mode 100644 index b7573a4..0000000 --- a/virt/kubevirt/policy_v1_PodDisruptionBudget_virt-controller-pdb.yaml.hbs +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: virt-controller-pdb - name: virt-controller-pdb - namespace: "{{ namespace }}" -spec: - minAvailable: 1 - selector: - matchLabels: - kubevirt.io: virt-controller \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-apiserver-auth-delegator.yaml.hbs b/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-apiserver-auth-delegator.yaml.hbs deleted file mode 100644 index 13b48d3..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-apiserver-auth-delegator.yaml.hbs +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-apiserver-auth-delegator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: - - kind: ServiceAccount - name: kubevirt-apiserver - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-apiserver.yaml.hbs b/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-apiserver.yaml.hbs deleted file mode 100644 index 5a5b168..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-apiserver.yaml.hbs +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-apiserver -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubevirt-apiserver -subjects: - - kind: ServiceAccount - name: kubevirt-apiserver - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-controller.yaml.hbs b/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-controller.yaml.hbs deleted file mode 100644 index 3824594..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-controller.yaml.hbs +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubevirt-controller -subjects: - - kind: ServiceAccount - name: kubevirt-controller - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-exportproxy.yaml.hbs b/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-exportproxy.yaml.hbs deleted file mode 100644 index 160e5b0..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-exportproxy.yaml.hbs +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-exportproxy -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubevirt-exportproxy -subjects: - - kind: ServiceAccount - name: kubevirt-exportproxy - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-handler.yaml.hbs b/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-handler.yaml.hbs deleted file mode 100644 index 20aeaa0..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-handler.yaml.hbs +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-handler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubevirt-handler -subjects: - - kind: ServiceAccount - name: kubevirt-handler - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt.io:default.yaml b/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt.io:default.yaml deleted file mode 100644 index b1ef062..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt.io:default.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - rbac.authorization.kubernetes.io/autoupdate: "true" - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt.io:default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubevirt.io:default -subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:authenticated - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:unauthenticated \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_instancetype.kubevirt.io:view.yaml b/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_instancetype.kubevirt.io:view.yaml deleted file mode 100644 index d8e69d7..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_instancetype.kubevirt.io:view.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - name: instancetype.kubevirt.io:view -rules: - - apiGroups: - - instancetype.kubevirt.io - resources: - - virtualmachineclusterinstancetypes - - virtualmachineclusterpreferences - verbs: - - get - - list - - watch \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt-apiserver.yaml b/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt-apiserver.yaml deleted file mode 100644 index 4d82c73..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt-apiserver.yaml +++ /dev/null @@ -1,143 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-apiserver -rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - delete - - patch - - apiGroups: - - kubevirt.io - resources: - - virtualmachines - - virtualmachineinstances - verbs: - - get - - list - - watch - - patch - - update - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - apiGroups: - - kubevirt.io - resources: - - virtualmachines/status - verbs: - - patch - - apiGroups: - - kubevirt.io - resources: - - virtualmachineinstancemigrations - verbs: - - create - - get - - list - - watch - - patch - - apiGroups: - - kubevirt.io - resources: - - virtualmachineinstancepresets - verbs: - - watch - - list - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - limitranges - verbs: - - watch - - list - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - kubevirt.io - resources: - - kubevirts - verbs: - - get - - list - - watch - - apiGroups: - - snapshot.kubevirt.io - resources: - - virtualmachinesnapshots - - virtualmachinerestores - - virtualmachinesnapshotcontents - verbs: - - get - - list - - watch - - apiGroups: - - cdi.kubevirt.io - resources: - - datasources - - datavolumes - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - instancetype.kubevirt.io - resources: - - virtualmachineinstancetypes - - virtualmachineclusterinstancetypes - - virtualmachinepreferences - - virtualmachineclusterpreferences - verbs: - - get - - list - - watch - - apiGroups: - - migrations.kubevirt.io - resources: - - migrationpolicies - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - create - - list - - get \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt-controller.yaml b/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt-controller.yaml deleted file mode 100644 index 76e0776..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt-controller.yaml +++ /dev/null @@ -1,258 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-controller -rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - - patch - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - delete - - create - - patch - - apiGroups: - - "" - resources: - - pods - - configmaps - - endpoints - - services - verbs: - - get - - list - - watch - - delete - - update - - create - - patch - - apiGroups: - - "" - resources: - - events - verbs: - - update - - create - - patch - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - apiGroups: - - "" - resources: - - pods/finalizers - verbs: - - update - - apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create - - apiGroups: - - "" - resources: - - pods/status - verbs: - - patch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - update - - patch - - apiGroups: - - apps - resources: - - daemonsets - verbs: - - list - - apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - watch - - list - - create - - delete - - get - - update - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch - - create - - update - - delete - - patch - - apiGroups: - - snapshot.kubevirt.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - export.kubevirt.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - pool.kubevirt.io - resources: - - virtualmachinepools - - virtualmachinepools/finalizers - - virtualmachinepools/status - - virtualmachinepools/scale - verbs: - - watch - - list - - create - - delete - - update - - patch - - get - - apiGroups: - - kubevirt.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - subresources.kubevirt.io - resources: - - virtualmachineinstances/addvolume - - virtualmachineinstances/removevolume - - virtualmachineinstances/freeze - - virtualmachineinstances/unfreeze - - virtualmachineinstances/softreboot - verbs: - - update - - apiGroups: - - cdi.kubevirt.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - k8s.cni.cncf.io - resources: - - network-attachment-definitions - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - get - - list - - watch - - create - - update - - delete - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: - - instancetype.kubevirt.io - resources: - - virtualmachineinstancetypes - - virtualmachineclusterinstancetypes - - virtualmachinepreferences - - virtualmachineclusterpreferences - verbs: - - get - - list - - watch - - apiGroups: - - migrations.kubevirt.io - resources: - - migrationpolicies - verbs: - - get - - list - - watch - - apiGroups: - - clone.kubevirt.io - resources: - - virtualmachineclones - - virtualmachineclones/status - - virtualmachineclones/finalizers - verbs: - - get - - list - - watch - - update - - patch - - delete - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - apiGroups: - - "" - resources: - - resourcequotas - verbs: - - list - - watch \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt-exportproxy.yaml b/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt-exportproxy.yaml deleted file mode 100644 index 56519ca..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt-exportproxy.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-exportproxy -rules: - - apiGroups: - - export.kubevirt.io - resources: - - virtualmachineexports - verbs: - - get - - list - - watch - - apiGroups: - - kubevirt.io - resources: - - kubevirts - verbs: - - list - - watch \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt-handler.yaml b/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt-handler.yaml deleted file mode 100644 index 2575202..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt-handler.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-handler -rules: - - apiGroups: - - kubevirt.io - resources: - - virtualmachineinstances - verbs: - - update - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - patch - - list - - watch - - get - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - kubevirt.io - resources: - - kubevirts - verbs: - - get - - list - - watch - - apiGroups: - - migrations.kubevirt.io - resources: - - migrationpolicies - verbs: - - get - - list - - watch \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt.io:admin.yaml b/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt.io:admin.yaml deleted file mode 100644 index 1fe8634..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt.io:admin.yaml +++ /dev/null @@ -1,155 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - rbac.authorization.k8s.io/aggregate-to-admin: "true" - name: kubevirt.io:admin -rules: - - apiGroups: - - subresources.kubevirt.io - resources: - - virtualmachineinstances/console - - virtualmachineinstances/vnc - - virtualmachineinstances/vnc/screenshot - - virtualmachineinstances/portforward - - virtualmachineinstances/guestosinfo - - virtualmachineinstances/filesystemlist - - virtualmachineinstances/userlist - verbs: - - get - - apiGroups: - - subresources.kubevirt.io - resources: - - virtualmachineinstances/pause - - virtualmachineinstances/unpause - - virtualmachineinstances/addvolume - - virtualmachineinstances/removevolume - - virtualmachineinstances/freeze - - virtualmachineinstances/unfreeze - - virtualmachineinstances/softreboot - verbs: - - update - - apiGroups: - - subresources.kubevirt.io - resources: - - virtualmachines/expand-spec - - virtualmachines/portforward - verbs: - - get - - apiGroups: - - subresources.kubevirt.io - resources: - - virtualmachines/start - - virtualmachines/stop - - virtualmachines/restart - - virtualmachines/addvolume - - virtualmachines/removevolume - - virtualmachines/migrate - - virtualmachines/memorydump - - virtualmachines/addinterface - verbs: - - update - - apiGroups: - - subresources.kubevirt.io - resources: - - expand-vm-spec - verbs: - - update - - apiGroups: - - kubevirt.io - resources: - - virtualmachines - - virtualmachineinstances - - virtualmachineinstancepresets - - virtualmachineinstancereplicasets - - virtualmachineinstancemigrations - verbs: - - get - - delete - - create - - update - - patch - - list - - watch - - deletecollection - - apiGroups: - - snapshot.kubevirt.io - resources: - - virtualmachinesnapshots - - virtualmachinesnapshotcontents - - virtualmachinerestores - verbs: - - get - - delete - - create - - update - - patch - - list - - watch - - deletecollection - - apiGroups: - - export.kubevirt.io - resources: - - virtualmachineexports - verbs: - - get - - delete - - create - - update - - patch - - list - - watch - - deletecollection - - apiGroups: - - clone.kubevirt.io - resources: - - virtualmachineclones - verbs: - - get - - delete - - create - - update - - patch - - list - - watch - - deletecollection - - apiGroups: - - instancetype.kubevirt.io - resources: - - virtualmachineinstancetypes - - virtualmachineclusterinstancetypes - - virtualmachinepreferences - - virtualmachineclusterpreferences - verbs: - - get - - delete - - create - - update - - patch - - list - - watch - - deletecollection - - apiGroups: - - pool.kubevirt.io - resources: - - virtualmachinepools - verbs: - - get - - delete - - create - - update - - patch - - list - - watch - - deletecollection - - apiGroups: - - migrations.kubevirt.io - resources: - - migrationpolicies - verbs: - - get - - list - - watch \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt.io:default.yaml b/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt.io:default.yaml deleted file mode 100644 index e4008d5..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt.io:default.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.kubernetes.io/autoupdate: "true" - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubernetes.io/bootstrapping: rbac-defaults - kubevirt.io: "" - name: kubevirt.io:default -rules: - - apiGroups: - - subresources.kubevirt.io - resources: - - version - - guestfs - verbs: - - get - - list \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt.io:edit.yaml b/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt.io:edit.yaml deleted file mode 100644 index 464bacc..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt.io:edit.yaml +++ /dev/null @@ -1,156 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - name: kubevirt.io:edit -rules: - - apiGroups: - - subresources.kubevirt.io - resources: - - virtualmachineinstances/console - - virtualmachineinstances/vnc - - virtualmachineinstances/vnc/screenshot - - virtualmachineinstances/portforward - - virtualmachineinstances/guestosinfo - - virtualmachineinstances/filesystemlist - - virtualmachineinstances/userlist - verbs: - - get - - apiGroups: - - subresources.kubevirt.io - resources: - - virtualmachineinstances/pause - - virtualmachineinstances/unpause - - virtualmachineinstances/addvolume - - virtualmachineinstances/removevolume - - virtualmachineinstances/freeze - - virtualmachineinstances/unfreeze - - virtualmachineinstances/softreboot - verbs: - - update - - apiGroups: - - subresources.kubevirt.io - resources: - - virtualmachines/expand-spec - - virtualmachines/portforward - verbs: - - get - - apiGroups: - - subresources.kubevirt.io - resources: - - virtualmachines/start - - virtualmachines/stop - - virtualmachines/restart - - virtualmachines/addvolume - - virtualmachines/removevolume - - virtualmachines/migrate - - virtualmachines/memorydump - - virtualmachines/addinterface - verbs: - - update - - apiGroups: - - subresources.kubevirt.io - resources: - - expand-vm-spec - verbs: - - update - - apiGroups: - - kubevirt.io - resources: - - virtualmachines - - virtualmachineinstances - - virtualmachineinstancepresets - - virtualmachineinstancereplicasets - - virtualmachineinstancemigrations - verbs: - - get - - delete - - create - - update - - patch - - list - - watch - - apiGroups: - - snapshot.kubevirt.io - resources: - - virtualmachinesnapshots - - virtualmachinesnapshotcontents - - virtualmachinerestores - verbs: - - get - - delete - - create - - update - - patch - - list - - watch - - apiGroups: - - export.kubevirt.io - resources: - - virtualmachineexports - verbs: - - get - - delete - - create - - update - - patch - - list - - watch - - apiGroups: - - clone.kubevirt.io - resources: - - virtualmachineclones - verbs: - - get - - delete - - create - - update - - patch - - list - - watch - - apiGroups: - - instancetype.kubevirt.io - resources: - - virtualmachineinstancetypes - - virtualmachineclusterinstancetypes - - virtualmachinepreferences - - virtualmachineclusterpreferences - verbs: - - get - - delete - - create - - update - - patch - - list - - watch - - apiGroups: - - pool.kubevirt.io - resources: - - virtualmachinepools - verbs: - - get - - delete - - create - - update - - patch - - list - - watch - - apiGroups: - - kubevirt.io - resources: - - kubevirts - verbs: - - get - - list - - apiGroups: - - migrations.kubevirt.io - resources: - - migrationpolicies - verbs: - - get - - list - - watch \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt.io:view.yaml b/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt.io:view.yaml deleted file mode 100644 index 71ca50c..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt.io:view.yaml +++ /dev/null @@ -1,90 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: kubevirt.io:view -rules: - - apiGroups: - - subresources.kubevirt.io - resources: - - virtualmachines/expand-spec - - virtualmachineinstances/guestosinfo - - virtualmachineinstances/filesystemlist - - virtualmachineinstances/userlist - verbs: - - get - - apiGroups: - - subresources.kubevirt.io - resources: - - expand-vm-spec - verbs: - - update - - apiGroups: - - kubevirt.io - resources: - - virtualmachines - - virtualmachineinstances - - virtualmachineinstancepresets - - virtualmachineinstancereplicasets - - virtualmachineinstancemigrations - verbs: - - get - - list - - watch - - apiGroups: - - snapshot.kubevirt.io - resources: - - virtualmachinesnapshots - - virtualmachinesnapshotcontents - - virtualmachinerestores - verbs: - - get - - list - - watch - - apiGroups: - - export.kubevirt.io - resources: - - virtualmachineexports - verbs: - - get - - list - - watch - - apiGroups: - - clone.kubevirt.io - resources: - - virtualmachineclones - verbs: - - get - - list - - watch - - apiGroups: - - instancetype.kubevirt.io - resources: - - virtualmachineinstancetypes - - virtualmachineclusterinstancetypes - - virtualmachinepreferences - - virtualmachineclusterpreferences - verbs: - - get - - list - - watch - - apiGroups: - - pool.kubevirt.io - resources: - - virtualmachinepools - verbs: - - get - - list - - watch - - apiGroups: - - migrations.kubevirt.io - resources: - - migrationpolicies - verbs: - - get - - list - - watch \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_RoleBinding_kubevirt-apiserver.yaml.hbs b/virt/kubevirt/rbac.authorization.k8s.io_v1_RoleBinding_kubevirt-apiserver.yaml.hbs deleted file mode 100644 index 3707231..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_RoleBinding_kubevirt-apiserver.yaml.hbs +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-apiserver - namespace: "{{ namespace }}" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubevirt-apiserver -subjects: - - kind: ServiceAccount - name: kubevirt-apiserver - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_RoleBinding_kubevirt-controller.yaml.hbs b/virt/kubevirt/rbac.authorization.k8s.io_v1_RoleBinding_kubevirt-controller.yaml.hbs deleted file mode 100644 index 414edb1..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_RoleBinding_kubevirt-controller.yaml.hbs +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-controller - namespace: "{{ namespace }}" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubevirt-controller -subjects: - - kind: ServiceAccount - name: kubevirt-controller - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_RoleBinding_kubevirt-exportproxy.yaml.hbs b/virt/kubevirt/rbac.authorization.k8s.io_v1_RoleBinding_kubevirt-exportproxy.yaml.hbs deleted file mode 100644 index 39eb30d..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_RoleBinding_kubevirt-exportproxy.yaml.hbs +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-exportproxy - namespace: "{{ namespace }}" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubevirt-exportproxy -subjects: - - kind: ServiceAccount - name: kubevirt-exportproxy - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_RoleBinding_kubevirt-handler.yaml.hbs b/virt/kubevirt/rbac.authorization.k8s.io_v1_RoleBinding_kubevirt-handler.yaml.hbs deleted file mode 100644 index a868995..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_RoleBinding_kubevirt-handler.yaml.hbs +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-handler - namespace: "{{ namespace }}" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubevirt-handler -subjects: - - kind: ServiceAccount - name: kubevirt-handler - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_Role_kubevirt-apiserver.yaml.hbs b/virt/kubevirt/rbac.authorization.k8s.io_v1_Role_kubevirt-apiserver.yaml.hbs deleted file mode 100644 index ad660e3..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_Role_kubevirt-apiserver.yaml.hbs +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-apiserver - namespace: "{{ namespace }}" -rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_Role_kubevirt-controller.yaml.hbs b/virt/kubevirt/rbac.authorization.k8s.io_v1_Role_kubevirt-controller.yaml.hbs deleted file mode 100644 index 1e60f89..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_Role_kubevirt-controller.yaml.hbs +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-controller - namespace: "{{ namespace }}" -rules: - - apiGroups: - - route.openshift.io - resources: - - routes - verbs: - - list - - get - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - list - - get - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - list - - get - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - delete - - update - - create - - patch \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_Role_kubevirt-exportproxy.yaml.hbs b/virt/kubevirt/rbac.authorization.k8s.io_v1_Role_kubevirt-exportproxy.yaml.hbs deleted file mode 100644 index 043e071..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_Role_kubevirt-exportproxy.yaml.hbs +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-exportproxy - namespace: "{{ namespace }}" -rules: - - apiGroups: - - "" - resourceNames: - - kubevirt-export-ca - resources: - - configmaps - verbs: - - get - - list - - watch \ No newline at end of file diff --git a/virt/kubevirt/rbac.authorization.k8s.io_v1_Role_kubevirt-handler.yaml.hbs b/virt/kubevirt/rbac.authorization.k8s.io_v1_Role_kubevirt-handler.yaml.hbs deleted file mode 100644 index 379a947..0000000 --- a/virt/kubevirt/rbac.authorization.k8s.io_v1_Role_kubevirt-handler.yaml.hbs +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-handler - namespace: "{{ namespace }}" -rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch \ No newline at end of file diff --git a/virt/kubevirt/scheduling.k8s.io_v1_PriorityClass_kubevirt-cluster-critical.yaml b/virt/kubevirt/scheduling.k8s.io_v1_PriorityClass_kubevirt-cluster-critical.yaml deleted file mode 100644 index ac3e1b7..0000000 --- a/virt/kubevirt/scheduling.k8s.io_v1_PriorityClass_kubevirt-cluster-critical.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for KubeVirt core components only. -kind: PriorityClass -metadata: - name: kubevirt-cluster-critical -preemptionPolicy: PreemptLowerPriority -value: 1000000000 \ No newline at end of file diff --git a/virt/kubevirt/v1_ServiceAccount_kubevirt-apiserver.yaml.hbs b/virt/kubevirt/v1_ServiceAccount_kubevirt-apiserver.yaml.hbs deleted file mode 100644 index f95f66d..0000000 --- a/virt/kubevirt/v1_ServiceAccount_kubevirt-apiserver.yaml.hbs +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-apiserver - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/kubevirt/v1_ServiceAccount_kubevirt-controller.yaml.hbs b/virt/kubevirt/v1_ServiceAccount_kubevirt-controller.yaml.hbs deleted file mode 100644 index 0dfc389..0000000 --- a/virt/kubevirt/v1_ServiceAccount_kubevirt-controller.yaml.hbs +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-controller - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/kubevirt/v1_ServiceAccount_kubevirt-exportproxy.yaml.hbs b/virt/kubevirt/v1_ServiceAccount_kubevirt-exportproxy.yaml.hbs deleted file mode 100644 index 352204a..0000000 --- a/virt/kubevirt/v1_ServiceAccount_kubevirt-exportproxy.yaml.hbs +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-exportproxy - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/kubevirt/v1_ServiceAccount_kubevirt-handler.yaml.hbs b/virt/kubevirt/v1_ServiceAccount_kubevirt-handler.yaml.hbs deleted file mode 100644 index 5e87736..0000000 --- a/virt/kubevirt/v1_ServiceAccount_kubevirt-handler.yaml.hbs +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - name: kubevirt-handler - namespace: "{{ namespace }}" \ No newline at end of file diff --git a/virt/kubevirt/v1_Service_kubevirt-operator-webhook.yaml.hbs b/virt/kubevirt/v1_Service_kubevirt-operator-webhook.yaml.hbs deleted file mode 100644 index 82b1598..0000000 --- a/virt/kubevirt/v1_Service_kubevirt-operator-webhook.yaml.hbs +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - prometheus.kubevirt.io: "true" - name: kubevirt-operator-webhook - namespace: "{{ namespace }}" -spec: - ports: - - name: webhooks - port: 443 - protocol: TCP - targetPort: webhooks - selector: - kubevirt.io: virt-operator - sessionAffinity: None - type: ClusterIP \ No newline at end of file diff --git a/virt/kubevirt/v1_Service_kubevirt-prometheus-metrics.yaml.hbs b/virt/kubevirt/v1_Service_kubevirt-prometheus-metrics.yaml.hbs deleted file mode 100644 index 16e530f..0000000 --- a/virt/kubevirt/v1_Service_kubevirt-prometheus-metrics.yaml.hbs +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: "" - prometheus.kubevirt.io: "true" - name: kubevirt-prometheus-metrics - namespace: "{{ namespace }}" -spec: - ports: - - name: metrics - port: 443 - protocol: TCP - targetPort: metrics - selector: - prometheus.kubevirt.io: "true" - sessionAffinity: None - type: ClusterIP \ No newline at end of file diff --git a/virt/kubevirt/v1_Service_virt-api.yaml.hbs b/virt/kubevirt/v1_Service_virt-api.yaml.hbs deleted file mode 100644 index 5c8f61c..0000000 --- a/virt/kubevirt/v1_Service_virt-api.yaml.hbs +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: virt-api - name: virt-api - namespace: "{{ namespace }}" -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 8443 - selector: - kubevirt.io: virt-api - sessionAffinity: None - type: ClusterIP \ No newline at end of file diff --git a/virt/kubevirt/v1_Service_virt-exportproxy.yaml.hbs b/virt/kubevirt/v1_Service_virt-exportproxy.yaml.hbs deleted file mode 100644 index 1af1d21..0000000 --- a/virt/kubevirt/v1_Service_virt-exportproxy.yaml.hbs +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: kubevirt - app.kubernetes.io/managed-by: virt-operator - kubevirt.io: virt-exportproxy - name: virt-exportproxy - namespace: "{{ namespace }}" -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 8443 - selector: - kubevirt.io: virt-exportproxy - sessionAffinity: None - type: ClusterIP \ No newline at end of file diff --git a/virt/multus/common.tf b/virt/multus/common.tf new file mode 100644 index 0000000..ef3c93f --- /dev/null +++ b/virt/multus/common.tf @@ -0,0 +1,12 @@ + +locals { + common-labels = { + "vynil.solidite.fr/owner-name" = var.instance + "vynil.solidite.fr/owner-namespace" = var.namespace + "vynil.solidite.fr/owner-category" = var.category + "vynil.solidite.fr/owner-component" = var.component + "app.kubernetes.io/managed-by" = "vynil" + "app.kubernetes.io/name" = var.component + "app.kubernetes.io/instance" = var.instance + } +} diff --git a/virt/multus/index.yaml b/virt/multus/index.yaml new file mode 100644 index 0000000..b6b9a94 --- /dev/null +++ b/virt/multus/index.yaml @@ -0,0 +1,78 @@ +--- +apiVersion: vinyl.solidite.fr/v1beta1 +kind: Component +category: virt +metadata: + name: multus + description: a CNI plugin capable of allocating several networks to pods +options: + cni: + default: + bin_dir: /opt/cni/bin + conf_dir: /etc/cni/net.d + examples: + - bin_dir: /opt/cni/bin + conf_dir: /etc/cni/net.d + properties: + bin_dir: + default: /opt/cni/bin + description: use /var/lib/rancher/k3s/data/current/bin for k3s + type: string + conf_dir: + default: /etc/cni/net.d + description: use /var/lib/rancher/k3s/agent/etc/cni/net.d for k3s + type: string + type: object + images: + default: + operator: + pull_policy: IfNotPresent + registry: ghcr.io + repository: k8snetworkplumbingwg/multus-cni + tag: v3.9.3 + examples: + - operator: + pull_policy: IfNotPresent + registry: ghcr.io + repository: k8snetworkplumbingwg/multus-cni + tag: v3.9.3 + properties: + operator: + default: + pull_policy: IfNotPresent + registry: ghcr.io + repository: k8snetworkplumbingwg/multus-cni + tag: v3.9.3 + properties: + pull_policy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: ghcr.io + type: string + repository: + default: k8snetworkplumbingwg/multus-cni + type: string + tag: + default: v3.9.3 + type: string + type: object + type: object +dependencies: +- dist: null + category: crd + component: multus +providers: + kubernetes: true + authentik: null + kubectl: true + postgresql: null + mysql: null + restapi: null + http: null + gitea: null +tfaddtype: null diff --git a/virt/multus/multus_ConfigMap.tf b/virt/multus/multus_ConfigMap.tf new file mode 100644 index 0000000..4f10ef4 --- /dev/null +++ b/virt/multus/multus_ConfigMap.tf @@ -0,0 +1,44 @@ +resource "kubectl_manifest" "ConfigMap_multus-cni-config" { + yaml_body = <<-EOF + kind: ConfigMap + apiVersion: v1 + metadata: + name: multus-cni-config + namespace: ${var.namespace} + labels: ${jsonencode(local.common-labels)} + ownerReferences: ${jsonencode(var.install_owner)} + data: + cni-conf.json: |- + { + "name": "multus-cni-network", + "type": "multus", + "capabilities": { + "portMappings": true + }, + "delegates": [ + { + "cniVersion": "0.3.1", + "name": "default-cni-network", + "plugins": [ + { + "type": "flannel", + "name": "flannel.1", + "delegate": { + "isDefaultGateway": true, + "hairpinMode": true + } + }, + { + "type": "portmap", + "capabilities": { + "portMappings": true + } + } + ] + } + ], + "kubeconfig": "${var.cni.conf_dir}/multus.d/multus.kubeconfig" + } +EOF +} + diff --git a/virt/multus/multus_rbac.tf b/virt/multus/multus_rbac.tf new file mode 100644 index 0000000..e217c92 --- /dev/null +++ b/virt/multus/multus_rbac.tf @@ -0,0 +1,66 @@ +resource "kubectl_manifest" "ClusterRole_multus" { + yaml_body = <<-EOF + kind: ClusterRole + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: multus + ownerReferences: ${jsonencode(var.install_owner)} + labels: ${jsonencode(local.common-labels)} + rules: + - apiGroups: + - k8s.cni.cncf.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - '' + resources: + - pods + - pods/status + verbs: + - get + - update + - apiGroups: + - '' + - events.k8s.io + resources: + - events + verbs: + - create + - patch + - update +EOF +} + +resource "kubectl_manifest" "ClusterRoleBinding_multus" { + yaml_body = <<-EOF + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: multus + ownerReferences: ${jsonencode(var.install_owner)} + labels: ${jsonencode(local.common-labels)} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: multus + subjects: + - kind: ServiceAccount + name: multus + namespace: ${var.namespace} +EOF +} + +resource "kubectl_manifest" "ServiceAccount_multus" { + yaml_body = <<-EOF + apiVersion: v1 + kind: ServiceAccount + metadata: + name: multus + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + labels: ${jsonencode(local.common-labels)} +EOF +} + diff --git a/virt/multus/multus_workload.tf b/virt/multus/multus_workload.tf new file mode 100644 index 0000000..5076ebf --- /dev/null +++ b/virt/multus/multus_workload.tf @@ -0,0 +1,89 @@ +resource "kubectl_manifest" "DaemonSet_kube-multus-ds" { + yaml_body = <<-EOF + apiVersion: apps/v1 + kind: DaemonSet + metadata: + name: kube-multus-ds + namespace: ${var.namespace} + labels: ${jsonencode(local.common-labels)} + ownerReferences: ${jsonencode(var.install_owner)} + spec: + selector: + matchLabels: + name: multus + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + tier: node + app: multus + name: multus + spec: + hostNetwork: true + tolerations: + - operator: Exists + effect: NoSchedule + - operator: Exists + effect: NoExecute + serviceAccountName: multus + containers: + - name: kube-multus + image: ${var.images.operator.registry}/${var.images.operator.repository}:${var.images.operator.tag} + imagePullPolicy: ${var.images.operator.pull_policy} + command: + - /entrypoint.sh + args: + - --multus-conf-file=auto + - --cni-version=0.3.1 + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + cpu: 100m + memory: 50Mi + securityContext: + privileged: true + volumeMounts: + - name: cni + mountPath: /host/etc/cni/net.d + - name: cnibin + mountPath: /host/opt/cni/bin + - name: multus-cfg + mountPath: /tmp/multus-conf + initContainers: + - name: install-multus-binary + image: ${var.images.operator.registry}/${var.images.operator.repository}:${var.images.operator.tag} + imagePullPolicy: ${var.images.operator.pull_policy} + command: + - cp + - /usr/src/multus-cni/bin/multus + - /host/opt/cni/bin/multus + resources: + requests: + cpu: 10m + memory: 15Mi + securityContext: + privileged: true + volumeMounts: + - name: cnibin + mountPath: /host/opt/cni/bin + mountPropagation: Bidirectional + terminationGracePeriodSeconds: 10 + volumes: + - name: cni + hostPath: + path: ${var.cni.conf_dir} + - name: cnibin + hostPath: + path: ${var.cni.bin_dir} + - name: multus-cfg + configMap: + name: multus-cni-config + items: + - key: cni-conf.json + path: 70-multus.conf +EOF +} + diff --git a/virt/whereabouts/common.tf b/virt/whereabouts/common.tf new file mode 100644 index 0000000..ef3c93f --- /dev/null +++ b/virt/whereabouts/common.tf @@ -0,0 +1,12 @@ + +locals { + common-labels = { + "vynil.solidite.fr/owner-name" = var.instance + "vynil.solidite.fr/owner-namespace" = var.namespace + "vynil.solidite.fr/owner-category" = var.category + "vynil.solidite.fr/owner-component" = var.component + "app.kubernetes.io/managed-by" = "vynil" + "app.kubernetes.io/name" = var.component + "app.kubernetes.io/instance" = var.instance + } +} diff --git a/virt/whereabouts/index.yaml b/virt/whereabouts/index.yaml new file mode 100644 index 0000000..9338f40 --- /dev/null +++ b/virt/whereabouts/index.yaml @@ -0,0 +1,78 @@ +--- +apiVersion: vinyl.solidite.fr/v1beta1 +kind: Component +category: virt +metadata: + name: whereabouts + description: an IPAM plugin for CNIs capable of generating uniq IP across the cluster +options: + cni: + default: + bin_dir: /opt/cni/bin + conf_dir: /etc/cni/net.d + examples: + - bin_dir: /opt/cni/bin + conf_dir: /etc/cni/net.d + properties: + bin_dir: + default: /opt/cni/bin + description: use /var/lib/rancher/k3s/data/current/bin for k3s + type: string + conf_dir: + default: /etc/cni/net.d + description: use /var/lib/rancher/k3s/agent/etc/cni/net.d for k3s + type: string + type: object + images: + default: + operator: + pull_policy: IfNotPresent + registry: ghcr.io + repository: k8snetworkplumbingwg/whereabouts + tag: v0.7.0 + examples: + - operator: + pull_policy: IfNotPresent + registry: ghcr.io + repository: k8snetworkplumbingwg/whereabouts + tag: v0.7.0 + properties: + operator: + default: + pull_policy: IfNotPresent + registry: ghcr.io + repository: k8snetworkplumbingwg/whereabouts + tag: v0.7.0 + properties: + pull_policy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: ghcr.io + type: string + repository: + default: k8snetworkplumbingwg/whereabouts + type: string + tag: + default: v0.7.0 + type: string + type: object + type: object +dependencies: +- dist: null + category: crd + component: whereabouts +providers: + kubernetes: true + authentik: null + kubectl: true + postgresql: null + mysql: null + restapi: null + http: null + gitea: null +tfaddtype: null diff --git a/virt/whereabouts/whereabouts_ConfigMap.tf b/virt/whereabouts/whereabouts_ConfigMap.tf new file mode 100644 index 0000000..abea7d9 --- /dev/null +++ b/virt/whereabouts/whereabouts_ConfigMap.tf @@ -0,0 +1,17 @@ +resource "kubectl_manifest" "ConfigMap_whereabouts-config" { + yaml_body = <<-EOF + apiVersion: v1 + kind: ConfigMap + metadata: + name: whereabouts-config + namespace: ${var.namespace} + annotations: + kubernetes.io/description: | + Configmap containing user customizable cronjob schedule + ownerReferences: ${jsonencode(var.install_owner)} + labels: ${jsonencode(local.common-labels)} + data: + cron-expression: 30 4 * * * +EOF +} + diff --git a/virt/whereabouts/whereabouts_rbac.tf b/virt/whereabouts/whereabouts_rbac.tf new file mode 100644 index 0000000..ab0176d --- /dev/null +++ b/virt/whereabouts/whereabouts_rbac.tf @@ -0,0 +1,91 @@ +resource "kubectl_manifest" "ServiceAccount_whereabouts" { + yaml_body = <<-EOF + apiVersion: v1 + kind: ServiceAccount + metadata: + name: whereabouts + namespace: ${var.namespace} + ownerReferences: ${jsonencode(var.install_owner)} + labels: ${jsonencode(local.common-labels)} +EOF +} + +resource "kubectl_manifest" "ClusterRoleBinding_whereabouts" { + yaml_body = <<-EOF + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: whereabouts + labels: ${jsonencode(local.common-labels)} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: whereabouts-cni + subjects: + - kind: ServiceAccount + name: whereabouts + namespace: ${var.namespace} +EOF +} + +resource "kubectl_manifest" "ClusterRole_whereabouts-cni" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: whereabouts-cni + labels: ${jsonencode(local.common-labels)} + rules: + - apiGroups: + - whereabouts.cni.cncf.io + resources: + - ippools + - overlappingrangeipreservations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - '*' + - apiGroups: + - '' + resources: + - pods + verbs: + - list + - watch + - apiGroups: + - '' + resources: + - nodes + verbs: + - get + - apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch + - apiGroups: + - '' + - events.k8s.io + resources: + - events + verbs: + - create + - patch + - update + - get +EOF +} + diff --git a/virt/whereabouts/whereabouts_workload.tf b/virt/whereabouts/whereabouts_workload.tf new file mode 100644 index 0000000..a7c6122 --- /dev/null +++ b/virt/whereabouts/whereabouts_workload.tf @@ -0,0 +1,80 @@ +resource "kubectl_manifest" "DaemonSet_whereabouts" { + yaml_body = <<-EOF + apiVersion: apps/v1 + kind: DaemonSet + metadata: + name: whereabouts + namespace: ${var.namespace} + labels: ${jsonencode(local.common-labels)} + ownerReferences: ${jsonencode(var.install_owner)} + spec: + selector: + matchLabels: + name: whereabouts + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + tier: node + app: whereabouts + name: whereabouts + spec: + hostNetwork: true + serviceAccountName: whereabouts + tolerations: + - operator: Exists + effect: NoSchedule + containers: + - name: whereabouts + command: + - /bin/sh + args: + - -c + - | + SLEEP=false /install-cni.sh && /ip-control-loop -log-level debug + image: ${var.images.operator.registry}/${var.images.operator.repository}:${var.images.operator.tag} + imagePullPolicy: ${var.images.operator.pull_policy} + env: + - name: NODENAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: WHEREABOUTS_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 100m + memory: 200Mi + securityContext: + privileged: true + volumeMounts: + - name: cnibin + mountPath: /host/opt/cni/bin + - name: cni-net-dir + mountPath: /host/etc/cni/net.d + - name: cron-scheduler-configmap + mountPath: /cron-schedule + volumes: + - name: cnibin + hostPath: + path: ${var.cni.bin_dir} + - name: cni-net-dir + hostPath: + path: ${var.cni.conf_dir} + - name: cron-scheduler-configmap + configMap: + name: whereabouts-config + defaultMode: 0744 + items: + - key: cron-expression + path: config +EOF +} +