+++ /dev/null
-# CustomResourceDefinitions for Calico and Tigera operator
----
-# Source: crds/operator.tigera.io_apiservers_crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: apiservers.operator.tigera.io
-spec:
- group: operator.tigera.io
- names:
- kind: APIServer
- listKind: APIServerList
- plural: apiservers
- singular: apiserver
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- description: |-
- APIServer installs the Tigera API server and related resources. At most one instance
- of this resource is supported. It must be named "default" or "tigera-secure".
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: Specification of the desired state for the Tigera API server.
- properties:
- apiServerDeployment:
- description: |-
- APIServerDeployment configures the calico-apiserver (or tigera-apiserver in Enterprise) Deployment. If
- used in conjunction with ControlPlaneNodeSelector or ControlPlaneTolerations, then these overrides
- take precedence.
- properties:
- metadata:
- description: Metadata is a subset of a Kubernetes object's metadata
- that is added to the Deployment.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the specification of the API server Deployment.
- properties:
- minReadySeconds:
- description: |-
- MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should
- be ready without any of its container crashing, for it to be considered available.
- If specified, this overrides any minReadySeconds value that may be set on the API server Deployment.
- If omitted, the API server Deployment will use its default value for minReadySeconds.
- format: int32
- maximum: 2147483647
- minimum: 0
- type: integer
- template:
- description: Template describes the API server Deployment
- pod that will be created.
- properties:
- metadata:
- description: |-
- Metadata is a subset of a Kubernetes object's metadata that is added to
- the pod's metadata.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the API server Deployment's PodSpec.
- properties:
- affinity:
- description: |-
- Affinity is a group of affinity scheduling rules for the API server pods.
- If specified, this overrides any affinity that may be set on the API server Deployment.
- If omitted, the API server Deployment will use its default value for affinity.
- WARNING: Please note that this field will override the default API server Deployment affinity.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- description: |-
- Containers is a list of API server containers.
- If specified, this overrides the specified API server Deployment containers.
- If omitted, the API server Deployment will use its default values for its containers.
- items:
- description: APIServerDeploymentContainer is an
- API server Deployment container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the API server Deployment container by name.
- Supported values are: calico-apiserver, tigera-queryserver, calico-l7-admission-controller
- enum:
- - calico-apiserver
- - tigera-queryserver
- - calico-l7-admission-controller
- type: string
- ports:
- description: |-
- Ports allows customization of container's ports.
- If specified, this overrides the named APIServer Deployment container's ports.
- If omitted, the API server Deployment will use its default value for this container's port.
- items:
- properties:
- containerPort:
- description: |-
- Number of port to expose on the pod's IP address.
- This must be a valid port number, 0 < x < 65536.
- format: int32
- type: integer
- name:
- description: |-
- Name is an enum which identifies the API server Deployment Container port by name.
- Supported values are: apiserver, queryserver, l7admctrl
- enum:
- - apiserver
- - queryserver
- - l7admctrl
- type: string
- required:
- - containerPort
- - name
- type: object
- type: array
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named API server Deployment container's resources.
- If omitted, the API server Deployment will use its default value for this container's resources.
- If used in conjunction with the deprecated ComponentResources, then this value takes precedence.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- initContainers:
- description: |-
- InitContainers is a list of API server init containers.
- If specified, this overrides the specified API server Deployment init containers.
- If omitted, the API server Deployment will use its default values for its init containers.
- items:
- description: APIServerDeploymentInitContainer is
- an API server Deployment init container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the API server Deployment init container by name.
- Supported values are: calico-apiserver-certs-key-cert-provisioner
- enum:
- - calico-apiserver-certs-key-cert-provisioner
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named API server Deployment init container's resources.
- If omitted, the API server Deployment will use its default value for this init container's resources.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- description: |-
- NodeSelector is the API server pod's scheduling constraints.
- If specified, each of the key/value pairs are added to the API server Deployment nodeSelector provided
- the key does not already exist in the object's nodeSelector.
- If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the API server Deployment
- and each of this field's key/value pairs are added to the API server Deployment nodeSelector provided
- the key does not already exist in the object's nodeSelector.
- If omitted, the API server Deployment will use its default value for nodeSelector.
- WARNING: Please note that this field will modify the default API server Deployment nodeSelector.
- type: object
- priorityClassName:
- description: PriorityClassName allows to specify a
- PriorityClass resource to be used.
- type: string
- tolerations:
- description: |-
- Tolerations is the API server pod's tolerations.
- If specified, this overrides any tolerations that may be set on the API server Deployment.
- If omitted, the API server Deployment will use its default value for tolerations.
- WARNING: Please note that this field will override the default API server Deployment tolerations.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- topologySpreadConstraints:
- description: |-
- TopologySpreadConstraints describes how a group of pods ought to spread across topology
- domains. Scheduler will schedule pods in a way which abides by the constraints.
- All topologySpreadConstraints are ANDed.
- items:
- description: TopologySpreadConstraint specifies
- how to spread matching pods among the given topology.
- properties:
- labelSelector:
- description: |-
- LabelSelector is used to find matching pods.
- Pods that match this label selector are counted to determine the number of pods
- in their corresponding topology domain.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key
- that the selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select the pods over which
- spreading will be calculated. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are ANDed with labelSelector
- to select the group of existing pods over which spreading will be calculated
- for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
- MatchLabelKeys cannot be set when LabelSelector isn't set.
- Keys that don't exist in the incoming pod labels will
- be ignored. A null or empty list means only match against labelSelector.
- This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- maxSkew:
- description: |-
- MaxSkew describes the degree to which pods may be unevenly distributed.
- When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
- between the number of matching pods in the target topology and the global minimum.
- The global minimum is the minimum number of matching pods in an eligible domain
- or zero if the number of eligible domains is less than MinDomains.
- For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- labelSelector spread as 2/2/1:
- In this case, the global minimum is 1.
- | zone1 | zone2 | zone3 |
- | P P | P P | P |
- - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
- scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
- violate MaxSkew(1).
- - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
- When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
- to topologies that satisfy it.
- It's a required field. Default value is 1 and 0 is not allowed.
- format: int32
- type: integer
- minDomains:
- description: |-
- MinDomains indicates a minimum number of eligible domains.
- When the number of eligible domains with matching topology keys is less than minDomains,
- Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
- And when the number of eligible domains with matching topology keys equals or greater than minDomains,
- this value has no effect on scheduling.
- As a result, when the number of eligible domains is less than minDomains,
- scheduler won't schedule more than maxSkew Pods to those domains.
- If value is nil, the constraint behaves as if MinDomains is equal to 1.
- Valid values are integers greater than 0.
- When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
- For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
- labelSelector spread as 2/2/2:
- | zone1 | zone2 | zone3 |
- | P P | P P | P P |
- The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
- In this situation, new pod with the same labelSelector cannot be scheduled,
- because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
- it will violate MaxSkew.
- format: int32
- type: integer
- nodeAffinityPolicy:
- description: |-
- NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
- when calculating pod topology spread skew. Options are:
- - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
- - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
- If this value is nil, the behavior is equivalent to the Honor policy.
- This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- type: string
- nodeTaintsPolicy:
- description: |-
- NodeTaintsPolicy indicates how we will treat node taints when calculating
- pod topology spread skew. Options are:
- - Honor: nodes without taints, along with tainted nodes for which the incoming pod
- has a toleration, are included.
- - Ignore: node taints are ignored. All nodes are included.
- If this value is nil, the behavior is equivalent to the Ignore policy.
- This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- type: string
- topologyKey:
- description: |-
- TopologyKey is the key of node labels. Nodes that have a label with this key
- and identical values are considered to be in the same topology.
- We consider each <key, value> as a "bucket", and try to put balanced number
- of pods into each bucket.
- We define a domain as a particular instance of a topology.
- Also, we define an eligible domain as a domain whose nodes meet the requirements of
- nodeAffinityPolicy and nodeTaintsPolicy.
- e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
- And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
- It's a required field.
- type: string
- whenUnsatisfiable:
- description: |-
- WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
- the spread constraint.
- - DoNotSchedule (default) tells the scheduler not to schedule it.
- - ScheduleAnyway tells the scheduler to schedule the pod in any location,
- but giving higher precedence to topologies that would help reduce the
- skew.
- A constraint is considered "Unsatisfiable" for an incoming pod
- if and only if every possible node assignment for that pod would violate
- "MaxSkew" on some topology.
- For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- labelSelector spread as 3/1/1:
- | zone1 | zone2 | zone3 |
- | P P P | P | P |
- If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
- to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
- MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
- won't make it *more* imbalanced.
- It's a required field.
- type: string
- required:
- - maxSkew
- - topologyKey
- - whenUnsatisfiable
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- logging:
- properties:
- apiServer:
- properties:
- logSeverity:
- default: Info
- description: LogSeverity defines log level for APIServer container.
- enum:
- - Fatal
- - Error
- - Warn
- - Info
- - Debug
- - Trace
- type: string
- type: object
- queryServer:
- properties:
- logSeverity:
- default: Info
- description: LogSeverity defines log level for QueryServer
- container.
- enum:
- - Fatal
- - Error
- - Warn
- - Info
- - Debug
- - Trace
- type: string
- type: object
- type: object
- type: object
- status:
- description: Most recently observed status for the Tigera API server.
- properties:
- conditions:
- description: |-
- Conditions represents the latest observed set of conditions for the component. A component may be one or more of
- Ready, Progressing, Degraded or other customer types.
- items:
- description: Condition contains details for one aspect of the current
- state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- state:
- description: State provides user-readable status.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
----
-# Source: crds/operator.tigera.io_gatewayapis_crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: gatewayapis.operator.tigera.io
-spec:
- group: operator.tigera.io
- names:
- kind: GatewayAPI
- listKind: GatewayAPIList
- plural: gatewayapis
- singular: gatewayapi
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: GatewayAPISpec has fields that can be used to customize our
- GatewayAPI support.
- properties:
- crdManagement:
- description: |-
- Configure how to manage and update Gateway API CRDs. The default behaviour - which is
- used when this field is not set, or is set to "PreferExisting" - is that the Tigera
- operator will create the Gateway API CRDs if they do not already exist, but will not
- overwrite any existing Gateway API CRDs. This setting may be preferable if the customer
- is using other implementations of the Gateway API concurrently with the Gateway API
- support in Calico Enterprise. It is then the customer's responsibility to ensure that
- CRDs are installed that meet the needs of all the Gateway API implementations in their
- cluster.
- Alternatively, if this field is set to "Reconcile", the Tigera operator will keep the
- cluster's Gateway API CRDs aligned with those that it would install on a cluster that
- does not yet have any version of those CRDs.
- enum:
- - Reconcile
- - PreferExisting
- type: string
- gatewayCertgenJob:
- description: Allow optional customization of the gateway certgen job.
- properties:
- metadata:
- description: Metadata contains the standard Kubernetes labels
- and annotations fields.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: |-
- GatewayCertgenJobSpec allows customization of the gateway certgen job spec.
- For customization of the job template see GatewayCertgenJobPodTemplate.
- properties:
- template:
- description: |-
- GatewayCertgenJobPodTemplate allows customization of the gateway certgen job's pod template.
- If GatewayCertgenJob.Spec.Template.Metadata is non-nil, non-clashing labels and
- annotations from that metadata are added into the job's pod template.
- For customization of the pod template spec see GatewayCertgenJobPodSpec.
- properties:
- metadata:
- description: Metadata contains the standard Kubernetes
- labels and annotations fields.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: |-
- GatewayCertgenJobPodSpec allows customization of the gateway certgen job's pod spec.
- If GatewayCertgenJob.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field of the
- job's pod template.
- If GatewayCertgenJob.Spec.Template.Spec.NodeSelector is non-nil, it sets a node selector for
- where job pods may be scheduled.
- If GatewayCertgenJob.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations field of
- the job's pod template.
- For customization of job container resources see GatewayCertgenJobContainer.
- properties:
- affinity:
- description: Affinity is a group of affinity scheduling
- rules.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- items:
- description: |-
- GatewayCertgenJobContainer allows customization of the gateway certgen job's resource
- requirements.
- If GatewayCertgenJob.Spec.Template.Spec.Containers["envoy-gateway-certgen"].Resources is non-nil,
- it overrides the ResourceRequirements of the job's "envoy-gateway-certgen" container.
- properties:
- name:
- enum:
- - envoy-gateway-certgen
- type: string
- resources:
- description: ResourceRequirements describes
- the compute resource requirements.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- type: object
- tolerations:
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- gatewayControllerDeployment:
- description: Allow optional customization of the gateway controller
- deployment.
- properties:
- metadata:
- description: Metadata contains the standard Kubernetes labels
- and annotations fields.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: |-
- GatewayControllerDeploymentSpec allows customization of the gateway controller deployment spec.
- If GatewayControllerDeployment.Spec.MinReadySeconds is non-nil, it sets the minReadySeconds field
- for the deployment.
- For customization of the pod template see GatewayControllerDeploymentPodTemplate.
- properties:
- minReadySeconds:
- format: int32
- maximum: 2147483647
- minimum: 0
- type: integer
- template:
- description: |-
- GatewayControllerDeploymentPodTemplate allows customization of the gateway controller deployment
- pod template.
- If GatewayControllerDeployment.Spec.Template.Metadata is non-nil, non-clashing labels and
- annotations from that metadata are added into the deployment's pod template.
- For customization of the pod template spec see GatewayControllerDeploymentPodSpec.
- properties:
- metadata:
- description: Metadata contains the standard Kubernetes
- labels and annotations fields.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: |-
- GatewayControllerDeploymentPodSpec allows customization of the gateway controller deployment pod
- spec.
- If GatewayControllerDeployment.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field
- of the deployment's pod template.
- If GatewayControllerDeployment.Spec.Template.Spec.NodeSelector is non-nil, it sets a node
- selector for where controller pods may be scheduled.
- If GatewayControllerDeployment.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations
- field of the deployment's pod template.
- For customization of container resources see GatewayControllerDeploymentContainer.
- properties:
- affinity:
- description: Affinity is a group of affinity scheduling
- rules.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- items:
- description: |-
- GatewayControllerDeploymentContainer allows customization of the gateway controller's resource
- requirements.
- If GatewayControllerDeployment.Spec.Template.Spec.Containers["envoy-gateway"].Resources is
- non-nil, it overrides the ResourceRequirements of the controller's "envoy-gateway" container.
- properties:
- name:
- enum:
- - envoy-gateway
- type: string
- resources:
- description: ResourceRequirements describes
- the compute resource requirements.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- type: object
- tolerations:
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- gatewayDeployment:
- description: Allow optional customization of gateway deployments.
- properties:
- spec:
- description: |-
- GatewayDeploymentSpec allows customization of the spec of gateway deployments.
- For customization of the pod template see GatewayDeploymentPodTemplate.
- For customization of the deployment strategy see GatewayDeploymentStrategy.
- properties:
- strategy:
- description: The deployment strategy to use to replace existing
- pods with new ones.
- properties:
- rollingUpdate:
- description: Spec to control the desired behavior of rolling
- update.
- properties:
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of pods that can be scheduled above the desired number of
- pods.
- Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- This can not be 0 if MaxUnavailable is 0.
- Absolute number is calculated from percentage by rounding up.
- Defaults to 25%.
- Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
- the rolling update starts, such that the total number of old and new pods do not exceed
- 130% of desired pods. Once old pods have been killed,
- new ReplicaSet can be scaled up further, ensuring that total number of pods running
- at any time during the update is at most 130% of desired pods.
- x-kubernetes-int-or-string: true
- maxUnavailable:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of pods that can be unavailable during the update.
- Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- Absolute number is calculated from percentage by rounding down.
- This can not be 0 if MaxSurge is 0.
- Defaults to 25%.
- Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
- immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
- can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
- that the total number of pods available at all times during the update is at
- least 70% of desired pods.
- x-kubernetes-int-or-string: true
- type: object
- type: object
- template:
- description: |-
- GatewayDeploymentPodTemplate allows customization of the pod template of gateway deployments.
- If GatewayDeployment.Spec.Template.Metadata is non-nil, non-clashing labels and annotations from
- that metadata are added into each deployment's pod template.
- For customization of the pod template spec see GatewayDeploymentPodSpec.
- properties:
- metadata:
- description: Metadata contains the standard Kubernetes
- labels and annotations fields.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: |-
- GatewayDeploymentPodSpec allows customization of the pod spec of gateway deployments.
- If GatewayDeployment.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field of each
- deployment's pod template.
- If GatewayDeployment.Spec.Template.Spec.NodeSelector is non-nil, it sets a node selector for
- where gateway pods may be scheduled.
- If GatewayDeployment.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations field of
- each deployment's pod template.
- If GatewayDeployment.Spec.Template.Spec.TopologySpreadConstraints is non-nil, it sets the
- topology spread constraints of each deployment's pod template.
- For customization of container resources see GatewayControllerDeploymentContainer.
- properties:
- affinity:
- description: Affinity is a group of affinity scheduling
- rules.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- items:
- description: |-
- GatewayDeploymentContainer allows customization of the resource requirements of gateway
- deployments.
- If GatewayDeployment.Spec.Template.Spec.Containers["envoy"].Resources is non-nil, it overrides
- the ResourceRequirements of the "envoy" container in each gateway deployment.
- properties:
- name:
- enum:
- - envoy
- type: string
- resources:
- description: ResourceRequirements describes
- the compute resource requirements.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- type: object
- tolerations:
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- topologySpreadConstraints:
- description: |-
- TopologySpreadConstraints describes how a group of pods ought to spread across topology
- domains. Scheduler will schedule pods in a way which abides by the constraints.
- All topologySpreadConstraints are ANDed.
- items:
- description: TopologySpreadConstraint specifies
- how to spread matching pods among the given topology.
- properties:
- labelSelector:
- description: |-
- LabelSelector is used to find matching pods.
- Pods that match this label selector are counted to determine the number of pods
- in their corresponding topology domain.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key
- that the selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select the pods over which
- spreading will be calculated. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are ANDed with labelSelector
- to select the group of existing pods over which spreading will be calculated
- for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
- MatchLabelKeys cannot be set when LabelSelector isn't set.
- Keys that don't exist in the incoming pod labels will
- be ignored. A null or empty list means only match against labelSelector.
- This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- maxSkew:
- description: |-
- MaxSkew describes the degree to which pods may be unevenly distributed.
- When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
- between the number of matching pods in the target topology and the global minimum.
- The global minimum is the minimum number of matching pods in an eligible domain
- or zero if the number of eligible domains is less than MinDomains.
- For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- labelSelector spread as 2/2/1:
- In this case, the global minimum is 1.
- | zone1 | zone2 | zone3 |
- | P P | P P | P |
- - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
- scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
- violate MaxSkew(1).
- - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
- When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
- to topologies that satisfy it.
- It's a required field. Default value is 1 and 0 is not allowed.
- format: int32
- type: integer
- minDomains:
- description: |-
- MinDomains indicates a minimum number of eligible domains.
- When the number of eligible domains with matching topology keys is less than minDomains,
- Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
- And when the number of eligible domains with matching topology keys equals or greater than minDomains,
- this value has no effect on scheduling.
- As a result, when the number of eligible domains is less than minDomains,
- scheduler won't schedule more than maxSkew Pods to those domains.
- If value is nil, the constraint behaves as if MinDomains is equal to 1.
- Valid values are integers greater than 0.
- When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
- For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
- labelSelector spread as 2/2/2:
- | zone1 | zone2 | zone3 |
- | P P | P P | P P |
- The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
- In this situation, new pod with the same labelSelector cannot be scheduled,
- because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
- it will violate MaxSkew.
- format: int32
- type: integer
- nodeAffinityPolicy:
- description: |-
- NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
- when calculating pod topology spread skew. Options are:
- - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
- - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
- If this value is nil, the behavior is equivalent to the Honor policy.
- This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- type: string
- nodeTaintsPolicy:
- description: |-
- NodeTaintsPolicy indicates how we will treat node taints when calculating
- pod topology spread skew. Options are:
- - Honor: nodes without taints, along with tainted nodes for which the incoming pod
- has a toleration, are included.
- - Ignore: node taints are ignored. All nodes are included.
- If this value is nil, the behavior is equivalent to the Ignore policy.
- This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- type: string
- topologyKey:
- description: |-
- TopologyKey is the key of node labels. Nodes that have a label with this key
- and identical values are considered to be in the same topology.
- We consider each <key, value> as a "bucket", and try to put balanced number
- of pods into each bucket.
- We define a domain as a particular instance of a topology.
- Also, we define an eligible domain as a domain whose nodes meet the requirements of
- nodeAffinityPolicy and nodeTaintsPolicy.
- e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
- And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
- It's a required field.
- type: string
- whenUnsatisfiable:
- description: |-
- WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
- the spread constraint.
- - DoNotSchedule (default) tells the scheduler not to schedule it.
- - ScheduleAnyway tells the scheduler to schedule the pod in any location,
- but giving higher precedence to topologies that would help reduce the
- skew.
- A constraint is considered "Unsatisfiable" for an incoming pod
- if and only if every possible node assignment for that pod would violate
- "MaxSkew" on some topology.
- For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- labelSelector spread as 3/1/1:
- | zone1 | zone2 | zone3 |
- | P P P | P | P |
- If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
- to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
- MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
- won't make it *more* imbalanced.
- It's a required field.
- type: string
- required:
- - maxSkew
- - topologyKey
- - whenUnsatisfiable
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/operator.tigera.io_goldmanes_crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: goldmanes.operator.tigera.io
-spec:
- group: operator.tigera.io
- names:
- kind: Goldmane
- listKind: GoldmaneList
- plural: goldmanes
- singular: goldmane
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- properties:
- goldmaneDeployment:
- description: GoldmaneDeployment is the configuration for the goldmane
- Deployment.
- properties:
- metadata:
- description: Metadata is a subset of a Kubernetes object's metadata
- that is added to the Deployment.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the specification of the goldmane Deployment.
- properties:
- minReadySeconds:
- description: |-
- MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should
- be ready without any of its container crashing, for it to be considered available.
- If specified, this overrides any minReadySeconds value that may be set on the goldmane Deployment.
- If omitted, the goldmane Deployment will use its default value for minReadySeconds.
- format: int32
- maximum: 2147483647
- minimum: 0
- type: integer
- strategy:
- description: The deployment strategy to use to replace existing
- pods with new ones.
- properties:
- rollingUpdate:
- description: |-
- Rolling update config params. Present only if DeploymentStrategyType =
- RollingUpdate.
- to be.
- properties:
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of pods that can be scheduled above the desired number of
- pods.
- Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- This can not be 0 if MaxUnavailable is 0.
- Absolute number is calculated from percentage by rounding up.
- Defaults to 25%.
- Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
- the rolling update starts, such that the total number of old and new pods do not exceed
- 130% of desired pods. Once old pods have been killed,
- new ReplicaSet can be scaled up further, ensuring that total number of pods running
- at any time during the update is at most 130% of desired pods.
- x-kubernetes-int-or-string: true
- maxUnavailable:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of pods that can be unavailable during the update.
- Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- Absolute number is calculated from percentage by rounding down.
- This can not be 0 if MaxSurge is 0.
- Defaults to 25%.
- Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
- immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
- can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
- that the total number of pods available at all times during the update is at
- least 70% of desired pods.
- x-kubernetes-int-or-string: true
- type: object
- type: object
- template:
- description: Template describes the goldmane Deployment pod
- that will be created.
- properties:
- metadata:
- description: Metadata is a subset of a Kubernetes object's
- metadata that is added to the pod's metadata.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the goldmane Deployment's PodSpec.
- properties:
- affinity:
- description: Affinity is a group of affinity scheduling
- rules for the goldmane pods.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- description: |-
- Containers is a list of goldmane containers.
- If specified, this overrides the specified EGW Deployment containers.
- If omitted, the goldmane Deployment will use its default values for its containers.
- items:
- properties:
- name:
- enum:
- - goldmane
- type: string
- resources:
- description: ResourceRequirements describes
- the compute resource requirements.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- description: NodeSelector gives more control over
- the nodes where the goldmane pods will run on.
- type: object
- priorityClassName:
- description: PriorityClassName allows to specify a
- PriorityClass resource to be used.
- type: string
- terminationGracePeriodSeconds:
- description: TerminationGracePeriodSeconds defines
- the termination grace period of the goldmane pods
- in seconds.
- format: int64
- minimum: 0
- type: integer
- tolerations:
- description: |-
- Tolerations is the goldmane pod's tolerations.
- If specified, this overrides any tolerations that may be set on the goldmane Deployment.
- If omitted, the goldmane Deployment will use its default value for tolerations.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- topologySpreadConstraints:
- description: |-
- TopologySpreadConstraints describes how a group of pods ought to spread across topology
- domains. Scheduler will schedule pods in a way which abides by the constraints.
- All topologySpreadConstraints are ANDed.
- items:
- description: TopologySpreadConstraint specifies
- how to spread matching pods among the given topology.
- properties:
- labelSelector:
- description: |-
- LabelSelector is used to find matching pods.
- Pods that match this label selector are counted to determine the number of pods
- in their corresponding topology domain.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key
- that the selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select the pods over which
- spreading will be calculated. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are ANDed with labelSelector
- to select the group of existing pods over which spreading will be calculated
- for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
- MatchLabelKeys cannot be set when LabelSelector isn't set.
- Keys that don't exist in the incoming pod labels will
- be ignored. A null or empty list means only match against labelSelector.
- This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- maxSkew:
- description: |-
- MaxSkew describes the degree to which pods may be unevenly distributed.
- When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
- between the number of matching pods in the target topology and the global minimum.
- The global minimum is the minimum number of matching pods in an eligible domain
- or zero if the number of eligible domains is less than MinDomains.
- For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- labelSelector spread as 2/2/1:
- In this case, the global minimum is 1.
- | zone1 | zone2 | zone3 |
- | P P | P P | P |
- - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
- scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
- violate MaxSkew(1).
- - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
- When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
- to topologies that satisfy it.
- It's a required field. Default value is 1 and 0 is not allowed.
- format: int32
- type: integer
- minDomains:
- description: |-
- MinDomains indicates a minimum number of eligible domains.
- When the number of eligible domains with matching topology keys is less than minDomains,
- Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
- And when the number of eligible domains with matching topology keys equals or greater than minDomains,
- this value has no effect on scheduling.
- As a result, when the number of eligible domains is less than minDomains,
- scheduler won't schedule more than maxSkew Pods to those domains.
- If value is nil, the constraint behaves as if MinDomains is equal to 1.
- Valid values are integers greater than 0.
- When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
- For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
- labelSelector spread as 2/2/2:
- | zone1 | zone2 | zone3 |
- | P P | P P | P P |
- The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
- In this situation, new pod with the same labelSelector cannot be scheduled,
- because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
- it will violate MaxSkew.
- format: int32
- type: integer
- nodeAffinityPolicy:
- description: |-
- NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
- when calculating pod topology spread skew. Options are:
- - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
- - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
- If this value is nil, the behavior is equivalent to the Honor policy.
- This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- type: string
- nodeTaintsPolicy:
- description: |-
- NodeTaintsPolicy indicates how we will treat node taints when calculating
- pod topology spread skew. Options are:
- - Honor: nodes without taints, along with tainted nodes for which the incoming pod
- has a toleration, are included.
- - Ignore: node taints are ignored. All nodes are included.
- If this value is nil, the behavior is equivalent to the Ignore policy.
- This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- type: string
- topologyKey:
- description: |-
- TopologyKey is the key of node labels. Nodes that have a label with this key
- and identical values are considered to be in the same topology.
- We consider each <key, value> as a "bucket", and try to put balanced number
- of pods into each bucket.
- We define a domain as a particular instance of a topology.
- Also, we define an eligible domain as a domain whose nodes meet the requirements of
- nodeAffinityPolicy and nodeTaintsPolicy.
- e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
- And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
- It's a required field.
- type: string
- whenUnsatisfiable:
- description: |-
- WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
- the spread constraint.
- - DoNotSchedule (default) tells the scheduler not to schedule it.
- - ScheduleAnyway tells the scheduler to schedule the pod in any location,
- but giving higher precedence to topologies that would help reduce the
- skew.
- A constraint is considered "Unsatisfiable" for an incoming pod
- if and only if every possible node assignment for that pod would violate
- "MaxSkew" on some topology.
- For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- labelSelector spread as 3/1/1:
- | zone1 | zone2 | zone3 |
- | P P P | P | P |
- If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
- to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
- MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
- won't make it *more* imbalanced.
- It's a required field.
- type: string
- required:
- - maxSkew
- - topologyKey
- - whenUnsatisfiable
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- type: object
- status:
- description: GoldmaneStatus defines the observed state of Goldmane
- properties:
- conditions:
- description: |-
- Conditions represents the latest observed set of conditions for the component. A component may be one or more of
- Ready, Progressing, Degraded or other customer types.
- items:
- description: Condition contains details for one aspect of the current
- state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
----
-# Source: crds/operator.tigera.io_imagesets_crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: imagesets.operator.tigera.io
-spec:
- group: operator.tigera.io
- names:
- kind: ImageSet
- listKind: ImageSetList
- plural: imagesets
- singular: imageset
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- description: |-
- ImageSet is used to specify image digests for the images that the operator deploys.
- The name of the ImageSet is expected to be in the format `<variant>-<release>`.
- The `variant` used is `enterprise` if the InstallationSpec Variant is
- `TigeraSecureEnterprise` otherwise it is `calico`.
- The `release` must match the version of the variant that the operator is built to deploy,
- this version can be obtained by passing the `--version` flag to the operator binary.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: ImageSetSpec defines the desired state of ImageSet.
- properties:
- images:
- description: |-
- Images is the list of images to use digests. All images that the operator will deploy
- must be specified.
- items:
- properties:
- digest:
- description: |-
- Digest is the image identifier that will be used for the Image.
- The field should not include a leading `@` and must be prefixed with `sha256:`.
- type: string
- image:
- description: |-
- Image is an image that the operator deploys and instead of using the built in tag
- the operator will use the Digest for the image identifier.
- The value should be the *original* image name without registry or tag or digest.
- For the image `docker.io/calico/node:v3.17.1` it should be represented as `calico/node`
- The "Installation" spec allows defining custom image registries, paths or prefixes.
- Even for custom images such as example.com/custompath/customprefix-calico-node:v3.17.1,
- this value should still be `calico/node`.
- type: string
- required:
- - digest
- - image
- type: object
- type: array
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
----
-# Source: crds/operator.tigera.io_installations_crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: installations.operator.tigera.io
-spec:
- group: operator.tigera.io
- names:
- kind: Installation
- listKind: InstallationList
- plural: installations
- singular: installation
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- description: |-
- Installation configures an installation of Calico or Calico Enterprise. At most one instance
- of this resource is supported. It must be named "default". The Installation API installs core networking
- and network policy components, and provides general install-time configuration.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: Specification of the desired state for the Calico or Calico
- Enterprise installation.
- properties:
- azure:
- description: Azure is used to configure azure provider specific options.
- properties:
- policyMode:
- default: Default
- description: |-
- PolicyMode determines whether the "control-plane" label is applied to namespaces. It offers two options: Default and Manual.
- The Default option adds the "control-plane" label to the required namespaces.
- The Manual option does not apply the "control-plane" label to any namespace.
- Default: Default
- enum:
- - Default
- - Manual
- type: string
- type: object
- calicoKubeControllersDeployment:
- description: |-
- CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in
- conjunction with the deprecated ComponentResources, then these overrides take precedence.
- properties:
- metadata:
- description: Metadata is a subset of a Kubernetes object's metadata
- that is added to the Deployment.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the specification of the calico-kube-controllers
- Deployment.
- properties:
- minReadySeconds:
- description: |-
- MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should
- be ready without any of its container crashing, for it to be considered available.
- If specified, this overrides any minReadySeconds value that may be set on the calico-kube-controllers Deployment.
- If omitted, the calico-kube-controllers Deployment will use its default value for minReadySeconds.
- format: int32
- maximum: 2147483647
- minimum: 0
- type: integer
- template:
- description: Template describes the calico-kube-controllers
- Deployment pod that will be created.
- properties:
- metadata:
- description: |-
- Metadata is a subset of a Kubernetes object's metadata that is added to
- the pod's metadata.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the calico-kube-controllers Deployment's
- PodSpec.
- properties:
- affinity:
- description: |-
- Affinity is a group of affinity scheduling rules for the calico-kube-controllers pods.
- If specified, this overrides any affinity that may be set on the calico-kube-controllers Deployment.
- If omitted, the calico-kube-controllers Deployment will use its default value for affinity.
- WARNING: Please note that this field will override the default calico-kube-controllers Deployment affinity.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- description: |-
- Containers is a list of calico-kube-controllers containers.
- If specified, this overrides the specified calico-kube-controllers Deployment containers.
- If omitted, the calico-kube-controllers Deployment will use its default values for its containers.
- items:
- description: CalicoKubeControllersDeploymentContainer
- is a calico-kube-controllers Deployment container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the calico-kube-controllers Deployment container by name.
- Supported values are: calico-kube-controllers, es-calico-kube-controllers
- enum:
- - calico-kube-controllers
- - es-calico-kube-controllers
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named calico-kube-controllers Deployment container's resources.
- If omitted, the calico-kube-controllers Deployment will use its default value for this container's resources.
- If used in conjunction with the deprecated ComponentResources, then this value takes precedence.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- description: |-
- NodeSelector is the calico-kube-controllers pod's scheduling constraints.
- If specified, each of the key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided
- the key does not already exist in the object's nodeSelector.
- If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the calico-kube-controllers Deployment
- and each of this field's key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided
- the key does not already exist in the object's nodeSelector.
- If omitted, the calico-kube-controllers Deployment will use its default value for nodeSelector.
- WARNING: Please note that this field will modify the default calico-kube-controllers Deployment nodeSelector.
- type: object
- tolerations:
- description: |-
- Tolerations is the calico-kube-controllers pod's tolerations.
- If specified, this overrides any tolerations that may be set on the calico-kube-controllers Deployment.
- If omitted, the calico-kube-controllers Deployment will use its default value for tolerations.
- WARNING: Please note that this field will override the default calico-kube-controllers Deployment tolerations.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- calicoNetwork:
- description: CalicoNetwork specifies networking configuration options
- for Calico.
- properties:
- bgp:
- description: BGP configures whether or not to enable Calico's
- BGP capabilities.
- enum:
- - Enabled
- - Disabled
- type: string
- containerIPForwarding:
- description: |-
- ContainerIPForwarding configures whether ip forwarding will be enabled for containers in the CNI configuration.
- Default: Disabled
- enum:
- - Enabled
- - Disabled
- type: string
- hostPorts:
- description: |-
- HostPorts configures whether or not Calico will support Kubernetes HostPorts. Valid only when using the Calico CNI plugin.
- Default: Enabled
- enum:
- - Enabled
- - Disabled
- type: string
- ipPools:
- description: |-
- IPPools contains a list of IP pools to manage. If nil, a single IPv4 IP pool
- will be created by the operator. If an empty list is provided, the operator will not create any IP pools and will instead
- wait for IP pools to be created out-of-band.
- IP pools in this list will be reconciled by the operator and should not be modified out-of-band.
- items:
- properties:
- allowedUses:
- description: |-
- AllowedUse controls what the IP pool will be used for. If not specified or empty, defaults to
- ["Tunnel", "Workload"] for back-compatibility
- items:
- type: string
- type: array
- assignmentMode:
- description: AssignmentMode determines if IP addresses from
- this pool should be assigned automatically or on request
- only
- type: string
- blockSize:
- description: |-
- BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from
- the main IP pool CIDR.
- Default: 26 (IPv4), 122 (IPv6)
- format: int32
- type: integer
- cidr:
- description: CIDR contains the address range for the IP
- Pool in classless inter-domain routing format.
- type: string
- disableBGPExport:
- default: false
- description: |-
- DisableBGPExport specifies whether routes from this IP pool's CIDR are exported over BGP.
- Default: false
- type: boolean
- disableNewAllocations:
- description: |-
- DisableNewAllocations specifies whether or not new IP allocations are allowed from this pool.
- This is useful when you want to prevent new pods from receiving IP addresses from this pool, without
- impacting any existing pods that have already been assigned addresses from this pool.
- type: boolean
- encapsulation:
- description: |-
- Encapsulation specifies the encapsulation type that will be used with
- the IP Pool.
- Default: IPIP
- enum:
- - IPIPCrossSubnet
- - IPIP
- - VXLAN
- - VXLANCrossSubnet
- - None
- type: string
- name:
- description: Name is the name of the IP pool. If omitted,
- this will be generated.
- type: string
- natOutgoing:
- description: |-
- NATOutgoing specifies if NAT will be enabled or disabled for outgoing traffic.
- Default: Enabled
- enum:
- - Enabled
- - Disabled
- type: string
- nodeSelector:
- description: |-
- NodeSelector specifies the node selector that will be set for the IP Pool.
- Default: 'all()'
- type: string
- required:
- - cidr
- type: object
- maxItems: 25
- type: array
- linuxDataplane:
- description: |-
- LinuxDataplane is used to select the dataplane used for Linux nodes. In particular, it
- causes the operator to add required mounts and environment variables for the particular dataplane.
- If not specified, iptables mode is used.
- Default: Iptables
- enum:
- - Iptables
- - BPF
- - VPP
- - Nftables
- type: string
- linuxPolicySetupTimeoutSeconds:
- description: |-
- LinuxPolicySetupTimeoutSeconds delays new pods from running containers
- until their policy has been programmed in the dataplane.
- The specified delay defines the maximum amount of time
- that the Calico CNI plugin will wait for policy to be programmed.
- Only applies to pods created on Linux nodes.
- * A value of 0 disables pod startup delays.
- Default: 0
- format: int32
- type: integer
- mtu:
- description: |-
- MTU specifies the maximum transmission unit to use on the pod network.
- If not specified, Calico will perform MTU auto-detection based on the cluster network.
- format: int32
- type: integer
- multiInterfaceMode:
- description: |-
- MultiInterfaceMode configures what will configure multiple interface per pod. Only valid for Calico Enterprise installations
- using the Calico CNI plugin.
- Default: None
- enum:
- - None
- - Multus
- type: string
- nodeAddressAutodetectionV4:
- description: |-
- NodeAddressAutodetectionV4 specifies an approach to automatically detect node IPv4 addresses. If not specified,
- will use default auto-detection settings to acquire an IPv4 address for each node.
- properties:
- canReach:
- description: |-
- CanReach enables IP auto-detection based on which source address on the node is used to reach the
- specified IP or domain.
- type: string
- cidrs:
- description: |-
- CIDRS enables IP auto-detection based on which addresses on the nodes are within
- one of the provided CIDRs.
- items:
- type: string
- type: array
- firstFound:
- description: |-
- FirstFound uses default interface matching parameters to select an interface, performing best-effort
- filtering based on well-known interface names.
- type: boolean
- interface:
- description: Interface enables IP auto-detection based on
- interfaces that match the given regex.
- type: string
- kubernetes:
- description: Kubernetes configures Calico to detect node addresses
- based on the Kubernetes API.
- enum:
- - NodeInternalIP
- type: string
- skipInterface:
- description: |-
- SkipInterface enables IP auto-detection based on interfaces that do not match
- the given regex.
- type: string
- type: object
- nodeAddressAutodetectionV6:
- description: |-
- NodeAddressAutodetectionV6 specifies an approach to automatically detect node IPv6 addresses. If not specified,
- IPv6 addresses will not be auto-detected.
- properties:
- canReach:
- description: |-
- CanReach enables IP auto-detection based on which source address on the node is used to reach the
- specified IP or domain.
- type: string
- cidrs:
- description: |-
- CIDRS enables IP auto-detection based on which addresses on the nodes are within
- one of the provided CIDRs.
- items:
- type: string
- type: array
- firstFound:
- description: |-
- FirstFound uses default interface matching parameters to select an interface, performing best-effort
- filtering based on well-known interface names.
- type: boolean
- interface:
- description: Interface enables IP auto-detection based on
- interfaces that match the given regex.
- type: string
- kubernetes:
- description: Kubernetes configures Calico to detect node addresses
- based on the Kubernetes API.
- enum:
- - NodeInternalIP
- type: string
- skipInterface:
- description: |-
- SkipInterface enables IP auto-detection based on interfaces that do not match
- the given regex.
- type: string
- type: object
- sysctl:
- description: Sysctl configures sysctl parameters for tuning plugin
- items:
- properties:
- key:
- enum:
- - net.ipv4.tcp_keepalive_intvl
- - net.ipv4.tcp_keepalive_probes
- - net.ipv4.tcp_keepalive_time
- type: string
- value:
- type: string
- required:
- - key
- - value
- type: object
- type: array
- windowsDataplane:
- description: |-
- WindowsDataplane is used to select the dataplane used for Windows nodes. In particular, it
- causes the operator to add required mounts and environment variables for the particular dataplane.
- If not specified, it is disabled and the operator will not render the Calico Windows nodes daemonset.
- Default: Disabled
- enum:
- - HNS
- - Disabled
- type: string
- type: object
- calicoNodeDaemonSet:
- description: |-
- CalicoNodeDaemonSet configures the calico-node DaemonSet. If used in
- conjunction with the deprecated ComponentResources, then these overrides take precedence.
- properties:
- metadata:
- description: Metadata is a subset of a Kubernetes object's metadata
- that is added to the DaemonSet.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the specification of the calico-node DaemonSet.
- properties:
- minReadySeconds:
- description: |-
- MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should
- be ready without any of its container crashing, for it to be considered available.
- If specified, this overrides any minReadySeconds value that may be set on the calico-node DaemonSet.
- If omitted, the calico-node DaemonSet will use its default value for minReadySeconds.
- format: int32
- maximum: 2147483647
- minimum: 0
- type: integer
- template:
- description: Template describes the calico-node DaemonSet
- pod that will be created.
- properties:
- metadata:
- description: |-
- Metadata is a subset of a Kubernetes object's metadata that is added to
- the pod's metadata.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the calico-node DaemonSet's PodSpec.
- properties:
- affinity:
- description: |-
- Affinity is a group of affinity scheduling rules for the calico-node pods.
- If specified, this overrides any affinity that may be set on the calico-node DaemonSet.
- If omitted, the calico-node DaemonSet will use its default value for affinity.
- WARNING: Please note that this field will override the default calico-node DaemonSet affinity.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- description: |-
- Containers is a list of calico-node containers.
- If specified, this overrides the specified calico-node DaemonSet containers.
- If omitted, the calico-node DaemonSet will use its default values for its containers.
- items:
- description: CalicoNodeDaemonSetContainer is a calico-node
- DaemonSet container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the calico-node DaemonSet container by name.
- Supported values are: calico-node
- enum:
- - calico-node
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named calico-node DaemonSet container's resources.
- If omitted, the calico-node DaemonSet will use its default value for this container's resources.
- If used in conjunction with the deprecated ComponentResources, then this value takes precedence.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- initContainers:
- description: |-
- InitContainers is a list of calico-node init containers.
- If specified, this overrides the specified calico-node DaemonSet init containers.
- If omitted, the calico-node DaemonSet will use its default values for its init containers.
- items:
- description: CalicoNodeDaemonSetInitContainer is
- a calico-node DaemonSet init container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the calico-node DaemonSet init container by name.
- Supported values are: install-cni, hostpath-init, flexvol-driver, mount-bpffs, node-certs-key-cert-provisioner, calico-node-prometheus-server-tls-key-cert-provisioner
- enum:
- - install-cni
- - hostpath-init
- - flexvol-driver
- - mount-bpffs
- - node-certs-key-cert-provisioner
- - calico-node-prometheus-server-tls-key-cert-provisioner
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named calico-node DaemonSet init container's resources.
- If omitted, the calico-node DaemonSet will use its default value for this container's resources.
- If used in conjunction with the deprecated ComponentResources, then this value takes precedence.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- description: |-
- NodeSelector is the calico-node pod's scheduling constraints.
- If specified, each of the key/value pairs are added to the calico-node DaemonSet nodeSelector provided
- the key does not already exist in the object's nodeSelector.
- If omitted, the calico-node DaemonSet will use its default value for nodeSelector.
- WARNING: Please note that this field will modify the default calico-node DaemonSet nodeSelector.
- type: object
- tolerations:
- description: |-
- Tolerations is the calico-node pod's tolerations.
- If specified, this overrides any tolerations that may be set on the calico-node DaemonSet.
- If omitted, the calico-node DaemonSet will use its default value for tolerations.
- WARNING: Please note that this field will override the default calico-node DaemonSet tolerations.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- calicoNodeWindowsDaemonSet:
- description: CalicoNodeWindowsDaemonSet configures the calico-node-windows
- DaemonSet.
- properties:
- metadata:
- description: Metadata is a subset of a Kubernetes object's metadata
- that is added to the DaemonSet.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the specification of the calico-node-windows
- DaemonSet.
- properties:
- minReadySeconds:
- description: |-
- MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should
- be ready without any of its container crashing, for it to be considered available.
- If specified, this overrides any minReadySeconds value that may be set on the calico-node-windows DaemonSet.
- If omitted, the calico-node-windows DaemonSet will use its default value for minReadySeconds.
- format: int32
- maximum: 2147483647
- minimum: 0
- type: integer
- template:
- description: Template describes the calico-node-windows DaemonSet
- pod that will be created.
- properties:
- metadata:
- description: |-
- Metadata is a subset of a Kubernetes object's metadata that is added to
- the pod's metadata.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the calico-node-windows DaemonSet's
- PodSpec.
- properties:
- affinity:
- description: |-
- Affinity is a group of affinity scheduling rules for the calico-node-windows pods.
- If specified, this overrides any affinity that may be set on the calico-node-windows DaemonSet.
- If omitted, the calico-node-windows DaemonSet will use its default value for affinity.
- WARNING: Please note that this field will override the default calico-node-windows DaemonSet affinity.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- description: |-
- Containers is a list of calico-node-windows containers.
- If specified, this overrides the specified calico-node-windows DaemonSet containers.
- If omitted, the calico-node-windows DaemonSet will use its default values for its containers.
- items:
- description: CalicoNodeWindowsDaemonSetContainer
- is a calico-node-windows DaemonSet container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the calico-node-windows DaemonSet container by name.
- Supported values are: calico-node-windows
- enum:
- - calico-node-windows
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named calico-node-windows DaemonSet container's resources.
- If omitted, the calico-node-windows DaemonSet will use its default value for this container's resources.
- If used in conjunction with the deprecated ComponentResources, then this value takes precedence.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- initContainers:
- description: |-
- InitContainers is a list of calico-node-windows init containers.
- If specified, this overrides the specified calico-node-windows DaemonSet init containers.
- If omitted, the calico-node-windows DaemonSet will use its default values for its init containers.
- items:
- description: CalicoNodeWindowsDaemonSetInitContainer
- is a calico-node-windows DaemonSet init container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the calico-node-windows DaemonSet init container by name.
- Supported values are: install-cni;hostpath-init, flexvol-driver, mount-bpffs, node-certs-key-cert-provisioner, calico-node-windows-prometheus-server-tls-key-cert-provisioner
- enum:
- - install-cni
- - hostpath-init
- - flexvol-driver
- - mount-bpffs
- - node-certs-key-cert-provisioner
- - calico-node-windows-prometheus-server-tls-key-cert-provisioner
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named calico-node-windows DaemonSet init container's resources.
- If omitted, the calico-node-windows DaemonSet will use its default value for this container's resources.
- If used in conjunction with the deprecated ComponentResources, then this value takes precedence.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- description: |-
- NodeSelector is the calico-node-windows pod's scheduling constraints.
- If specified, each of the key/value pairs are added to the calico-node-windows DaemonSet nodeSelector provided
- the key does not already exist in the object's nodeSelector.
- If omitted, the calico-node-windows DaemonSet will use its default value for nodeSelector.
- WARNING: Please note that this field will modify the default calico-node-windows DaemonSet nodeSelector.
- type: object
- tolerations:
- description: |-
- Tolerations is the calico-node-windows pod's tolerations.
- If specified, this overrides any tolerations that may be set on the calico-node-windows DaemonSet.
- If omitted, the calico-node-windows DaemonSet will use its default value for tolerations.
- WARNING: Please note that this field will override the default calico-node-windows DaemonSet tolerations.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- calicoWindowsUpgradeDaemonSet:
- description: |-
- Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future.
- CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet.
- properties:
- metadata:
- description: Metadata is a subset of a Kubernetes object's metadata
- that is added to the Deployment.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the specification of the calico-windows-upgrade
- DaemonSet.
- properties:
- minReadySeconds:
- description: |-
- MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should
- be ready without any of its container crashing, for it to be considered available.
- If specified, this overrides any minReadySeconds value that may be set on the calico-windows-upgrade DaemonSet.
- If omitted, the calico-windows-upgrade DaemonSet will use its default value for minReadySeconds.
- format: int32
- maximum: 2147483647
- minimum: 0
- type: integer
- template:
- description: Template describes the calico-windows-upgrade
- DaemonSet pod that will be created.
- properties:
- metadata:
- description: |-
- Metadata is a subset of a Kubernetes object's metadata that is added to
- the pod's metadata.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the calico-windows-upgrade DaemonSet's
- PodSpec.
- properties:
- affinity:
- description: |-
- Affinity is a group of affinity scheduling rules for the calico-windows-upgrade pods.
- If specified, this overrides any affinity that may be set on the calico-windows-upgrade DaemonSet.
- If omitted, the calico-windows-upgrade DaemonSet will use its default value for affinity.
- WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet affinity.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- description: |-
- Containers is a list of calico-windows-upgrade containers.
- If specified, this overrides the specified calico-windows-upgrade DaemonSet containers.
- If omitted, the calico-windows-upgrade DaemonSet will use its default values for its containers.
- items:
- description: CalicoWindowsUpgradeDaemonSetContainer
- is a calico-windows-upgrade DaemonSet container.
- properties:
- name:
- description: Name is an enum which identifies
- the calico-windows-upgrade DaemonSet container
- by name.
- enum:
- - calico-windows-upgrade
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named calico-windows-upgrade DaemonSet container's resources.
- If omitted, the calico-windows-upgrade DaemonSet will use its default value for this container's resources.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- description: |-
- NodeSelector is the calico-windows-upgrade pod's scheduling constraints.
- If specified, each of the key/value pairs are added to the calico-windows-upgrade DaemonSet nodeSelector provided
- the key does not already exist in the object's nodeSelector.
- If omitted, the calico-windows-upgrade DaemonSet will use its default value for nodeSelector.
- WARNING: Please note that this field will modify the default calico-windows-upgrade DaemonSet nodeSelector.
- type: object
- tolerations:
- description: |-
- Tolerations is the calico-windows-upgrade pod's tolerations.
- If specified, this overrides any tolerations that may be set on the calico-windows-upgrade DaemonSet.
- If omitted, the calico-windows-upgrade DaemonSet will use its default value for tolerations.
- WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet tolerations.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- certificateManagement:
- description: |-
- CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order
- to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise
- pods will be stuck during initialization.
- properties:
- caCert:
- description: Certificate of the authority that signs the CertificateSigningRequests
- in PEM format.
- format: byte
- type: string
- keyAlgorithm:
- description: |-
- Specify the algorithm used by pods to generate a key pair that is associated with the X.509 certificate request.
- Default: RSAWithSize2048
- enum:
- - ""
- - RSAWithSize2048
- - RSAWithSize4096
- - RSAWithSize8192
- - ECDSAWithCurve256
- - ECDSAWithCurve384
- - ECDSAWithCurve521
- type: string
- signatureAlgorithm:
- description: |-
- Specify the algorithm used for the signature of the X.509 certificate request.
- Default: SHA256WithRSA
- enum:
- - ""
- - SHA256WithRSA
- - SHA384WithRSA
- - SHA512WithRSA
- - ECDSAWithSHA256
- - ECDSAWithSHA384
- - ECDSAWithSHA512
- type: string
- signerName:
- description: |-
- When a CSR is issued to the certificates.k8s.io API, the signerName is added to the request in order to accommodate for clusters
- with multiple signers.
- Must be formatted as: `<my-domain>/<my-signername>`.
- type: string
- required:
- - caCert
- - signerName
- type: object
- cni:
- description: CNI specifies the CNI that will be used by this installation.
- properties:
- ipam:
- description: |-
- IPAM specifies the pod IP address management that will be used in the Calico or
- Calico Enterprise installation.
- properties:
- type:
- description: |-
- Specifies the IPAM plugin that will be used in the Calico or Calico Enterprise installation.
- * For CNI Plugin Calico, this field defaults to Calico.
- * For CNI Plugin GKE, this field defaults to HostLocal.
- * For CNI Plugin AzureVNET, this field defaults to AzureVNET.
- * For CNI Plugin AmazonVPC, this field defaults to AmazonVPC.
- The IPAM plugin is installed and configured only if the CNI plugin is set to Calico,
- for all other values of the CNI plugin the plugin binaries and CNI config is a dependency
- that is expected to be installed separately.
- Default: Calico
- enum:
- - Calico
- - HostLocal
- - AmazonVPC
- - AzureVNET
- type: string
- required:
- - type
- type: object
- type:
- description: |-
- Specifies the CNI plugin that will be used in the Calico or Calico Enterprise installation.
- * For KubernetesProvider GKE, this field defaults to GKE.
- * For KubernetesProvider AKS, this field defaults to AzureVNET.
- * For KubernetesProvider EKS, this field defaults to AmazonVPC.
- * If aws-node daemonset exists in kube-system when the Installation resource is created, this field defaults to AmazonVPC.
- * For all other cases this field defaults to Calico.
- For the value Calico, the CNI plugin binaries and CNI config will be installed as part of deployment,
- for all other values the CNI plugin binaries and CNI config is a dependency that is expected
- to be installed separately.
- Default: Calico
- enum:
- - Calico
- - GKE
- - AmazonVPC
- - AzureVNET
- type: string
- required:
- - type
- type: object
- componentResources:
- description: |-
- Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, and KubeControllersDeployment.
- ComponentResources can be used to customize the resource requirements for each component.
- Node, Typha, and KubeControllers are supported for installations.
- items:
- description: |-
- Deprecated. Please use component resource config fields in Installation.Spec instead.
- The ComponentResource struct associates a ResourceRequirements with a component by name
- properties:
- componentName:
- description: ComponentName is an enum which identifies the component
- enum:
- - Node
- - Typha
- - KubeControllers
- type: string
- resourceRequirements:
- description: ResourceRequirements allows customization of limits
- and requests for compute resources such as cpu and memory.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - componentName
- - resourceRequirements
- type: object
- type: array
- controlPlaneNodeSelector:
- additionalProperties:
- type: string
- description: |-
- ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico
- components. This is globally applied to all resources created by the operator excluding daemonsets.
- type: object
- controlPlaneReplicas:
- description: |-
- ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed.
- This field applies to all control plane components that support High Availability. Defaults to 2.
- format: int32
- type: integer
- controlPlaneTolerations:
- description: |-
- ControlPlaneTolerations specify tolerations which are then globally applied to all resources
- created by the operator.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- csiNodeDriverDaemonSet:
- description: CSINodeDriverDaemonSet configures the csi-node-driver
- DaemonSet.
- properties:
- metadata:
- description: Metadata is a subset of a Kubernetes object's metadata
- that is added to the DaemonSet.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the specification of the csi-node-driver
- DaemonSet.
- properties:
- minReadySeconds:
- description: |-
- MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should
- be ready without any of its container crashing, for it to be considered available.
- If specified, this overrides any minReadySeconds value that may be set on the csi-node-driver DaemonSet.
- If omitted, the csi-node-driver DaemonSet will use its default value for minReadySeconds.
- format: int32
- maximum: 2147483647
- minimum: 0
- type: integer
- template:
- description: Template describes the csi-node-driver DaemonSet
- pod that will be created.
- properties:
- metadata:
- description: |-
- Metadata is a subset of a Kubernetes object's metadata that is added to
- the pod's metadata.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the csi-node-driver DaemonSet's PodSpec.
- properties:
- affinity:
- description: |-
- Affinity is a group of affinity scheduling rules for the csi-node-driver pods.
- If specified, this overrides any affinity that may be set on the csi-node-driver DaemonSet.
- If omitted, the csi-node-driver DaemonSet will use its default value for affinity.
- WARNING: Please note that this field will override the default csi-node-driver DaemonSet affinity.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- description: |-
- Containers is a list of csi-node-driver containers.
- If specified, this overrides the specified csi-node-driver DaemonSet containers.
- If omitted, the csi-node-driver DaemonSet will use its default values for its containers.
- items:
- description: CSINodeDriverDaemonSetContainer is
- a csi-node-driver DaemonSet container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the csi-node-driver DaemonSet container by name.
- Supported values are: calico-csi, csi-node-driver-registrar.
- enum:
- - calico-csi
- - csi-node-driver-registrar
- - csi-node-driver
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named csi-node-driver DaemonSet container's resources.
- If omitted, the csi-node-driver DaemonSet will use its default value for this container's resources.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- description: |-
- NodeSelector is the csi-node-driver pod's scheduling constraints.
- If specified, each of the key/value pairs are added to the csi-node-driver DaemonSet nodeSelector provided
- the key does not already exist in the object's nodeSelector.
- If omitted, the csi-node-driver DaemonSet will use its default value for nodeSelector.
- WARNING: Please note that this field will modify the default csi-node-driver DaemonSet nodeSelector.
- type: object
- tolerations:
- description: |-
- Tolerations is the csi-node-driver pod's tolerations.
- If specified, this overrides any tolerations that may be set on the csi-node-driver DaemonSet.
- If omitted, the csi-node-driver DaemonSet will use its default value for tolerations.
- WARNING: Please note that this field will override the default csi-node-driver DaemonSet tolerations.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- fipsMode:
- description: |-
- FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards.
- Only supported for Variant=Calico.
- Default: Disabled
- enum:
- - Enabled
- - Disabled
- type: string
- flexVolumePath:
- description: |-
- FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be
- enabled by default. If set to 'None', FlexVolume will be disabled. The default is based on the
- kubernetesProvider.
- type: string
- imagePath:
- description: |-
- ImagePath allows for the path part of an image to be specified. If specified
- then the specified value will be used as the image path for each image. If not specified
- or empty, the default for each image will be used.
- A special case value, UseDefault, is supported to explicitly specify the default
- image path will be used for each image.
- Image format:
- `<registry><imagePath>/<imagePrefix><imageName>:<image-tag>`
- This option allows configuring the `<imagePath>` portion of the above format.
- type: string
- imagePrefix:
- description: |-
- ImagePrefix allows for the prefix part of an image to be specified. If specified
- then the given value will be used as a prefix on each image. If not specified
- or empty, no prefix will be used.
- A special case value, UseDefault, is supported to explicitly specify the default
- image prefix will be used for each image.
- Image format:
- `<registry><imagePath>/<imagePrefix><imageName>:<image-tag>`
- This option allows configuring the `<imagePrefix>` portion of the above format.
- type: string
- imagePullSecrets:
- description: |-
- ImagePullSecrets is an array of references to container registry pull secrets to use. These are
- applied to all images to be pulled.
- items:
- description: |-
- LocalObjectReference contains enough information to let you locate the
- referenced object inside the same namespace.
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- type: object
- x-kubernetes-map-type: atomic
- type: array
- kubeletVolumePluginPath:
- description: |-
- KubeletVolumePluginPath optionally specifies enablement of Calico CSI plugin. If not specified,
- CSI will be enabled by default. If set to 'None', CSI will be disabled.
- Default: /var/lib/kubelet
- type: string
- kubernetesProvider:
- description: |-
- KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration.
- If the specified value is empty, the Operator will attempt to automatically determine the current provider.
- If the specified value is not empty, the Operator will still attempt auto-detection, but
- will additionally compare the auto-detected value to the specified value to confirm they match.
- enum:
- - ""
- - EKS
- - GKE
- - AKS
- - OpenShift
- - DockerEnterprise
- - RKE2
- - TKG
- type: string
- logging:
- description: Logging Configuration for Components
- properties:
- cni:
- description: Customized logging specification for calico-cni plugin
- properties:
- logFileMaxAgeDays:
- description: 'Default: 30 (days)'
- format: int32
- type: integer
- logFileMaxCount:
- description: 'Default: 10'
- format: int32
- type: integer
- logFileMaxSize:
- anyOf:
- - type: integer
- - type: string
- description: 'Default: 100Mi'
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- logSeverity:
- description: 'Default: Info'
- enum:
- - Error
- - Warning
- - Info
- - Debug
- type: string
- type: object
- type: object
- nodeMetricsPort:
- description: |-
- NodeMetricsPort specifies which port calico/node serves prometheus metrics on. By default, metrics are not enabled.
- If specified, this overrides any FelixConfiguration resources which may exist. If omitted, then
- prometheus metrics may still be configured through FelixConfiguration.
- format: int32
- type: integer
- nodeUpdateStrategy:
- description: |-
- NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable
- field.
- properties:
- rollingUpdate:
- description: Rolling update config params. Present only if type
- = "RollingUpdate".
- properties:
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of nodes with an existing available DaemonSet pod that
- can have an updated DaemonSet pod during during an update.
- Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- This can not be 0 if MaxUnavailable is 0.
- Absolute number is calculated from percentage by rounding up to a minimum of 1.
- Default value is 0.
- Example: when this is set to 30%, at most 30% of the total number of nodes
- that should be running the daemon pod (i.e. status.desiredNumberScheduled)
- can have their a new pod created before the old pod is marked as deleted.
- The update starts by launching new pods on 30% of nodes. Once an updated
- pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
- on that node is marked deleted. If the old pod becomes unavailable for any
- reason (Ready transitions to false, is evicted, or is drained) an updated
- pod is immediatedly created on that node without considering surge limits.
- Allowing surge implies the possibility that the resources consumed by the
- daemonset on any given node can double if the readiness check fails, and
- so resource intensive daemonsets should take into account that they may
- cause evictions during disruption.
- x-kubernetes-int-or-string: true
- maxUnavailable:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of DaemonSet pods that can be unavailable during the
- update. Value can be an absolute number (ex: 5) or a percentage of total
- number of DaemonSet pods at the start of the update (ex: 10%). Absolute
- number is calculated from percentage by rounding up.
- This cannot be 0 if MaxSurge is 0
- Default value is 1.
- Example: when this is set to 30%, at most 30% of the total number of nodes
- that should be running the daemon pod (i.e. status.desiredNumberScheduled)
- can have their pods stopped for an update at any given time. The update
- starts by stopping at most 30% of those DaemonSet pods and then brings
- up new DaemonSet pods in their place. Once the new pods are available,
- it then proceeds onto other DaemonSet pods, thus ensuring that at least
- 70% of original number of DaemonSet pods are available at all times during
- the update.
- x-kubernetes-int-or-string: true
- type: object
- type:
- description: Type of daemon set update. Can be "RollingUpdate"
- or "OnDelete". Default is RollingUpdate.
- type: string
- type: object
- nonPrivileged:
- description: NonPrivileged configures Calico to be run in non-privileged
- containers as non-root users where possible.
- type: string
- proxy:
- description: |-
- Proxy is used to configure the HTTP(S) proxy settings that will be applied to Tigera containers that connect
- to destinations outside the cluster. It is expected that NO_PROXY is configured such that destinations within
- the cluster (including the API server) are exempt from proxying.
- properties:
- httpProxy:
- description: |-
- HTTPProxy defines the value of the HTTP_PROXY environment variable that will be set on Tigera containers that connect to
- destinations outside the cluster.
- type: string
- httpsProxy:
- description: |-
- HTTPSProxy defines the value of the HTTPS_PROXY environment variable that will be set on Tigera containers that connect to
- destinations outside the cluster.
- type: string
- noProxy:
- description: |-
- NoProxy defines the value of the NO_PROXY environment variable that will be set on Tigera containers that connect to
- destinations outside the cluster. This value must be set such that destinations within the scope of the cluster, including
- the Kubernetes API server, are exempt from being proxied.
- type: string
- type: object
- registry:
- description: |-
- Registry is the default Docker registry used for component Docker images.
- If specified then the given value must end with a slash character (`/`) and all images will be pulled from this registry.
- If not specified then the default registries will be used. A special case value, UseDefault, is
- supported to explicitly specify the default registries will be used.
- Image format:
- `<registry><imagePath>/<imagePrefix><imageName>:<image-tag>`
- This option allows configuring the `<registry>` portion of the above format.
- type: string
- serviceCIDRs:
- description: Kubernetes Service CIDRs. Specifying this is required
- when using Calico for Windows.
- items:
- type: string
- type: array
- typhaAffinity:
- description: |-
- Deprecated. Please use Installation.Spec.TyphaDeployment instead.
- TyphaAffinity allows configuration of node affinity characteristics for Typha pods.
- properties:
- nodeAffinity:
- description: NodeAffinity describes node affinity scheduling rules
- for typha.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated with the
- corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with matching the corresponding
- nodeSelectorTerm, in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- WARNING: Please note that if the affinity requirements specified by this field are not met at
- scheduling time, the pod will NOT be scheduled onto the node.
- There is no fallback to another affinity rules with this setting.
- This may cause networking disruption or even catastrophic failure!
- PreferredDuringSchedulingIgnoredDuringExecution should be used for affinity
- unless there is a specific well understood reason to use RequiredDuringSchedulingIgnoredDuringExecution and
- you can guarantee that the RequiredDuringSchedulingIgnoredDuringExecution will always have sufficient nodes to satisfy the requirement.
- NOTE: RequiredDuringSchedulingIgnoredDuringExecution is set by default for AKS nodes,
- to avoid scheduling Typhas on virtual-nodes.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node selector terms.
- The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: object
- typhaDeployment:
- description: |-
- TyphaDeployment configures the typha Deployment. If used in conjunction with the deprecated
- ComponentResources or TyphaAffinity, then these overrides take precedence.
- properties:
- metadata:
- description: Metadata is a subset of a Kubernetes object's metadata
- that is added to the Deployment.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the specification of the typha Deployment.
- properties:
- minReadySeconds:
- description: |-
- MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should
- be ready without any of its container crashing, for it to be considered available.
- If specified, this overrides any minReadySeconds value that may be set on the typha Deployment.
- If omitted, the typha Deployment will use its default value for minReadySeconds.
- format: int32
- maximum: 2147483647
- minimum: 0
- type: integer
- strategy:
- description: The deployment strategy to use to replace existing
- pods with new ones.
- properties:
- rollingUpdate:
- description: |-
- Rolling update config params. Present only if DeploymentStrategyType =
- RollingUpdate.
- to be.
- properties:
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of pods that can be scheduled above the desired number of
- pods.
- Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- This can not be 0 if MaxUnavailable is 0.
- Absolute number is calculated from percentage by rounding up.
- Defaults to 25%.
- Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
- the rolling update starts, such that the total number of old and new pods do not exceed
- 130% of desired pods. Once old pods have been killed,
- new ReplicaSet can be scaled up further, ensuring that total number of pods running
- at any time during the update is at most 130% of desired pods.
- x-kubernetes-int-or-string: true
- maxUnavailable:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of pods that can be unavailable during the update.
- Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- Absolute number is calculated from percentage by rounding down.
- This can not be 0 if MaxSurge is 0.
- Defaults to 25%.
- Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
- immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
- can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
- that the total number of pods available at all times during the update is at
- least 70% of desired pods.
- x-kubernetes-int-or-string: true
- type: object
- type: object
- template:
- description: Template describes the typha Deployment pod that
- will be created.
- properties:
- metadata:
- description: |-
- Metadata is a subset of a Kubernetes object's metadata that is added to
- the pod's metadata.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the typha Deployment's PodSpec.
- properties:
- affinity:
- description: |-
- Affinity is a group of affinity scheduling rules for the typha pods.
- If specified, this overrides any affinity that may be set on the typha Deployment.
- If omitted, the typha Deployment will use its default value for affinity.
- If used in conjunction with the deprecated TyphaAffinity, then this value takes precedence.
- WARNING: Please note that this field will override the default calico-typha Deployment affinity.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- description: |-
- Containers is a list of typha containers.
- If specified, this overrides the specified typha Deployment containers.
- If omitted, the typha Deployment will use its default values for its containers.
- items:
- description: TyphaDeploymentContainer is a typha
- Deployment container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the typha Deployment container by name.
- Supported values are: calico-typha
- enum:
- - calico-typha
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named typha Deployment container's resources.
- If omitted, the typha Deployment will use its default value for this container's resources.
- If used in conjunction with the deprecated ComponentResources, then this value takes precedence.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- initContainers:
- description: |-
- InitContainers is a list of typha init containers.
- If specified, this overrides the specified typha Deployment init containers.
- If omitted, the typha Deployment will use its default values for its init containers.
- items:
- description: TyphaDeploymentInitContainer is a typha
- Deployment init container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the typha Deployment init container by name.
- Supported values are: typha-certs-key-cert-provisioner
- enum:
- - typha-certs-key-cert-provisioner
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named typha Deployment init container's resources.
- If omitted, the typha Deployment will use its default value for this init container's resources.
- If used in conjunction with the deprecated ComponentResources, then this value takes precedence.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- description: |-
- NodeSelector is the calico-typha pod's scheduling constraints.
- If specified, each of the key/value pairs are added to the calico-typha Deployment nodeSelector provided
- the key does not already exist in the object's nodeSelector.
- If omitted, the calico-typha Deployment will use its default value for nodeSelector.
- WARNING: Please note that this field will modify the default calico-typha Deployment nodeSelector.
- type: object
- terminationGracePeriodSeconds:
- description: |-
- Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
- Value must be non-negative integer. The value zero indicates stop immediately via
- the kill signal (no opportunity to shut down).
- If this value is nil, the default grace period will be used instead.
- The grace period is the duration in seconds after the processes running in the pod are sent
- a termination signal and the time when the processes are forcibly halted with a kill signal.
- Set this value longer than the expected cleanup time for your process.
- Defaults to 30 seconds.
- format: int64
- type: integer
- tolerations:
- description: |-
- Tolerations is the typha pod's tolerations.
- If specified, this overrides any tolerations that may be set on the typha Deployment.
- If omitted, the typha Deployment will use its default value for tolerations.
- WARNING: Please note that this field will override the default calico-typha Deployment tolerations.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- topologySpreadConstraints:
- description: |-
- TopologySpreadConstraints describes how a group of pods ought to spread across topology
- domains. Scheduler will schedule pods in a way which abides by the constraints.
- All topologySpreadConstraints are ANDed.
- items:
- description: TopologySpreadConstraint specifies
- how to spread matching pods among the given topology.
- properties:
- labelSelector:
- description: |-
- LabelSelector is used to find matching pods.
- Pods that match this label selector are counted to determine the number of pods
- in their corresponding topology domain.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key
- that the selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select the pods over which
- spreading will be calculated. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are ANDed with labelSelector
- to select the group of existing pods over which spreading will be calculated
- for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
- MatchLabelKeys cannot be set when LabelSelector isn't set.
- Keys that don't exist in the incoming pod labels will
- be ignored. A null or empty list means only match against labelSelector.
- This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- maxSkew:
- description: |-
- MaxSkew describes the degree to which pods may be unevenly distributed.
- When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
- between the number of matching pods in the target topology and the global minimum.
- The global minimum is the minimum number of matching pods in an eligible domain
- or zero if the number of eligible domains is less than MinDomains.
- For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- labelSelector spread as 2/2/1:
- In this case, the global minimum is 1.
- | zone1 | zone2 | zone3 |
- | P P | P P | P |
- - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
- scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
- violate MaxSkew(1).
- - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
- When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
- to topologies that satisfy it.
- It's a required field. Default value is 1 and 0 is not allowed.
- format: int32
- type: integer
- minDomains:
- description: |-
- MinDomains indicates a minimum number of eligible domains.
- When the number of eligible domains with matching topology keys is less than minDomains,
- Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
- And when the number of eligible domains with matching topology keys equals or greater than minDomains,
- this value has no effect on scheduling.
- As a result, when the number of eligible domains is less than minDomains,
- scheduler won't schedule more than maxSkew Pods to those domains.
- If value is nil, the constraint behaves as if MinDomains is equal to 1.
- Valid values are integers greater than 0.
- When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
- For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
- labelSelector spread as 2/2/2:
- | zone1 | zone2 | zone3 |
- | P P | P P | P P |
- The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
- In this situation, new pod with the same labelSelector cannot be scheduled,
- because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
- it will violate MaxSkew.
- format: int32
- type: integer
- nodeAffinityPolicy:
- description: |-
- NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
- when calculating pod topology spread skew. Options are:
- - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
- - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
- If this value is nil, the behavior is equivalent to the Honor policy.
- This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- type: string
- nodeTaintsPolicy:
- description: |-
- NodeTaintsPolicy indicates how we will treat node taints when calculating
- pod topology spread skew. Options are:
- - Honor: nodes without taints, along with tainted nodes for which the incoming pod
- has a toleration, are included.
- - Ignore: node taints are ignored. All nodes are included.
- If this value is nil, the behavior is equivalent to the Ignore policy.
- This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- type: string
- topologyKey:
- description: |-
- TopologyKey is the key of node labels. Nodes that have a label with this key
- and identical values are considered to be in the same topology.
- We consider each <key, value> as a "bucket", and try to put balanced number
- of pods into each bucket.
- We define a domain as a particular instance of a topology.
- Also, we define an eligible domain as a domain whose nodes meet the requirements of
- nodeAffinityPolicy and nodeTaintsPolicy.
- e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
- And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
- It's a required field.
- type: string
- whenUnsatisfiable:
- description: |-
- WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
- the spread constraint.
- - DoNotSchedule (default) tells the scheduler not to schedule it.
- - ScheduleAnyway tells the scheduler to schedule the pod in any location,
- but giving higher precedence to topologies that would help reduce the
- skew.
- A constraint is considered "Unsatisfiable" for an incoming pod
- if and only if every possible node assignment for that pod would violate
- "MaxSkew" on some topology.
- For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- labelSelector spread as 3/1/1:
- | zone1 | zone2 | zone3 |
- | P P P | P | P |
- If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
- to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
- MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
- won't make it *more* imbalanced.
- It's a required field.
- type: string
- required:
- - maxSkew
- - topologyKey
- - whenUnsatisfiable
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- typhaMetricsPort:
- description: TyphaMetricsPort specifies which port calico/typha serves
- prometheus metrics on. By default, metrics are not enabled.
- format: int32
- type: integer
- variant:
- description: |-
- Variant is the product to install - one of Calico or TigeraSecureEnterprise
- Default: Calico
- enum:
- - Calico
- - TigeraSecureEnterprise
- type: string
- windowsNodes:
- description: Windows Configuration
- properties:
- cniBinDir:
- description: |-
- CNIBinDir is the path to the CNI binaries directory on Windows, it must match what is used as 'bin_dir' under
- [plugins]
- [plugins."io.containerd.grpc.v1.cri"]
- [plugins."io.containerd.grpc.v1.cri".cni]
- on the containerd 'config.toml' file on the Windows nodes.
- type: string
- cniConfigDir:
- description: |-
- CNIConfigDir is the path to the CNI configuration directory on Windows, it must match what is used as 'conf_dir' under
- [plugins]
- [plugins."io.containerd.grpc.v1.cri"]
- [plugins."io.containerd.grpc.v1.cri".cni]
- on the containerd 'config.toml' file on the Windows nodes.
- type: string
- cniLogDir:
- description: CNILogDir is the path to the Calico CNI logs directory
- on Windows.
- type: string
- vxlanAdapter:
- description: VXLANAdapter is the Network Adapter used for VXLAN,
- leave blank for primary NIC
- type: string
- vxlanMACPrefix:
- description: VXLANMACPrefix is the prefix used when generating
- MAC addresses for virtual NICs
- pattern: ^[0-9A-Fa-f]{2}-[0-9A-Fa-f]{2}$
- type: string
- type: object
- type: object
- status:
- description: Most recently observed state for the Calico or Calico Enterprise
- installation.
- properties:
- calicoVersion:
- description: |-
- CalicoVersion shows the current running version of calico.
- CalicoVersion along with Variant is needed to know the exact
- version deployed.
- type: string
- computed:
- description: Computed is the final installation including overlaid
- resources.
- properties:
- azure:
- description: Azure is used to configure azure provider specific
- options.
- properties:
- policyMode:
- default: Default
- description: |-
- PolicyMode determines whether the "control-plane" label is applied to namespaces. It offers two options: Default and Manual.
- The Default option adds the "control-plane" label to the required namespaces.
- The Manual option does not apply the "control-plane" label to any namespace.
- Default: Default
- enum:
- - Default
- - Manual
- type: string
- type: object
- calicoKubeControllersDeployment:
- description: |-
- CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in
- conjunction with the deprecated ComponentResources, then these overrides take precedence.
- properties:
- metadata:
- description: Metadata is a subset of a Kubernetes object's
- metadata that is added to the Deployment.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the specification of the calico-kube-controllers
- Deployment.
- properties:
- minReadySeconds:
- description: |-
- MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should
- be ready without any of its container crashing, for it to be considered available.
- If specified, this overrides any minReadySeconds value that may be set on the calico-kube-controllers Deployment.
- If omitted, the calico-kube-controllers Deployment will use its default value for minReadySeconds.
- format: int32
- maximum: 2147483647
- minimum: 0
- type: integer
- template:
- description: Template describes the calico-kube-controllers
- Deployment pod that will be created.
- properties:
- metadata:
- description: |-
- Metadata is a subset of a Kubernetes object's metadata that is added to
- the pod's metadata.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the calico-kube-controllers Deployment's
- PodSpec.
- properties:
- affinity:
- description: |-
- Affinity is a group of affinity scheduling rules for the calico-kube-controllers pods.
- If specified, this overrides any affinity that may be set on the calico-kube-controllers Deployment.
- If omitted, the calico-kube-controllers Deployment will use its default value for affinity.
- WARNING: Please note that this field will override the default calico-kube-controllers Deployment affinity.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term,
- associated with the corresponding
- weight.
- properties:
- matchExpressions:
- description: A list of node
- selector requirements by node's
- labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node
- selector requirements by node's
- fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node
- selector requirements by node's
- labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node
- selector requirements by node's
- fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the
- matched WeightedPodAffinityTerm fields
- are added per-node to find the most
- preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the
- same node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the
- matched WeightedPodAffinityTerm fields
- are added per-node to find the most
- preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- description: |-
- Containers is a list of calico-kube-controllers containers.
- If specified, this overrides the specified calico-kube-controllers Deployment containers.
- If omitted, the calico-kube-controllers Deployment will use its default values for its containers.
- items:
- description: CalicoKubeControllersDeploymentContainer
- is a calico-kube-controllers Deployment container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the calico-kube-controllers Deployment container by name.
- Supported values are: calico-kube-controllers, es-calico-kube-controllers
- enum:
- - calico-kube-controllers
- - es-calico-kube-controllers
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named calico-kube-controllers Deployment container's resources.
- If omitted, the calico-kube-controllers Deployment will use its default value for this container's resources.
- If used in conjunction with the deprecated ComponentResources, then this value takes precedence.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- description: |-
- NodeSelector is the calico-kube-controllers pod's scheduling constraints.
- If specified, each of the key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided
- the key does not already exist in the object's nodeSelector.
- If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the calico-kube-controllers Deployment
- and each of this field's key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided
- the key does not already exist in the object's nodeSelector.
- If omitted, the calico-kube-controllers Deployment will use its default value for nodeSelector.
- WARNING: Please note that this field will modify the default calico-kube-controllers Deployment nodeSelector.
- type: object
- tolerations:
- description: |-
- Tolerations is the calico-kube-controllers pod's tolerations.
- If specified, this overrides any tolerations that may be set on the calico-kube-controllers Deployment.
- If omitted, the calico-kube-controllers Deployment will use its default value for tolerations.
- WARNING: Please note that this field will override the default calico-kube-controllers Deployment tolerations.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- calicoNetwork:
- description: CalicoNetwork specifies networking configuration
- options for Calico.
- properties:
- bgp:
- description: BGP configures whether or not to enable Calico's
- BGP capabilities.
- enum:
- - Enabled
- - Disabled
- type: string
- containerIPForwarding:
- description: |-
- ContainerIPForwarding configures whether ip forwarding will be enabled for containers in the CNI configuration.
- Default: Disabled
- enum:
- - Enabled
- - Disabled
- type: string
- hostPorts:
- description: |-
- HostPorts configures whether or not Calico will support Kubernetes HostPorts. Valid only when using the Calico CNI plugin.
- Default: Enabled
- enum:
- - Enabled
- - Disabled
- type: string
- ipPools:
- description: |-
- IPPools contains a list of IP pools to manage. If nil, a single IPv4 IP pool
- will be created by the operator. If an empty list is provided, the operator will not create any IP pools and will instead
- wait for IP pools to be created out-of-band.
- IP pools in this list will be reconciled by the operator and should not be modified out-of-band.
- items:
- properties:
- allowedUses:
- description: |-
- AllowedUse controls what the IP pool will be used for. If not specified or empty, defaults to
- ["Tunnel", "Workload"] for back-compatibility
- items:
- type: string
- type: array
- assignmentMode:
- description: AssignmentMode determines if IP addresses
- from this pool should be assigned automatically or
- on request only
- type: string
- blockSize:
- description: |-
- BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from
- the main IP pool CIDR.
- Default: 26 (IPv4), 122 (IPv6)
- format: int32
- type: integer
- cidr:
- description: CIDR contains the address range for the
- IP Pool in classless inter-domain routing format.
- type: string
- disableBGPExport:
- default: false
- description: |-
- DisableBGPExport specifies whether routes from this IP pool's CIDR are exported over BGP.
- Default: false
- type: boolean
- disableNewAllocations:
- description: |-
- DisableNewAllocations specifies whether or not new IP allocations are allowed from this pool.
- This is useful when you want to prevent new pods from receiving IP addresses from this pool, without
- impacting any existing pods that have already been assigned addresses from this pool.
- type: boolean
- encapsulation:
- description: |-
- Encapsulation specifies the encapsulation type that will be used with
- the IP Pool.
- Default: IPIP
- enum:
- - IPIPCrossSubnet
- - IPIP
- - VXLAN
- - VXLANCrossSubnet
- - None
- type: string
- name:
- description: Name is the name of the IP pool. If omitted,
- this will be generated.
- type: string
- natOutgoing:
- description: |-
- NATOutgoing specifies if NAT will be enabled or disabled for outgoing traffic.
- Default: Enabled
- enum:
- - Enabled
- - Disabled
- type: string
- nodeSelector:
- description: |-
- NodeSelector specifies the node selector that will be set for the IP Pool.
- Default: 'all()'
- type: string
- required:
- - cidr
- type: object
- maxItems: 25
- type: array
- linuxDataplane:
- description: |-
- LinuxDataplane is used to select the dataplane used for Linux nodes. In particular, it
- causes the operator to add required mounts and environment variables for the particular dataplane.
- If not specified, iptables mode is used.
- Default: Iptables
- enum:
- - Iptables
- - BPF
- - VPP
- - Nftables
- type: string
- linuxPolicySetupTimeoutSeconds:
- description: |-
- LinuxPolicySetupTimeoutSeconds delays new pods from running containers
- until their policy has been programmed in the dataplane.
- The specified delay defines the maximum amount of time
- that the Calico CNI plugin will wait for policy to be programmed.
- Only applies to pods created on Linux nodes.
- * A value of 0 disables pod startup delays.
- Default: 0
- format: int32
- type: integer
- mtu:
- description: |-
- MTU specifies the maximum transmission unit to use on the pod network.
- If not specified, Calico will perform MTU auto-detection based on the cluster network.
- format: int32
- type: integer
- multiInterfaceMode:
- description: |-
- MultiInterfaceMode configures what will configure multiple interface per pod. Only valid for Calico Enterprise installations
- using the Calico CNI plugin.
- Default: None
- enum:
- - None
- - Multus
- type: string
- nodeAddressAutodetectionV4:
- description: |-
- NodeAddressAutodetectionV4 specifies an approach to automatically detect node IPv4 addresses. If not specified,
- will use default auto-detection settings to acquire an IPv4 address for each node.
- properties:
- canReach:
- description: |-
- CanReach enables IP auto-detection based on which source address on the node is used to reach the
- specified IP or domain.
- type: string
- cidrs:
- description: |-
- CIDRS enables IP auto-detection based on which addresses on the nodes are within
- one of the provided CIDRs.
- items:
- type: string
- type: array
- firstFound:
- description: |-
- FirstFound uses default interface matching parameters to select an interface, performing best-effort
- filtering based on well-known interface names.
- type: boolean
- interface:
- description: Interface enables IP auto-detection based
- on interfaces that match the given regex.
- type: string
- kubernetes:
- description: Kubernetes configures Calico to detect node
- addresses based on the Kubernetes API.
- enum:
- - NodeInternalIP
- type: string
- skipInterface:
- description: |-
- SkipInterface enables IP auto-detection based on interfaces that do not match
- the given regex.
- type: string
- type: object
- nodeAddressAutodetectionV6:
- description: |-
- NodeAddressAutodetectionV6 specifies an approach to automatically detect node IPv6 addresses. If not specified,
- IPv6 addresses will not be auto-detected.
- properties:
- canReach:
- description: |-
- CanReach enables IP auto-detection based on which source address on the node is used to reach the
- specified IP or domain.
- type: string
- cidrs:
- description: |-
- CIDRS enables IP auto-detection based on which addresses on the nodes are within
- one of the provided CIDRs.
- items:
- type: string
- type: array
- firstFound:
- description: |-
- FirstFound uses default interface matching parameters to select an interface, performing best-effort
- filtering based on well-known interface names.
- type: boolean
- interface:
- description: Interface enables IP auto-detection based
- on interfaces that match the given regex.
- type: string
- kubernetes:
- description: Kubernetes configures Calico to detect node
- addresses based on the Kubernetes API.
- enum:
- - NodeInternalIP
- type: string
- skipInterface:
- description: |-
- SkipInterface enables IP auto-detection based on interfaces that do not match
- the given regex.
- type: string
- type: object
- sysctl:
- description: Sysctl configures sysctl parameters for tuning
- plugin
- items:
- properties:
- key:
- enum:
- - net.ipv4.tcp_keepalive_intvl
- - net.ipv4.tcp_keepalive_probes
- - net.ipv4.tcp_keepalive_time
- type: string
- value:
- type: string
- required:
- - key
- - value
- type: object
- type: array
- windowsDataplane:
- description: |-
- WindowsDataplane is used to select the dataplane used for Windows nodes. In particular, it
- causes the operator to add required mounts and environment variables for the particular dataplane.
- If not specified, it is disabled and the operator will not render the Calico Windows nodes daemonset.
- Default: Disabled
- enum:
- - HNS
- - Disabled
- type: string
- type: object
- calicoNodeDaemonSet:
- description: |-
- CalicoNodeDaemonSet configures the calico-node DaemonSet. If used in
- conjunction with the deprecated ComponentResources, then these overrides take precedence.
- properties:
- metadata:
- description: Metadata is a subset of a Kubernetes object's
- metadata that is added to the DaemonSet.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the specification of the calico-node
- DaemonSet.
- properties:
- minReadySeconds:
- description: |-
- MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should
- be ready without any of its container crashing, for it to be considered available.
- If specified, this overrides any minReadySeconds value that may be set on the calico-node DaemonSet.
- If omitted, the calico-node DaemonSet will use its default value for minReadySeconds.
- format: int32
- maximum: 2147483647
- minimum: 0
- type: integer
- template:
- description: Template describes the calico-node DaemonSet
- pod that will be created.
- properties:
- metadata:
- description: |-
- Metadata is a subset of a Kubernetes object's metadata that is added to
- the pod's metadata.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the calico-node DaemonSet's PodSpec.
- properties:
- affinity:
- description: |-
- Affinity is a group of affinity scheduling rules for the calico-node pods.
- If specified, this overrides any affinity that may be set on the calico-node DaemonSet.
- If omitted, the calico-node DaemonSet will use its default value for affinity.
- WARNING: Please note that this field will override the default calico-node DaemonSet affinity.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term,
- associated with the corresponding
- weight.
- properties:
- matchExpressions:
- description: A list of node
- selector requirements by node's
- labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node
- selector requirements by node's
- fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node
- selector requirements by node's
- labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node
- selector requirements by node's
- fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the
- matched WeightedPodAffinityTerm fields
- are added per-node to find the most
- preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the
- same node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the
- matched WeightedPodAffinityTerm fields
- are added per-node to find the most
- preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- description: |-
- Containers is a list of calico-node containers.
- If specified, this overrides the specified calico-node DaemonSet containers.
- If omitted, the calico-node DaemonSet will use its default values for its containers.
- items:
- description: CalicoNodeDaemonSetContainer is
- a calico-node DaemonSet container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the calico-node DaemonSet container by name.
- Supported values are: calico-node
- enum:
- - calico-node
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named calico-node DaemonSet container's resources.
- If omitted, the calico-node DaemonSet will use its default value for this container's resources.
- If used in conjunction with the deprecated ComponentResources, then this value takes precedence.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- initContainers:
- description: |-
- InitContainers is a list of calico-node init containers.
- If specified, this overrides the specified calico-node DaemonSet init containers.
- If omitted, the calico-node DaemonSet will use its default values for its init containers.
- items:
- description: CalicoNodeDaemonSetInitContainer
- is a calico-node DaemonSet init container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the calico-node DaemonSet init container by name.
- Supported values are: install-cni, hostpath-init, flexvol-driver, mount-bpffs, node-certs-key-cert-provisioner, calico-node-prometheus-server-tls-key-cert-provisioner
- enum:
- - install-cni
- - hostpath-init
- - flexvol-driver
- - mount-bpffs
- - node-certs-key-cert-provisioner
- - calico-node-prometheus-server-tls-key-cert-provisioner
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named calico-node DaemonSet init container's resources.
- If omitted, the calico-node DaemonSet will use its default value for this container's resources.
- If used in conjunction with the deprecated ComponentResources, then this value takes precedence.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- description: |-
- NodeSelector is the calico-node pod's scheduling constraints.
- If specified, each of the key/value pairs are added to the calico-node DaemonSet nodeSelector provided
- the key does not already exist in the object's nodeSelector.
- If omitted, the calico-node DaemonSet will use its default value for nodeSelector.
- WARNING: Please note that this field will modify the default calico-node DaemonSet nodeSelector.
- type: object
- tolerations:
- description: |-
- Tolerations is the calico-node pod's tolerations.
- If specified, this overrides any tolerations that may be set on the calico-node DaemonSet.
- If omitted, the calico-node DaemonSet will use its default value for tolerations.
- WARNING: Please note that this field will override the default calico-node DaemonSet tolerations.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- calicoNodeWindowsDaemonSet:
- description: CalicoNodeWindowsDaemonSet configures the calico-node-windows
- DaemonSet.
- properties:
- metadata:
- description: Metadata is a subset of a Kubernetes object's
- metadata that is added to the DaemonSet.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the specification of the calico-node-windows
- DaemonSet.
- properties:
- minReadySeconds:
- description: |-
- MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should
- be ready without any of its container crashing, for it to be considered available.
- If specified, this overrides any minReadySeconds value that may be set on the calico-node-windows DaemonSet.
- If omitted, the calico-node-windows DaemonSet will use its default value for minReadySeconds.
- format: int32
- maximum: 2147483647
- minimum: 0
- type: integer
- template:
- description: Template describes the calico-node-windows
- DaemonSet pod that will be created.
- properties:
- metadata:
- description: |-
- Metadata is a subset of a Kubernetes object's metadata that is added to
- the pod's metadata.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the calico-node-windows DaemonSet's
- PodSpec.
- properties:
- affinity:
- description: |-
- Affinity is a group of affinity scheduling rules for the calico-node-windows pods.
- If specified, this overrides any affinity that may be set on the calico-node-windows DaemonSet.
- If omitted, the calico-node-windows DaemonSet will use its default value for affinity.
- WARNING: Please note that this field will override the default calico-node-windows DaemonSet affinity.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term,
- associated with the corresponding
- weight.
- properties:
- matchExpressions:
- description: A list of node
- selector requirements by node's
- labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node
- selector requirements by node's
- fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node
- selector requirements by node's
- labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node
- selector requirements by node's
- fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the
- matched WeightedPodAffinityTerm fields
- are added per-node to find the most
- preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the
- same node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the
- matched WeightedPodAffinityTerm fields
- are added per-node to find the most
- preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- description: |-
- Containers is a list of calico-node-windows containers.
- If specified, this overrides the specified calico-node-windows DaemonSet containers.
- If omitted, the calico-node-windows DaemonSet will use its default values for its containers.
- items:
- description: CalicoNodeWindowsDaemonSetContainer
- is a calico-node-windows DaemonSet container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the calico-node-windows DaemonSet container by name.
- Supported values are: calico-node-windows
- enum:
- - calico-node-windows
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named calico-node-windows DaemonSet container's resources.
- If omitted, the calico-node-windows DaemonSet will use its default value for this container's resources.
- If used in conjunction with the deprecated ComponentResources, then this value takes precedence.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- initContainers:
- description: |-
- InitContainers is a list of calico-node-windows init containers.
- If specified, this overrides the specified calico-node-windows DaemonSet init containers.
- If omitted, the calico-node-windows DaemonSet will use its default values for its init containers.
- items:
- description: CalicoNodeWindowsDaemonSetInitContainer
- is a calico-node-windows DaemonSet init container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the calico-node-windows DaemonSet init container by name.
- Supported values are: install-cni;hostpath-init, flexvol-driver, mount-bpffs, node-certs-key-cert-provisioner, calico-node-windows-prometheus-server-tls-key-cert-provisioner
- enum:
- - install-cni
- - hostpath-init
- - flexvol-driver
- - mount-bpffs
- - node-certs-key-cert-provisioner
- - calico-node-windows-prometheus-server-tls-key-cert-provisioner
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named calico-node-windows DaemonSet init container's resources.
- If omitted, the calico-node-windows DaemonSet will use its default value for this container's resources.
- If used in conjunction with the deprecated ComponentResources, then this value takes precedence.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- description: |-
- NodeSelector is the calico-node-windows pod's scheduling constraints.
- If specified, each of the key/value pairs are added to the calico-node-windows DaemonSet nodeSelector provided
- the key does not already exist in the object's nodeSelector.
- If omitted, the calico-node-windows DaemonSet will use its default value for nodeSelector.
- WARNING: Please note that this field will modify the default calico-node-windows DaemonSet nodeSelector.
- type: object
- tolerations:
- description: |-
- Tolerations is the calico-node-windows pod's tolerations.
- If specified, this overrides any tolerations that may be set on the calico-node-windows DaemonSet.
- If omitted, the calico-node-windows DaemonSet will use its default value for tolerations.
- WARNING: Please note that this field will override the default calico-node-windows DaemonSet tolerations.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- calicoWindowsUpgradeDaemonSet:
- description: |-
- Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future.
- CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet.
- properties:
- metadata:
- description: Metadata is a subset of a Kubernetes object's
- metadata that is added to the Deployment.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the specification of the calico-windows-upgrade
- DaemonSet.
- properties:
- minReadySeconds:
- description: |-
- MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should
- be ready without any of its container crashing, for it to be considered available.
- If specified, this overrides any minReadySeconds value that may be set on the calico-windows-upgrade DaemonSet.
- If omitted, the calico-windows-upgrade DaemonSet will use its default value for minReadySeconds.
- format: int32
- maximum: 2147483647
- minimum: 0
- type: integer
- template:
- description: Template describes the calico-windows-upgrade
- DaemonSet pod that will be created.
- properties:
- metadata:
- description: |-
- Metadata is a subset of a Kubernetes object's metadata that is added to
- the pod's metadata.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the calico-windows-upgrade DaemonSet's
- PodSpec.
- properties:
- affinity:
- description: |-
- Affinity is a group of affinity scheduling rules for the calico-windows-upgrade pods.
- If specified, this overrides any affinity that may be set on the calico-windows-upgrade DaemonSet.
- If omitted, the calico-windows-upgrade DaemonSet will use its default value for affinity.
- WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet affinity.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term,
- associated with the corresponding
- weight.
- properties:
- matchExpressions:
- description: A list of node
- selector requirements by node's
- labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node
- selector requirements by node's
- fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node
- selector requirements by node's
- labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node
- selector requirements by node's
- fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the
- matched WeightedPodAffinityTerm fields
- are added per-node to find the most
- preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the
- same node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the
- matched WeightedPodAffinityTerm fields
- are added per-node to find the most
- preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- description: |-
- Containers is a list of calico-windows-upgrade containers.
- If specified, this overrides the specified calico-windows-upgrade DaemonSet containers.
- If omitted, the calico-windows-upgrade DaemonSet will use its default values for its containers.
- items:
- description: CalicoWindowsUpgradeDaemonSetContainer
- is a calico-windows-upgrade DaemonSet container.
- properties:
- name:
- description: Name is an enum which identifies
- the calico-windows-upgrade DaemonSet container
- by name.
- enum:
- - calico-windows-upgrade
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named calico-windows-upgrade DaemonSet container's resources.
- If omitted, the calico-windows-upgrade DaemonSet will use its default value for this container's resources.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- description: |-
- NodeSelector is the calico-windows-upgrade pod's scheduling constraints.
- If specified, each of the key/value pairs are added to the calico-windows-upgrade DaemonSet nodeSelector provided
- the key does not already exist in the object's nodeSelector.
- If omitted, the calico-windows-upgrade DaemonSet will use its default value for nodeSelector.
- WARNING: Please note that this field will modify the default calico-windows-upgrade DaemonSet nodeSelector.
- type: object
- tolerations:
- description: |-
- Tolerations is the calico-windows-upgrade pod's tolerations.
- If specified, this overrides any tolerations that may be set on the calico-windows-upgrade DaemonSet.
- If omitted, the calico-windows-upgrade DaemonSet will use its default value for tolerations.
- WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet tolerations.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- certificateManagement:
- description: |-
- CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order
- to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise
- pods will be stuck during initialization.
- properties:
- caCert:
- description: Certificate of the authority that signs the CertificateSigningRequests
- in PEM format.
- format: byte
- type: string
- keyAlgorithm:
- description: |-
- Specify the algorithm used by pods to generate a key pair that is associated with the X.509 certificate request.
- Default: RSAWithSize2048
- enum:
- - ""
- - RSAWithSize2048
- - RSAWithSize4096
- - RSAWithSize8192
- - ECDSAWithCurve256
- - ECDSAWithCurve384
- - ECDSAWithCurve521
- type: string
- signatureAlgorithm:
- description: |-
- Specify the algorithm used for the signature of the X.509 certificate request.
- Default: SHA256WithRSA
- enum:
- - ""
- - SHA256WithRSA
- - SHA384WithRSA
- - SHA512WithRSA
- - ECDSAWithSHA256
- - ECDSAWithSHA384
- - ECDSAWithSHA512
- type: string
- signerName:
- description: |-
- When a CSR is issued to the certificates.k8s.io API, the signerName is added to the request in order to accommodate for clusters
- with multiple signers.
- Must be formatted as: `<my-domain>/<my-signername>`.
- type: string
- required:
- - caCert
- - signerName
- type: object
- cni:
- description: CNI specifies the CNI that will be used by this installation.
- properties:
- ipam:
- description: |-
- IPAM specifies the pod IP address management that will be used in the Calico or
- Calico Enterprise installation.
- properties:
- type:
- description: |-
- Specifies the IPAM plugin that will be used in the Calico or Calico Enterprise installation.
- * For CNI Plugin Calico, this field defaults to Calico.
- * For CNI Plugin GKE, this field defaults to HostLocal.
- * For CNI Plugin AzureVNET, this field defaults to AzureVNET.
- * For CNI Plugin AmazonVPC, this field defaults to AmazonVPC.
- The IPAM plugin is installed and configured only if the CNI plugin is set to Calico,
- for all other values of the CNI plugin the plugin binaries and CNI config is a dependency
- that is expected to be installed separately.
- Default: Calico
- enum:
- - Calico
- - HostLocal
- - AmazonVPC
- - AzureVNET
- type: string
- required:
- - type
- type: object
- type:
- description: |-
- Specifies the CNI plugin that will be used in the Calico or Calico Enterprise installation.
- * For KubernetesProvider GKE, this field defaults to GKE.
- * For KubernetesProvider AKS, this field defaults to AzureVNET.
- * For KubernetesProvider EKS, this field defaults to AmazonVPC.
- * If aws-node daemonset exists in kube-system when the Installation resource is created, this field defaults to AmazonVPC.
- * For all other cases this field defaults to Calico.
- For the value Calico, the CNI plugin binaries and CNI config will be installed as part of deployment,
- for all other values the CNI plugin binaries and CNI config is a dependency that is expected
- to be installed separately.
- Default: Calico
- enum:
- - Calico
- - GKE
- - AmazonVPC
- - AzureVNET
- type: string
- required:
- - type
- type: object
- componentResources:
- description: |-
- Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, and KubeControllersDeployment.
- ComponentResources can be used to customize the resource requirements for each component.
- Node, Typha, and KubeControllers are supported for installations.
- items:
- description: |-
- Deprecated. Please use component resource config fields in Installation.Spec instead.
- The ComponentResource struct associates a ResourceRequirements with a component by name
- properties:
- componentName:
- description: ComponentName is an enum which identifies the
- component
- enum:
- - Node
- - Typha
- - KubeControllers
- type: string
- resourceRequirements:
- description: ResourceRequirements allows customization of
- limits and requests for compute resources such as cpu
- and memory.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references one entry in
- PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - componentName
- - resourceRequirements
- type: object
- type: array
- controlPlaneNodeSelector:
- additionalProperties:
- type: string
- description: |-
- ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico
- components. This is globally applied to all resources created by the operator excluding daemonsets.
- type: object
- controlPlaneReplicas:
- description: |-
- ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed.
- This field applies to all control plane components that support High Availability. Defaults to 2.
- format: int32
- type: integer
- controlPlaneTolerations:
- description: |-
- ControlPlaneTolerations specify tolerations which are then globally applied to all resources
- created by the operator.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- csiNodeDriverDaemonSet:
- description: CSINodeDriverDaemonSet configures the csi-node-driver
- DaemonSet.
- properties:
- metadata:
- description: Metadata is a subset of a Kubernetes object's
- metadata that is added to the DaemonSet.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the specification of the csi-node-driver
- DaemonSet.
- properties:
- minReadySeconds:
- description: |-
- MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should
- be ready without any of its container crashing, for it to be considered available.
- If specified, this overrides any minReadySeconds value that may be set on the csi-node-driver DaemonSet.
- If omitted, the csi-node-driver DaemonSet will use its default value for minReadySeconds.
- format: int32
- maximum: 2147483647
- minimum: 0
- type: integer
- template:
- description: Template describes the csi-node-driver DaemonSet
- pod that will be created.
- properties:
- metadata:
- description: |-
- Metadata is a subset of a Kubernetes object's metadata that is added to
- the pod's metadata.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the csi-node-driver DaemonSet's
- PodSpec.
- properties:
- affinity:
- description: |-
- Affinity is a group of affinity scheduling rules for the csi-node-driver pods.
- If specified, this overrides any affinity that may be set on the csi-node-driver DaemonSet.
- If omitted, the csi-node-driver DaemonSet will use its default value for affinity.
- WARNING: Please note that this field will override the default csi-node-driver DaemonSet affinity.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term,
- associated with the corresponding
- weight.
- properties:
- matchExpressions:
- description: A list of node
- selector requirements by node's
- labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node
- selector requirements by node's
- fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node
- selector requirements by node's
- labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node
- selector requirements by node's
- fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the
- matched WeightedPodAffinityTerm fields
- are added per-node to find the most
- preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the
- same node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the
- matched WeightedPodAffinityTerm fields
- are added per-node to find the most
- preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- description: |-
- Containers is a list of csi-node-driver containers.
- If specified, this overrides the specified csi-node-driver DaemonSet containers.
- If omitted, the csi-node-driver DaemonSet will use its default values for its containers.
- items:
- description: CSINodeDriverDaemonSetContainer
- is a csi-node-driver DaemonSet container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the csi-node-driver DaemonSet container by name.
- Supported values are: calico-csi, csi-node-driver-registrar.
- enum:
- - calico-csi
- - csi-node-driver-registrar
- - csi-node-driver
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named csi-node-driver DaemonSet container's resources.
- If omitted, the csi-node-driver DaemonSet will use its default value for this container's resources.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- description: |-
- NodeSelector is the csi-node-driver pod's scheduling constraints.
- If specified, each of the key/value pairs are added to the csi-node-driver DaemonSet nodeSelector provided
- the key does not already exist in the object's nodeSelector.
- If omitted, the csi-node-driver DaemonSet will use its default value for nodeSelector.
- WARNING: Please note that this field will modify the default csi-node-driver DaemonSet nodeSelector.
- type: object
- tolerations:
- description: |-
- Tolerations is the csi-node-driver pod's tolerations.
- If specified, this overrides any tolerations that may be set on the csi-node-driver DaemonSet.
- If omitted, the csi-node-driver DaemonSet will use its default value for tolerations.
- WARNING: Please note that this field will override the default csi-node-driver DaemonSet tolerations.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- fipsMode:
- description: |-
- FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards.
- Only supported for Variant=Calico.
- Default: Disabled
- enum:
- - Enabled
- - Disabled
- type: string
- flexVolumePath:
- description: |-
- FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be
- enabled by default. If set to 'None', FlexVolume will be disabled. The default is based on the
- kubernetesProvider.
- type: string
- imagePath:
- description: |-
- ImagePath allows for the path part of an image to be specified. If specified
- then the specified value will be used as the image path for each image. If not specified
- or empty, the default for each image will be used.
- A special case value, UseDefault, is supported to explicitly specify the default
- image path will be used for each image.
- Image format:
- `<registry><imagePath>/<imagePrefix><imageName>:<image-tag>`
- This option allows configuring the `<imagePath>` portion of the above format.
- type: string
- imagePrefix:
- description: |-
- ImagePrefix allows for the prefix part of an image to be specified. If specified
- then the given value will be used as a prefix on each image. If not specified
- or empty, no prefix will be used.
- A special case value, UseDefault, is supported to explicitly specify the default
- image prefix will be used for each image.
- Image format:
- `<registry><imagePath>/<imagePrefix><imageName>:<image-tag>`
- This option allows configuring the `<imagePrefix>` portion of the above format.
- type: string
- imagePullSecrets:
- description: |-
- ImagePullSecrets is an array of references to container registry pull secrets to use. These are
- applied to all images to be pulled.
- items:
- description: |-
- LocalObjectReference contains enough information to let you locate the
- referenced object inside the same namespace.
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- type: object
- x-kubernetes-map-type: atomic
- type: array
- kubeletVolumePluginPath:
- description: |-
- KubeletVolumePluginPath optionally specifies enablement of Calico CSI plugin. If not specified,
- CSI will be enabled by default. If set to 'None', CSI will be disabled.
- Default: /var/lib/kubelet
- type: string
- kubernetesProvider:
- description: |-
- KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration.
- If the specified value is empty, the Operator will attempt to automatically determine the current provider.
- If the specified value is not empty, the Operator will still attempt auto-detection, but
- will additionally compare the auto-detected value to the specified value to confirm they match.
- enum:
- - ""
- - EKS
- - GKE
- - AKS
- - OpenShift
- - DockerEnterprise
- - RKE2
- - TKG
- type: string
- logging:
- description: Logging Configuration for Components
- properties:
- cni:
- description: Customized logging specification for calico-cni
- plugin
- properties:
- logFileMaxAgeDays:
- description: 'Default: 30 (days)'
- format: int32
- type: integer
- logFileMaxCount:
- description: 'Default: 10'
- format: int32
- type: integer
- logFileMaxSize:
- anyOf:
- - type: integer
- - type: string
- description: 'Default: 100Mi'
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- logSeverity:
- description: 'Default: Info'
- enum:
- - Error
- - Warning
- - Info
- - Debug
- type: string
- type: object
- type: object
- nodeMetricsPort:
- description: |-
- NodeMetricsPort specifies which port calico/node serves prometheus metrics on. By default, metrics are not enabled.
- If specified, this overrides any FelixConfiguration resources which may exist. If omitted, then
- prometheus metrics may still be configured through FelixConfiguration.
- format: int32
- type: integer
- nodeUpdateStrategy:
- description: |-
- NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable
- field.
- properties:
- rollingUpdate:
- description: Rolling update config params. Present only if
- type = "RollingUpdate".
- properties:
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of nodes with an existing available DaemonSet pod that
- can have an updated DaemonSet pod during during an update.
- Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- This can not be 0 if MaxUnavailable is 0.
- Absolute number is calculated from percentage by rounding up to a minimum of 1.
- Default value is 0.
- Example: when this is set to 30%, at most 30% of the total number of nodes
- that should be running the daemon pod (i.e. status.desiredNumberScheduled)
- can have their a new pod created before the old pod is marked as deleted.
- The update starts by launching new pods on 30% of nodes. Once an updated
- pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
- on that node is marked deleted. If the old pod becomes unavailable for any
- reason (Ready transitions to false, is evicted, or is drained) an updated
- pod is immediatedly created on that node without considering surge limits.
- Allowing surge implies the possibility that the resources consumed by the
- daemonset on any given node can double if the readiness check fails, and
- so resource intensive daemonsets should take into account that they may
- cause evictions during disruption.
- x-kubernetes-int-or-string: true
- maxUnavailable:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of DaemonSet pods that can be unavailable during the
- update. Value can be an absolute number (ex: 5) or a percentage of total
- number of DaemonSet pods at the start of the update (ex: 10%). Absolute
- number is calculated from percentage by rounding up.
- This cannot be 0 if MaxSurge is 0
- Default value is 1.
- Example: when this is set to 30%, at most 30% of the total number of nodes
- that should be running the daemon pod (i.e. status.desiredNumberScheduled)
- can have their pods stopped for an update at any given time. The update
- starts by stopping at most 30% of those DaemonSet pods and then brings
- up new DaemonSet pods in their place. Once the new pods are available,
- it then proceeds onto other DaemonSet pods, thus ensuring that at least
- 70% of original number of DaemonSet pods are available at all times during
- the update.
- x-kubernetes-int-or-string: true
- type: object
- type:
- description: Type of daemon set update. Can be "RollingUpdate"
- or "OnDelete". Default is RollingUpdate.
- type: string
- type: object
- nonPrivileged:
- description: NonPrivileged configures Calico to be run in non-privileged
- containers as non-root users where possible.
- type: string
- proxy:
- description: |-
- Proxy is used to configure the HTTP(S) proxy settings that will be applied to Tigera containers that connect
- to destinations outside the cluster. It is expected that NO_PROXY is configured such that destinations within
- the cluster (including the API server) are exempt from proxying.
- properties:
- httpProxy:
- description: |-
- HTTPProxy defines the value of the HTTP_PROXY environment variable that will be set on Tigera containers that connect to
- destinations outside the cluster.
- type: string
- httpsProxy:
- description: |-
- HTTPSProxy defines the value of the HTTPS_PROXY environment variable that will be set on Tigera containers that connect to
- destinations outside the cluster.
- type: string
- noProxy:
- description: |-
- NoProxy defines the value of the NO_PROXY environment variable that will be set on Tigera containers that connect to
- destinations outside the cluster. This value must be set such that destinations within the scope of the cluster, including
- the Kubernetes API server, are exempt from being proxied.
- type: string
- type: object
- registry:
- description: |-
- Registry is the default Docker registry used for component Docker images.
- If specified then the given value must end with a slash character (`/`) and all images will be pulled from this registry.
- If not specified then the default registries will be used. A special case value, UseDefault, is
- supported to explicitly specify the default registries will be used.
- Image format:
- `<registry><imagePath>/<imagePrefix><imageName>:<image-tag>`
- This option allows configuring the `<registry>` portion of the above format.
- type: string
- serviceCIDRs:
- description: Kubernetes Service CIDRs. Specifying this is required
- when using Calico for Windows.
- items:
- type: string
- type: array
- typhaAffinity:
- description: |-
- Deprecated. Please use Installation.Spec.TyphaDeployment instead.
- TyphaAffinity allows configuration of node affinity characteristics for Typha pods.
- properties:
- nodeAffinity:
- description: NodeAffinity describes node affinity scheduling
- rules for typha.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated with
- the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with matching the
- corresponding nodeSelectorTerm, in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- WARNING: Please note that if the affinity requirements specified by this field are not met at
- scheduling time, the pod will NOT be scheduled onto the node.
- There is no fallback to another affinity rules with this setting.
- This may cause networking disruption or even catastrophic failure!
- PreferredDuringSchedulingIgnoredDuringExecution should be used for affinity
- unless there is a specific well understood reason to use RequiredDuringSchedulingIgnoredDuringExecution and
- you can guarantee that the RequiredDuringSchedulingIgnoredDuringExecution will always have sufficient nodes to satisfy the requirement.
- NOTE: RequiredDuringSchedulingIgnoredDuringExecution is set by default for AKS nodes,
- to avoid scheduling Typhas on virtual-nodes.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node selector terms.
- The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: object
- typhaDeployment:
- description: |-
- TyphaDeployment configures the typha Deployment. If used in conjunction with the deprecated
- ComponentResources or TyphaAffinity, then these overrides take precedence.
- properties:
- metadata:
- description: Metadata is a subset of a Kubernetes object's
- metadata that is added to the Deployment.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the specification of the typha Deployment.
- properties:
- minReadySeconds:
- description: |-
- MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should
- be ready without any of its container crashing, for it to be considered available.
- If specified, this overrides any minReadySeconds value that may be set on the typha Deployment.
- If omitted, the typha Deployment will use its default value for minReadySeconds.
- format: int32
- maximum: 2147483647
- minimum: 0
- type: integer
- strategy:
- description: The deployment strategy to use to replace
- existing pods with new ones.
- properties:
- rollingUpdate:
- description: |-
- Rolling update config params. Present only if DeploymentStrategyType =
- RollingUpdate.
- to be.
- properties:
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of pods that can be scheduled above the desired number of
- pods.
- Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- This can not be 0 if MaxUnavailable is 0.
- Absolute number is calculated from percentage by rounding up.
- Defaults to 25%.
- Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
- the rolling update starts, such that the total number of old and new pods do not exceed
- 130% of desired pods. Once old pods have been killed,
- new ReplicaSet can be scaled up further, ensuring that total number of pods running
- at any time during the update is at most 130% of desired pods.
- x-kubernetes-int-or-string: true
- maxUnavailable:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of pods that can be unavailable during the update.
- Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- Absolute number is calculated from percentage by rounding down.
- This can not be 0 if MaxSurge is 0.
- Defaults to 25%.
- Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
- immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
- can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
- that the total number of pods available at all times during the update is at
- least 70% of desired pods.
- x-kubernetes-int-or-string: true
- type: object
- type: object
- template:
- description: Template describes the typha Deployment pod
- that will be created.
- properties:
- metadata:
- description: |-
- Metadata is a subset of a Kubernetes object's metadata that is added to
- the pod's metadata.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the typha Deployment's PodSpec.
- properties:
- affinity:
- description: |-
- Affinity is a group of affinity scheduling rules for the typha pods.
- If specified, this overrides any affinity that may be set on the typha Deployment.
- If omitted, the typha Deployment will use its default value for affinity.
- If used in conjunction with the deprecated TyphaAffinity, then this value takes precedence.
- WARNING: Please note that this field will override the default calico-typha Deployment affinity.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term,
- associated with the corresponding
- weight.
- properties:
- matchExpressions:
- description: A list of node
- selector requirements by node's
- labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node
- selector requirements by node's
- fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node
- selector requirements by node's
- labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node
- selector requirements by node's
- fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label
- key that the selector
- applies to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the
- matched WeightedPodAffinityTerm fields
- are added per-node to find the most
- preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the
- same node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the
- matched WeightedPodAffinityTerm fields
- are added per-node to find the most
- preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is
- the label key that
- the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- description: |-
- Containers is a list of typha containers.
- If specified, this overrides the specified typha Deployment containers.
- If omitted, the typha Deployment will use its default values for its containers.
- items:
- description: TyphaDeploymentContainer is a typha
- Deployment container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the typha Deployment container by name.
- Supported values are: calico-typha
- enum:
- - calico-typha
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named typha Deployment container's resources.
- If omitted, the typha Deployment will use its default value for this container's resources.
- If used in conjunction with the deprecated ComponentResources, then this value takes precedence.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- initContainers:
- description: |-
- InitContainers is a list of typha init containers.
- If specified, this overrides the specified typha Deployment init containers.
- If omitted, the typha Deployment will use its default values for its init containers.
- items:
- description: TyphaDeploymentInitContainer is
- a typha Deployment init container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the typha Deployment init container by name.
- Supported values are: typha-certs-key-cert-provisioner
- enum:
- - typha-certs-key-cert-provisioner
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named typha Deployment init container's resources.
- If omitted, the typha Deployment will use its default value for this init container's resources.
- If used in conjunction with the deprecated ComponentResources, then this value takes precedence.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- description: |-
- NodeSelector is the calico-typha pod's scheduling constraints.
- If specified, each of the key/value pairs are added to the calico-typha Deployment nodeSelector provided
- the key does not already exist in the object's nodeSelector.
- If omitted, the calico-typha Deployment will use its default value for nodeSelector.
- WARNING: Please note that this field will modify the default calico-typha Deployment nodeSelector.
- type: object
- terminationGracePeriodSeconds:
- description: |-
- Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
- Value must be non-negative integer. The value zero indicates stop immediately via
- the kill signal (no opportunity to shut down).
- If this value is nil, the default grace period will be used instead.
- The grace period is the duration in seconds after the processes running in the pod are sent
- a termination signal and the time when the processes are forcibly halted with a kill signal.
- Set this value longer than the expected cleanup time for your process.
- Defaults to 30 seconds.
- format: int64
- type: integer
- tolerations:
- description: |-
- Tolerations is the typha pod's tolerations.
- If specified, this overrides any tolerations that may be set on the typha Deployment.
- If omitted, the typha Deployment will use its default value for tolerations.
- WARNING: Please note that this field will override the default calico-typha Deployment tolerations.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- topologySpreadConstraints:
- description: |-
- TopologySpreadConstraints describes how a group of pods ought to spread across topology
- domains. Scheduler will schedule pods in a way which abides by the constraints.
- All topologySpreadConstraints are ANDed.
- items:
- description: TopologySpreadConstraint specifies
- how to spread matching pods among the given
- topology.
- properties:
- labelSelector:
- description: |-
- LabelSelector is used to find matching pods.
- Pods that match this label selector are counted to determine the number of pods
- in their corresponding topology domain.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select the pods over which
- spreading will be calculated. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are ANDed with labelSelector
- to select the group of existing pods over which spreading will be calculated
- for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
- MatchLabelKeys cannot be set when LabelSelector isn't set.
- Keys that don't exist in the incoming pod labels will
- be ignored. A null or empty list means only match against labelSelector.
- This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- maxSkew:
- description: |-
- MaxSkew describes the degree to which pods may be unevenly distributed.
- When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
- between the number of matching pods in the target topology and the global minimum.
- The global minimum is the minimum number of matching pods in an eligible domain
- or zero if the number of eligible domains is less than MinDomains.
- For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- labelSelector spread as 2/2/1:
- In this case, the global minimum is 1.
- | zone1 | zone2 | zone3 |
- | P P | P P | P |
- - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
- scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
- violate MaxSkew(1).
- - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
- When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
- to topologies that satisfy it.
- It's a required field. Default value is 1 and 0 is not allowed.
- format: int32
- type: integer
- minDomains:
- description: |-
- MinDomains indicates a minimum number of eligible domains.
- When the number of eligible domains with matching topology keys is less than minDomains,
- Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
- And when the number of eligible domains with matching topology keys equals or greater than minDomains,
- this value has no effect on scheduling.
- As a result, when the number of eligible domains is less than minDomains,
- scheduler won't schedule more than maxSkew Pods to those domains.
- If value is nil, the constraint behaves as if MinDomains is equal to 1.
- Valid values are integers greater than 0.
- When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
- For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
- labelSelector spread as 2/2/2:
- | zone1 | zone2 | zone3 |
- | P P | P P | P P |
- The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
- In this situation, new pod with the same labelSelector cannot be scheduled,
- because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
- it will violate MaxSkew.
- format: int32
- type: integer
- nodeAffinityPolicy:
- description: |-
- NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
- when calculating pod topology spread skew. Options are:
- - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
- - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
- If this value is nil, the behavior is equivalent to the Honor policy.
- This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- type: string
- nodeTaintsPolicy:
- description: |-
- NodeTaintsPolicy indicates how we will treat node taints when calculating
- pod topology spread skew. Options are:
- - Honor: nodes without taints, along with tainted nodes for which the incoming pod
- has a toleration, are included.
- - Ignore: node taints are ignored. All nodes are included.
- If this value is nil, the behavior is equivalent to the Ignore policy.
- This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- type: string
- topologyKey:
- description: |-
- TopologyKey is the key of node labels. Nodes that have a label with this key
- and identical values are considered to be in the same topology.
- We consider each <key, value> as a "bucket", and try to put balanced number
- of pods into each bucket.
- We define a domain as a particular instance of a topology.
- Also, we define an eligible domain as a domain whose nodes meet the requirements of
- nodeAffinityPolicy and nodeTaintsPolicy.
- e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
- And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
- It's a required field.
- type: string
- whenUnsatisfiable:
- description: |-
- WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
- the spread constraint.
- - DoNotSchedule (default) tells the scheduler not to schedule it.
- - ScheduleAnyway tells the scheduler to schedule the pod in any location,
- but giving higher precedence to topologies that would help reduce the
- skew.
- A constraint is considered "Unsatisfiable" for an incoming pod
- if and only if every possible node assignment for that pod would violate
- "MaxSkew" on some topology.
- For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- labelSelector spread as 3/1/1:
- | zone1 | zone2 | zone3 |
- | P P P | P | P |
- If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
- to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
- MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
- won't make it *more* imbalanced.
- It's a required field.
- type: string
- required:
- - maxSkew
- - topologyKey
- - whenUnsatisfiable
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- typhaMetricsPort:
- description: TyphaMetricsPort specifies which port calico/typha
- serves prometheus metrics on. By default, metrics are not enabled.
- format: int32
- type: integer
- variant:
- description: |-
- Variant is the product to install - one of Calico or TigeraSecureEnterprise
- Default: Calico
- enum:
- - Calico
- - TigeraSecureEnterprise
- type: string
- windowsNodes:
- description: Windows Configuration
- properties:
- cniBinDir:
- description: |-
- CNIBinDir is the path to the CNI binaries directory on Windows, it must match what is used as 'bin_dir' under
- [plugins]
- [plugins."io.containerd.grpc.v1.cri"]
- [plugins."io.containerd.grpc.v1.cri".cni]
- on the containerd 'config.toml' file on the Windows nodes.
- type: string
- cniConfigDir:
- description: |-
- CNIConfigDir is the path to the CNI configuration directory on Windows, it must match what is used as 'conf_dir' under
- [plugins]
- [plugins."io.containerd.grpc.v1.cri"]
- [plugins."io.containerd.grpc.v1.cri".cni]
- on the containerd 'config.toml' file on the Windows nodes.
- type: string
- cniLogDir:
- description: CNILogDir is the path to the Calico CNI logs
- directory on Windows.
- type: string
- vxlanAdapter:
- description: VXLANAdapter is the Network Adapter used for
- VXLAN, leave blank for primary NIC
- type: string
- vxlanMACPrefix:
- description: VXLANMACPrefix is the prefix used when generating
- MAC addresses for virtual NICs
- pattern: ^[0-9A-Fa-f]{2}-[0-9A-Fa-f]{2}$
- type: string
- type: object
- type: object
- conditions:
- description: |-
- Conditions represents the latest observed set of conditions for the component. A component may be one or more of
- Ready, Progressing, Degraded or other customer types.
- items:
- description: Condition contains details for one aspect of the current
- state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- imageSet:
- description: |-
- ImageSet is the name of the ImageSet being used, if there is an ImageSet
- that is being used. If an ImageSet is not being used then this will not be set.
- type: string
- mtu:
- description: |-
- MTU is the most recently observed value for pod network MTU. This may be an explicitly
- configured value, or based on Calico's native auto-detetion.
- format: int32
- type: integer
- variant:
- description: Variant is the most recently observed installed variant
- - one of Calico or TigeraSecureEnterprise
- enum:
- - Calico
- - TigeraSecureEnterprise
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
----
-# Source: crds/operator.tigera.io_managementclusterconnections_crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: managementclusterconnections.operator.tigera.io
-spec:
- group: operator.tigera.io
- names:
- kind: ManagementClusterConnection
- listKind: ManagementClusterConnectionList
- plural: managementclusterconnections
- singular: managementclusterconnection
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- description: |-
- ManagementClusterConnection represents a link between a managed cluster and a management cluster. At most one
- instance of this resource is supported. It must be named "tigera-secure".
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: ManagementClusterConnectionSpec defines the desired state
- of ManagementClusterConnection
- properties:
- guardianDeployment:
- description: GuardianDeployment configures the guardian Deployment.
- properties:
- spec:
- description: Spec is the specification of the guardian Deployment.
- properties:
- template:
- description: Template describes the guardian Deployment pod
- that will be created.
- properties:
- spec:
- description: Spec is the guardian Deployment's PodSpec.
- properties:
- containers:
- description: |-
- Containers is a list of guardian containers.
- If specified, this overrides the specified guardian Deployment containers.
- If omitted, the guardian Deployment will use its default values for its containers.
- items:
- description: GuardianDeploymentContainer is a guardian
- Deployment container.
- properties:
- name:
- description: |-
- Name is an enum which identifies the guardian Deployment container by name.
- Supported values are: tigera-guardian
- enum:
- - tigera-guardian
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named guardian Deployment container's resources.
- If omitted, the guardian Deployment will use its default value for this container's resources.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- initContainers:
- description: |-
- InitContainers is a list of guardian init containers.
- If specified, this overrides the specified guardian Deployment init containers.
- If omitted, the guardian Deployment will use its default values for its init containers.
- items:
- description: GuardianDeploymentInitContainer is
- a guardian Deployment init container.
- properties:
- name:
- description: Name is an enum which identifies
- the guardian Deployment init container by
- name.
- type: string
- resources:
- description: |-
- Resources allows customization of limits and requests for compute resources such as cpu and memory.
- If specified, this overrides the named guardian Deployment init container's resources.
- If omitted, the guardian Deployment will use its default value for this init container's resources.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- managementClusterAddr:
- description: |-
- Specify where the managed cluster can reach the management cluster. Ex.: "10.128.0.10:30449". A managed cluster
- should be able to access this address. This field is used by managed clusters only.
- type: string
- tls:
- description: TLS provides options for configuring how Managed Clusters
- can establish an mTLS connection with the Management Cluster.
- properties:
- ca:
- description: |-
- CA indicates which verification method the tunnel client should use to verify the tunnel server's identity.
- When left blank or set to 'Tigera', the tunnel client will expect a self-signed cert to be included in the certificate bundle
- and will expect the cert to have a Common Name (CN) of 'voltron'.
- When set to 'Public', the tunnel client will use its installed system certs and will use the managementClusterAddr to verify the tunnel server's identity.
- Default: Tigera
- enum:
- - Tigera
- - Public
- type: string
- type: object
- type: object
- status:
- description: ManagementClusterConnectionStatus defines the observed state
- of ManagementClusterConnection
- properties:
- conditions:
- description: |-
- Conditions represents the latest observed set of conditions for the component. A component may be one or more of
- Ready, Progressing, Degraded or other customer types.
- items:
- description: Condition contains details for one aspect of the current
- state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
----
-# Source: crds/operator.tigera.io_tigerastatuses_crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: tigerastatuses.operator.tigera.io
-spec:
- group: operator.tigera.io
- names:
- kind: TigeraStatus
- listKind: TigeraStatusList
- plural: tigerastatuses
- singular: tigerastatus
- scope: Cluster
- versions:
- - additionalPrinterColumns:
- - description: Whether the component running and stable.
- jsonPath: .status.conditions[?(@.type=='Available')].status
- name: Available
- type: string
- - description: Whether the component is processing changes.
- jsonPath: .status.conditions[?(@.type=='Progressing')].status
- name: Progressing
- type: string
- - description: Whether the component is degraded.
- jsonPath: .status.conditions[?(@.type=='Degraded')].status
- name: Degraded
- type: string
- - description: The time the component's Available status last changed.
- jsonPath: .status.conditions[?(@.type=='Available')].lastTransitionTime
- name: Since
- type: date
- name: v1
- schema:
- openAPIV3Schema:
- description: TigeraStatus represents the most recently observed status for
- Calico or a Calico Enterprise functional area.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: TigeraStatusSpec defines the desired state of TigeraStatus
- type: object
- status:
- description: TigeraStatusStatus defines the observed state of TigeraStatus
- properties:
- conditions:
- description: |-
- Conditions represents the latest observed set of conditions for this component. A component may be one or more of
- Available, Progressing, or Degraded.
- items:
- description: TigeraStatusCondition represents a condition attached
- to a particular component.
- properties:
- lastTransitionTime:
- description: The timestamp representing the start time for the
- current status.
- format: date-time
- type: string
- message:
- description: Optionally, a detailed message providing additional
- context.
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the generation that the condition was set based upon.
- For instance, if generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- type: integer
- reason:
- description: A brief reason explaining the condition.
- type: string
- status:
- description: The status of the condition. May be True, False,
- or Unknown.
- type: string
- type:
- description: The type of condition. May be Available, Progressing,
- or Degraded.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- required:
- - conditions
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
----
-# Source: crds/operator.tigera.io_whiskers_crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: whiskers.operator.tigera.io
-spec:
- group: operator.tigera.io
- names:
- kind: Whisker
- listKind: WhiskerList
- plural: whiskers
- singular: whisker
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- properties:
- notifications:
- description: |-
- Default: Enabled
- This setting enables calls to an external API to retrieve notification banner text in the Whisker UI.
- Allowed values are Enabled or Disabled. Defaults to Enabled.
- type: string
- whiskerDeployment:
- description: WhiskerDeployment is the configuration for the whisker
- Deployment.
- properties:
- metadata:
- description: Metadata is a subset of a Kubernetes object's metadata
- that is added to the Deployment.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the specification of the whisker Deployment.
- properties:
- minReadySeconds:
- description: |-
- MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should
- be ready without any of its container crashing, for it to be considered available.
- If specified, this overrides any minReadySeconds value that may be set on the whisker Deployment.
- If omitted, the whisker Deployment will use its default value for minReadySeconds.
- format: int32
- maximum: 2147483647
- minimum: 0
- type: integer
- strategy:
- description: The deployment strategy to use to replace existing
- pods with new ones.
- properties:
- rollingUpdate:
- description: |-
- Rolling update config params. Present only if DeploymentStrategyType =
- RollingUpdate.
- to be.
- properties:
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of pods that can be scheduled above the desired number of
- pods.
- Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- This can not be 0 if MaxUnavailable is 0.
- Absolute number is calculated from percentage by rounding up.
- Defaults to 25%.
- Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
- the rolling update starts, such that the total number of old and new pods do not exceed
- 130% of desired pods. Once old pods have been killed,
- new ReplicaSet can be scaled up further, ensuring that total number of pods running
- at any time during the update is at most 130% of desired pods.
- x-kubernetes-int-or-string: true
- maxUnavailable:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of pods that can be unavailable during the update.
- Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
- Absolute number is calculated from percentage by rounding down.
- This can not be 0 if MaxSurge is 0.
- Defaults to 25%.
- Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
- immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
- can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
- that the total number of pods available at all times during the update is at
- least 70% of desired pods.
- x-kubernetes-int-or-string: true
- type: object
- type: object
- template:
- description: Template describes the whisker Deployment pod
- that will be created.
- properties:
- metadata:
- description: Metadata is a subset of a Kubernetes object's
- metadata that is added to the pod's metadata.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- Annotations is a map of arbitrary non-identifying metadata. Each of these
- key/value pairs are added to the object's annotations provided the key does not
- already exist in the object's annotations.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Labels is a map of string keys and values that may match replicaset and
- service selectors. Each of these key/value pairs are added to the
- object's labels provided the key does not already exist in the object's labels.
- type: object
- type: object
- spec:
- description: Spec is the whisker Deployment's PodSpec.
- properties:
- affinity:
- description: Affinity is a group of affinity scheduling
- rules for the whisker pods.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node matches the corresponding matchExpressions; the
- node(s) with the highest sum are the most preferred.
- items:
- description: |-
- An empty preferred scheduling term matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: |-
- A null or empty node selector term matches no objects. The requirements of
- them are ANDed.
- The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: |-
- A node selector requirement is a selector that contains values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: |-
- Represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- type: string
- values:
- description: |-
- An array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. If the operator is Gt or Lt, the values
- array must have a single element, which will be interpreted as an integer.
- This array is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- x-kubernetes-map-type: atomic
- type: array
- x-kubernetes-list-type: atomic
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: |-
- The scheduler will prefer to schedule pods to nodes that satisfy
- the anti-affinity expressions specified by this field, but it may choose
- a node that violates one or more of the expressions. The node that is
- most preferred is the one with the greatest sum of weights, i.e.
- for each node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions, etc.),
- compute a sum by iterating through the elements of this field and adding
- "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: |-
- weight associated with matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- x-kubernetes-list-type: atomic
- requiredDuringSchedulingIgnoredDuringExecution:
- description: |-
- If the anti-affinity requirements specified by this field are not met at
- scheduling time, the pod will not be scheduled onto the node.
- If the anti-affinity requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod label update), the
- system may or may not try to eventually evict the pod from its node.
- When there are multiple elements, the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all terms must be satisfied.
- items:
- description: |-
- Defines a set of pods (namely those matching the labelSelector
- relative to the given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity) with,
- where co-located is defined as running on a node whose value of
- the label with key <topologyKey> matches that of any node on which
- a pod of the set of pods is running
- properties:
- labelSelector:
- description: |-
- A label query over a set of resources, in this case pods.
- If it's null, this PodAffinityTerm matches with no Pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both matchLabelKeys and labelSelector.
- Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- mismatchLabelKeys:
- description: |-
- MismatchLabelKeys is a set of pod label keys to select which pods will
- be taken into consideration. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
- to select the group of existing pods which pods will be taken into consideration
- for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
- pod labels will be ignored. The default value is empty.
- The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
- Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- namespaceSelector:
- description: |-
- A label query over the set of namespaces that the term applies to.
- The term is applied to the union of the namespaces selected by this field
- and the ones listed in the namespaces field.
- null selector and null or empty namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: |-
- namespaces specifies a static list of namespace names that the term applies to.
- The term is applied to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector.
- null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- topologyKey:
- description: |-
- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where co-located is defined as running on a node
- whose value of the label with key topologyKey matches that of any node on which any of the
- selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: object
- containers:
- description: |-
- Containers is a list of whisker containers.
- If specified, this overrides the specified EGW Deployment containers.
- If omitted, the whisker Deployment will use its default values for its containers.
- items:
- properties:
- name:
- enum:
- - whisker
- - whisker-backend
- type: string
- resources:
- description: ResourceRequirements describes
- the compute resource requirements.
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- request:
- description: |-
- Request is the name chosen for a request in the referenced claim.
- If empty, everything from the claim is made available, otherwise
- only the result of this request.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- nodeSelector:
- additionalProperties:
- type: string
- description: NodeSelector gives more control over
- the nodes where the whisker pods will run on.
- type: object
- priorityClassName:
- description: PriorityClassName allows to specify a
- PriorityClass resource to be used.
- type: string
- terminationGracePeriodSeconds:
- description: TerminationGracePeriodSeconds defines
- the termination grace period of the whisker pods
- in seconds.
- format: int64
- minimum: 0
- type: integer
- tolerations:
- description: |-
- Tolerations is the whisker pod's tolerations.
- If specified, this overrides any tolerations that may be set on the whisker Deployment.
- If omitted, the whisker Deployment will use its default value for tolerations.
- items:
- description: |-
- The pod this Toleration is attached to tolerates any taint that matches
- the triple <key,value,effect> using the matching operator <operator>.
- properties:
- effect:
- description: |-
- Effect indicates the taint effect to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: |-
- Key is the taint key that the toleration applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- type: string
- operator:
- description: |-
- Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod can
- tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: |-
- TolerationSeconds represents the period of time the toleration (which must be
- of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint forever (do not evict). Zero and
- negative values will be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: |-
- Value is the taint value the toleration matches to.
- If the operator is Exists, the value should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- topologySpreadConstraints:
- description: |-
- TopologySpreadConstraints describes how a group of pods ought to spread across topology
- domains. Scheduler will schedule pods in a way which abides by the constraints.
- All topologySpreadConstraints are ANDed.
- items:
- description: TopologySpreadConstraint specifies
- how to spread matching pods among the given topology.
- properties:
- labelSelector:
- description: |-
- LabelSelector is used to find matching pods.
- Pods that match this label selector are counted to determine the number of pods
- in their corresponding topology domain.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The requirements
- are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key
- that the selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: |-
- MatchLabelKeys is a set of pod label keys to select the pods over which
- spreading will be calculated. The keys are used to lookup values from the
- incoming pod labels, those key-value labels are ANDed with labelSelector
- to select the group of existing pods over which spreading will be calculated
- for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
- MatchLabelKeys cannot be set when LabelSelector isn't set.
- Keys that don't exist in the incoming pod labels will
- be ignored. A null or empty list means only match against labelSelector.
- This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- maxSkew:
- description: |-
- MaxSkew describes the degree to which pods may be unevenly distributed.
- When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
- between the number of matching pods in the target topology and the global minimum.
- The global minimum is the minimum number of matching pods in an eligible domain
- or zero if the number of eligible domains is less than MinDomains.
- For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- labelSelector spread as 2/2/1:
- In this case, the global minimum is 1.
- | zone1 | zone2 | zone3 |
- | P P | P P | P |
- - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
- scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
- violate MaxSkew(1).
- - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
- When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
- to topologies that satisfy it.
- It's a required field. Default value is 1 and 0 is not allowed.
- format: int32
- type: integer
- minDomains:
- description: |-
- MinDomains indicates a minimum number of eligible domains.
- When the number of eligible domains with matching topology keys is less than minDomains,
- Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
- And when the number of eligible domains with matching topology keys equals or greater than minDomains,
- this value has no effect on scheduling.
- As a result, when the number of eligible domains is less than minDomains,
- scheduler won't schedule more than maxSkew Pods to those domains.
- If value is nil, the constraint behaves as if MinDomains is equal to 1.
- Valid values are integers greater than 0.
- When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
- For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
- labelSelector spread as 2/2/2:
- | zone1 | zone2 | zone3 |
- | P P | P P | P P |
- The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
- In this situation, new pod with the same labelSelector cannot be scheduled,
- because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
- it will violate MaxSkew.
- format: int32
- type: integer
- nodeAffinityPolicy:
- description: |-
- NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
- when calculating pod topology spread skew. Options are:
- - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
- - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
- If this value is nil, the behavior is equivalent to the Honor policy.
- This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- type: string
- nodeTaintsPolicy:
- description: |-
- NodeTaintsPolicy indicates how we will treat node taints when calculating
- pod topology spread skew. Options are:
- - Honor: nodes without taints, along with tainted nodes for which the incoming pod
- has a toleration, are included.
- - Ignore: node taints are ignored. All nodes are included.
- If this value is nil, the behavior is equivalent to the Ignore policy.
- This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- type: string
- topologyKey:
- description: |-
- TopologyKey is the key of node labels. Nodes that have a label with this key
- and identical values are considered to be in the same topology.
- We consider each <key, value> as a "bucket", and try to put balanced number
- of pods into each bucket.
- We define a domain as a particular instance of a topology.
- Also, we define an eligible domain as a domain whose nodes meet the requirements of
- nodeAffinityPolicy and nodeTaintsPolicy.
- e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
- And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
- It's a required field.
- type: string
- whenUnsatisfiable:
- description: |-
- WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
- the spread constraint.
- - DoNotSchedule (default) tells the scheduler not to schedule it.
- - ScheduleAnyway tells the scheduler to schedule the pod in any location,
- but giving higher precedence to topologies that would help reduce the
- skew.
- A constraint is considered "Unsatisfiable" for an incoming pod
- if and only if every possible node assignment for that pod would violate
- "MaxSkew" on some topology.
- For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
- labelSelector spread as 3/1/1:
- | zone1 | zone2 | zone3 |
- | P P P | P | P |
- If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
- to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
- MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
- won't make it *more* imbalanced.
- It's a required field.
- type: string
- required:
- - maxSkew
- - topologyKey
- - whenUnsatisfiable
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- type: object
- status:
- description: WhiskerStatus defines the observed state of Whisker
- properties:
- conditions:
- description: |-
- Conditions represents the latest observed set of conditions for the component. A component may be one or more of
- Ready, Progressing, Degraded or other customer types.
- items:
- description: Condition contains details for one aspect of the current
- state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
----
-# Source: crds/crd.projectcalico.org_bgpconfigurations.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: bgpconfigurations.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: BGPConfiguration
- listKind: BGPConfigurationList
- plural: bgpconfigurations
- singular: bgpconfiguration
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- description: BGPConfiguration contains the configuration for any BGP routing.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: BGPConfigurationSpec contains the values of the BGP configuration.
- properties:
- asNumber:
- description: 'ASNumber is the default AS number used by a node. [Default:
- 64512]'
- format: int32
- type: integer
- bindMode:
- description: |-
- BindMode indicates whether to listen for BGP connections on all addresses (None)
- or only on the node's canonical IP address Node.Spec.BGP.IPvXAddress (NodeIP).
- Default behaviour is to listen for BGP connections on all addresses.
- type: string
- communities:
- description: Communities is a list of BGP community values and their
- arbitrary names for tagging routes.
- items:
- description: Community contains standard or large community value
- and its name.
- properties:
- name:
- description: Name given to community value.
- type: string
- value:
- description: |-
- Value must be of format `aa:nn` or `aa:nn:mm`.
- For standard community use `aa:nn` format, where `aa` and `nn` are 16 bit number.
- For large community use `aa:nn:mm` format, where `aa`, `nn` and `mm` are 32 bit number.
- Where, `aa` is an AS Number, `nn` and `mm` are per-AS identifier.
- pattern: ^(\d+):(\d+)$|^(\d+):(\d+):(\d+)$
- type: string
- type: object
- type: array
- ignoredInterfaces:
- description: IgnoredInterfaces indicates the network interfaces that
- needs to be excluded when reading device routes.
- items:
- type: string
- type: array
- listenPort:
- description: ListenPort is the port where BGP protocol should listen.
- Defaults to 179
- maximum: 65535
- minimum: 1
- type: integer
- localWorkloadPeeringIPV4:
- description: |-
- The virtual IPv4 address of the node with which its local workload is expected to peer.
- It is recommended to use a link-local address.
- type: string
- localWorkloadPeeringIPV6:
- description: |-
- The virtual IPv6 address of the node with which its local workload is expected to peer.
- It is recommended to use a link-local address.
- type: string
- logSeverityScreen:
- description: 'LogSeverityScreen is the log severity above which logs
- are sent to the stdout. [Default: INFO]'
- type: string
- nodeMeshMaxRestartTime:
- description: |-
- Time to allow for software restart for node-to-mesh peerings. When specified, this is configured
- as the graceful restart timeout. When not specified, the BIRD default of 120s is used.
- This field can only be set on the default BGPConfiguration instance and requires that NodeMesh is enabled
- type: string
- nodeMeshPassword:
- description: |-
- Optional BGP password for full node-to-mesh peerings.
- This field can only be set on the default BGPConfiguration instance and requires that NodeMesh is enabled
- properties:
- secretKeyRef:
- description: Selects a key of a secret in the node pod's namespace.
- properties:
- key:
- description: The key of the secret to select from. Must be
- a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be
- defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- nodeToNodeMeshEnabled:
- description: 'NodeToNodeMeshEnabled sets whether full node to node
- BGP mesh is enabled. [Default: true]'
- type: boolean
- prefixAdvertisements:
- description: PrefixAdvertisements contains per-prefix advertisement
- configuration.
- items:
- description: PrefixAdvertisement configures advertisement properties
- for the specified CIDR.
- properties:
- cidr:
- description: CIDR for which properties should be advertised.
- type: string
- communities:
- description: |-
- Communities can be list of either community names already defined in `Specs.Communities` or community value of format `aa:nn` or `aa:nn:mm`.
- For standard community use `aa:nn` format, where `aa` and `nn` are 16 bit number.
- For large community use `aa:nn:mm` format, where `aa`, `nn` and `mm` are 32 bit number.
- Where,`aa` is an AS Number, `nn` and `mm` are per-AS identifier.
- items:
- type: string
- type: array
- type: object
- type: array
- serviceClusterIPs:
- description: |-
- ServiceClusterIPs are the CIDR blocks from which service cluster IPs are allocated.
- If specified, Calico will advertise these blocks, as well as any cluster IPs within them.
- items:
- description: ServiceClusterIPBlock represents a single allowed ClusterIP
- CIDR block.
- properties:
- cidr:
- type: string
- type: object
- type: array
- serviceExternalIPs:
- description: |-
- ServiceExternalIPs are the CIDR blocks for Kubernetes Service External IPs.
- Kubernetes Service ExternalIPs will only be advertised if they are within one of these blocks.
- items:
- description: ServiceExternalIPBlock represents a single allowed
- External IP CIDR block.
- properties:
- cidr:
- type: string
- type: object
- type: array
- serviceLoadBalancerIPs:
- description: |-
- ServiceLoadBalancerIPs are the CIDR blocks for Kubernetes Service LoadBalancer IPs.
- Kubernetes Service status.LoadBalancer.Ingress IPs will only be advertised if they are within one of these blocks.
- items:
- description: ServiceLoadBalancerIPBlock represents a single allowed
- LoadBalancer IP CIDR block.
- properties:
- cidr:
- type: string
- type: object
- type: array
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_bgpfilters.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: bgpfilters.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: BGPFilter
- listKind: BGPFilterList
- plural: bgpfilters
- singular: bgpfilter
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: BGPFilterSpec contains the IPv4 and IPv6 filter rules of
- the BGP Filter.
- properties:
- exportV4:
- description: The ordered set of IPv4 BGPFilter rules acting on exporting
- routes to a peer.
- items:
- description: BGPFilterRuleV4 defines a BGP filter rule consisting
- a single IPv4 CIDR block and a filter action for this CIDR.
- properties:
- action:
- type: string
- cidr:
- type: string
- interface:
- type: string
- matchOperator:
- type: string
- prefixLength:
- properties:
- max:
- format: int32
- maximum: 32
- minimum: 0
- type: integer
- min:
- format: int32
- maximum: 32
- minimum: 0
- type: integer
- type: object
- source:
- type: string
- required:
- - action
- type: object
- type: array
- exportV6:
- description: The ordered set of IPv6 BGPFilter rules acting on exporting
- routes to a peer.
- items:
- description: BGPFilterRuleV6 defines a BGP filter rule consisting
- a single IPv6 CIDR block and a filter action for this CIDR.
- properties:
- action:
- type: string
- cidr:
- type: string
- interface:
- type: string
- matchOperator:
- type: string
- prefixLength:
- properties:
- max:
- format: int32
- maximum: 128
- minimum: 0
- type: integer
- min:
- format: int32
- maximum: 128
- minimum: 0
- type: integer
- type: object
- source:
- type: string
- required:
- - action
- type: object
- type: array
- importV4:
- description: The ordered set of IPv4 BGPFilter rules acting on importing
- routes from a peer.
- items:
- description: BGPFilterRuleV4 defines a BGP filter rule consisting
- a single IPv4 CIDR block and a filter action for this CIDR.
- properties:
- action:
- type: string
- cidr:
- type: string
- interface:
- type: string
- matchOperator:
- type: string
- prefixLength:
- properties:
- max:
- format: int32
- maximum: 32
- minimum: 0
- type: integer
- min:
- format: int32
- maximum: 32
- minimum: 0
- type: integer
- type: object
- source:
- type: string
- required:
- - action
- type: object
- type: array
- importV6:
- description: The ordered set of IPv6 BGPFilter rules acting on importing
- routes from a peer.
- items:
- description: BGPFilterRuleV6 defines a BGP filter rule consisting
- a single IPv6 CIDR block and a filter action for this CIDR.
- properties:
- action:
- type: string
- cidr:
- type: string
- interface:
- type: string
- matchOperator:
- type: string
- prefixLength:
- properties:
- max:
- format: int32
- maximum: 128
- minimum: 0
- type: integer
- min:
- format: int32
- maximum: 128
- minimum: 0
- type: integer
- type: object
- source:
- type: string
- required:
- - action
- type: object
- type: array
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_bgppeers.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: bgppeers.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: BGPPeer
- listKind: BGPPeerList
- plural: bgppeers
- singular: bgppeer
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: BGPPeerSpec contains the specification for a BGPPeer resource.
- properties:
- asNumber:
- description: The AS Number of the peer.
- format: int32
- type: integer
- filters:
- description: The ordered set of BGPFilters applied on this BGP peer.
- items:
- type: string
- type: array
- keepOriginalNextHop:
- description: |-
- Option to keep the original nexthop field when routes are sent to a BGP Peer.
- Setting "true" configures the selected BGP Peers node to use the "next hop keep;"
- instead of "next hop self;"(default) in the specific branch of the Node on "bird.cfg".
- Note: that this field is deprecated. Users should use the NextHopMode field to control
- the next hop attribute for a BGP peer.
- type: boolean
- localWorkloadSelector:
- description: |-
- Selector for the local workload that the node should peer with. When this is set, the peerSelector and peerIP fields must be empty,
- and the ASNumber must not be empty.
- type: string
- maxRestartTime:
- description: |-
- Time to allow for software restart. When specified, this is configured as the graceful
- restart timeout. When not specified, the BIRD default of 120s is used.
- type: string
- nextHopMode:
- allOf:
- - enum:
- - Auto
- - Self
- - Keep
- - enum:
- - Auto
- - Self
- - Keep
- description: |-
- NextHopMode defines the method of calculating the next hop attribute for received routes.
- This replaces and expands the deprecated KeepOriginalNextHop field.
- Users should use this setting to control the next hop attribute for a BGP peer.
- When this is set, the value of the KeepOriginalNextHop field is ignored.
- if neither keepOriginalNextHop or nextHopMode is specified, BGP's default behaviour is used.
- Set it to “Auto” to apply BGP’s default behaviour.
- Set it to "Self" to configure "next hop self;" in "bird.cfg".
- Set it to "Keep" to configure "next hop keep;" in "bird.cfg".
- type: string
- node:
- description: |-
- The node name identifying the Calico node instance that is targeted by this peer.
- If this is not set, and no nodeSelector is specified, then this BGP peer selects all
- nodes in the cluster.
- type: string
- nodeSelector:
- description: |-
- Selector for the nodes that should have this peering. When this is set, the Node
- field must be empty.
- type: string
- numAllowedLocalASNumbers:
- description: |-
- Maximum number of local AS numbers that are allowed in the AS path for received routes.
- This removes BGP loop prevention and should only be used if absolutely necessary.
- format: int32
- type: integer
- password:
- description: Optional BGP password for the peerings generated by this
- BGPPeer resource.
- properties:
- secretKeyRef:
- description: Selects a key of a secret in the node pod's namespace.
- properties:
- key:
- description: The key of the secret to select from. Must be
- a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be
- defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- peerIP:
- description: |-
- The IP address of the peer followed by an optional port number to peer with.
- If port number is given, format should be `[<IPv6>]:port` or `<IPv4>:<port>` for IPv4.
- If optional port number is not set, and this peer IP and ASNumber belongs to a calico/node
- with ListenPort set in BGPConfiguration, then we use that port to peer.
- type: string
- peerSelector:
- description: |-
- Selector for the remote nodes to peer with. When this is set, the PeerIP and
- ASNumber fields must be empty. For each peering between the local node and
- selected remote nodes, we configure an IPv4 peering if both ends have
- NodeBGPSpec.IPv4Address specified, and an IPv6 peering if both ends have
- NodeBGPSpec.IPv6Address specified. The remote AS number comes from the remote
- node's NodeBGPSpec.ASNumber, or the global default if that is not set.
- type: string
- reachableBy:
- description: |-
- Add an exact, i.e. /32, static route toward peer IP in order to prevent route flapping.
- ReachableBy contains the address of the gateway which peer can be reached by.
- type: string
- reversePeering:
- description: |-
- ReversePeering, for peerings between Calico nodes controls whether
- the reverse peering from nodes selected by peerSelector is generated
- automatically. If set to Manual, a separate BGPPeer must be created
- for the reverse peering. [Default: Auto]
- enum:
- - Auto
- - Manual
- type: string
- sourceAddress:
- description: |-
- Specifies whether and how to configure a source address for the peerings generated by
- this BGPPeer resource. Default value "UseNodeIP" means to configure the node IP as the
- source address. "None" means not to configure a source address.
- type: string
- ttlSecurity:
- description: |-
- TTLSecurity enables the generalized TTL security mechanism (GTSM) which protects against spoofed packets by
- ignoring received packets with a smaller than expected TTL value. The provided value is the number of hops
- (edges) between the peers.
- type: integer
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_blockaffinities.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: blockaffinities.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: BlockAffinity
- listKind: BlockAffinityList
- plural: blockaffinities
- singular: blockaffinity
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: BlockAffinitySpec contains the specification for a BlockAffinity
- resource.
- properties:
- cidr:
- type: string
- deleted:
- description: |-
- Deleted indicates that this block affinity is being deleted.
- This field is a string for compatibility with older releases that
- mistakenly treat this field as a string.
- type: string
- node:
- type: string
- state:
- type: string
- type:
- type: string
- required:
- - cidr
- - deleted
- - node
- - state
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_caliconodestatuses.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: caliconodestatuses.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: CalicoNodeStatus
- listKind: CalicoNodeStatusList
- plural: caliconodestatuses
- singular: caliconodestatus
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: CalicoNodeStatusSpec contains the specification for a CalicoNodeStatus
- resource.
- properties:
- classes:
- description: |-
- Classes declares the types of information to monitor for this calico/node,
- and allows for selective status reporting about certain subsets of information.
- items:
- type: string
- type: array
- node:
- description: The node name identifies the Calico node instance for
- node status.
- type: string
- updatePeriodSeconds:
- description: |-
- UpdatePeriodSeconds is the period at which CalicoNodeStatus should be updated.
- Set to 0 to disable CalicoNodeStatus refresh. Maximum update period is one day.
- format: int32
- type: integer
- type: object
- status:
- description: |-
- CalicoNodeStatusStatus defines the observed state of CalicoNodeStatus.
- No validation needed for status since it is updated by Calico.
- properties:
- agent:
- description: Agent holds agent status on the node.
- properties:
- birdV4:
- description: BIRDV4 represents the latest observed status of bird4.
- properties:
- lastBootTime:
- description: LastBootTime holds the value of lastBootTime
- from bird.ctl output.
- type: string
- lastReconfigurationTime:
- description: LastReconfigurationTime holds the value of lastReconfigTime
- from bird.ctl output.
- type: string
- routerID:
- description: Router ID used by bird.
- type: string
- state:
- description: The state of the BGP Daemon.
- type: string
- version:
- description: Version of the BGP daemon
- type: string
- type: object
- birdV6:
- description: BIRDV6 represents the latest observed status of bird6.
- properties:
- lastBootTime:
- description: LastBootTime holds the value of lastBootTime
- from bird.ctl output.
- type: string
- lastReconfigurationTime:
- description: LastReconfigurationTime holds the value of lastReconfigTime
- from bird.ctl output.
- type: string
- routerID:
- description: Router ID used by bird.
- type: string
- state:
- description: The state of the BGP Daemon.
- type: string
- version:
- description: Version of the BGP daemon
- type: string
- type: object
- type: object
- bgp:
- description: BGP holds node BGP status.
- properties:
- numberEstablishedV4:
- description: The total number of IPv4 established bgp sessions.
- type: integer
- numberEstablishedV6:
- description: The total number of IPv6 established bgp sessions.
- type: integer
- numberNotEstablishedV4:
- description: The total number of IPv4 non-established bgp sessions.
- type: integer
- numberNotEstablishedV6:
- description: The total number of IPv6 non-established bgp sessions.
- type: integer
- peersV4:
- description: PeersV4 represents IPv4 BGP peers status on the node.
- items:
- description: CalicoNodePeer contains the status of BGP peers
- on the node.
- properties:
- peerIP:
- description: IP address of the peer whose condition we are
- reporting.
- type: string
- since:
- description: Since the state or reason last changed.
- type: string
- state:
- description: State is the BGP session state.
- type: string
- type:
- description: |-
- Type indicates whether this peer is configured via the node-to-node mesh,
- or via en explicit global or per-node BGPPeer object.
- type: string
- type: object
- type: array
- peersV6:
- description: PeersV6 represents IPv6 BGP peers status on the node.
- items:
- description: CalicoNodePeer contains the status of BGP peers
- on the node.
- properties:
- peerIP:
- description: IP address of the peer whose condition we are
- reporting.
- type: string
- since:
- description: Since the state or reason last changed.
- type: string
- state:
- description: State is the BGP session state.
- type: string
- type:
- description: |-
- Type indicates whether this peer is configured via the node-to-node mesh,
- or via en explicit global or per-node BGPPeer object.
- type: string
- type: object
- type: array
- required:
- - numberEstablishedV4
- - numberEstablishedV6
- - numberNotEstablishedV4
- - numberNotEstablishedV6
- type: object
- lastUpdated:
- description: |-
- LastUpdated is a timestamp representing the server time when CalicoNodeStatus object
- last updated. It is represented in RFC3339 form and is in UTC.
- format: date-time
- nullable: true
- type: string
- routes:
- description: Routes reports routes known to the Calico BGP daemon
- on the node.
- properties:
- routesV4:
- description: RoutesV4 represents IPv4 routes on the node.
- items:
- description: CalicoNodeRoute contains the status of BGP routes
- on the node.
- properties:
- destination:
- description: Destination of the route.
- type: string
- gateway:
- description: Gateway for the destination.
- type: string
- interface:
- description: Interface for the destination
- type: string
- learnedFrom:
- description: LearnedFrom contains information regarding
- where this route originated.
- properties:
- peerIP:
- description: If sourceType is NodeMesh or BGPPeer, IP
- address of the router that sent us this route.
- type: string
- sourceType:
- description: Type of the source where a route is learned
- from.
- type: string
- type: object
- type:
- description: Type indicates if the route is being used for
- forwarding or not.
- type: string
- type: object
- type: array
- routesV6:
- description: RoutesV6 represents IPv6 routes on the node.
- items:
- description: CalicoNodeRoute contains the status of BGP routes
- on the node.
- properties:
- destination:
- description: Destination of the route.
- type: string
- gateway:
- description: Gateway for the destination.
- type: string
- interface:
- description: Interface for the destination
- type: string
- learnedFrom:
- description: LearnedFrom contains information regarding
- where this route originated.
- properties:
- peerIP:
- description: If sourceType is NodeMesh or BGPPeer, IP
- address of the router that sent us this route.
- type: string
- sourceType:
- description: Type of the source where a route is learned
- from.
- type: string
- type: object
- type:
- description: Type indicates if the route is being used for
- forwarding or not.
- type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_clusterinformations.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: clusterinformations.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: ClusterInformation
- listKind: ClusterInformationList
- plural: clusterinformations
- singular: clusterinformation
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- description: ClusterInformation contains the cluster specific information.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: ClusterInformationSpec contains the values of describing
- the cluster.
- properties:
- calicoVersion:
- description: CalicoVersion is the version of Calico that the cluster
- is running
- type: string
- clusterGUID:
- description: ClusterGUID is the GUID of the cluster
- type: string
- clusterType:
- description: ClusterType describes the type of the cluster
- type: string
- datastoreReady:
- description: |-
- DatastoreReady is used during significant datastore migrations to signal to components
- such as Felix that it should wait before accessing the datastore.
- type: boolean
- variant:
- description: Variant declares which variant of Calico should be active.
- type: string
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_felixconfigurations.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: felixconfigurations.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: FelixConfiguration
- listKind: FelixConfigurationList
- plural: felixconfigurations
- singular: felixconfiguration
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- description: Felix Configuration contains the configuration for Felix.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: FelixConfigurationSpec contains the values of the Felix configuration.
- properties:
- allowIPIPPacketsFromWorkloads:
- description: |-
- AllowIPIPPacketsFromWorkloads controls whether Felix will add a rule to drop IPIP encapsulated traffic
- from workloads. [Default: false]
- type: boolean
- allowVXLANPacketsFromWorkloads:
- description: |-
- AllowVXLANPacketsFromWorkloads controls whether Felix will add a rule to drop VXLAN encapsulated traffic
- from workloads. [Default: false]
- type: boolean
- awsSrcDstCheck:
- description: |-
- AWSSrcDstCheck controls whether Felix will try to change the "source/dest check" setting on the EC2 instance
- on which it is running. A value of "Disable" will try to disable the source/dest check. Disabling the check
- allows for sending workload traffic without encapsulation within the same AWS subnet.
- [Default: DoNothing]
- enum:
- - DoNothing
- - Enable
- - Disable
- type: string
- bpfCTLBLogFilter:
- description: |-
- BPFCTLBLogFilter specifies, what is logged by connect time load balancer when BPFLogLevel is
- debug. Currently has to be specified as 'all' when BPFLogFilters is set
- to see CTLB logs.
- [Default: unset - means logs are emitted when BPFLogLevel id debug and BPFLogFilters not set.]
- type: string
- bpfConnectTimeLoadBalancing:
- description: |-
- BPFConnectTimeLoadBalancing when in BPF mode, controls whether Felix installs the connect-time load
- balancer. The connect-time load balancer is required for the host to be able to reach Kubernetes services
- and it improves the performance of pod-to-service connections.When set to TCP, connect time load balancing
- is available only for services with TCP ports. [Default: TCP]
- enum:
- - TCP
- - Enabled
- - Disabled
- type: string
- bpfConnectTimeLoadBalancingEnabled:
- description: |-
- BPFConnectTimeLoadBalancingEnabled when in BPF mode, controls whether Felix installs the connection-time load
- balancer. The connect-time load balancer is required for the host to be able to reach Kubernetes services
- and it improves the performance of pod-to-service connections. The only reason to disable it is for debugging
- purposes.
-
- Deprecated: Use BPFConnectTimeLoadBalancing [Default: true]
- type: boolean
- bpfConntrackLogLevel:
- description: |-
- BPFConntrackLogLevel controls the log level of the BPF conntrack cleanup program, which runs periodically
- to clean up expired BPF conntrack entries.
- [Default: Off].
- enum:
- - "Off"
- - Debug
- type: string
- bpfConntrackMode:
- description: |-
- BPFConntrackCleanupMode controls how BPF conntrack entries are cleaned up. `Auto` will use a BPF program if supported,
- falling back to userspace if not. `Userspace` will always use the userspace cleanup code. `BPFProgram` will
- always use the BPF program (failing if not supported).
- [Default: Auto]
- enum:
- - Auto
- - Userspace
- - BPFProgram
- type: string
- bpfConntrackTimeouts:
- description: |-
- BPFConntrackTimers overrides the default values for the specified conntrack timer if
- set. Each value can be either a duration or `Auto` to pick the value from
- a Linux conntrack timeout.
-
- Configurable timers are: CreationGracePeriod, TCPSynSent,
- TCPEstablished, TCPFinsSeen, TCPResetSeen, UDPTimeout, GenericTimeout,
- ICMPTimeout.
-
- Unset values are replaced by the default values with a warning log for
- incorrect values.
- properties:
- creationGracePeriod:
- description: |2-
- CreationGracePeriod gives a generic grace period to new connection
- before they are considered for cleanup [Default: 10s].
- pattern: ^(([0-9]*(\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$
- type: string
- genericTimeout:
- description: |-
- GenericTimeout controls how long it takes before considering this
- entry for cleanup after the connection became idle. If set to 'Auto', the
- value from nf_conntrack_generic_timeout is used. If nil, Calico uses its
- own default value. [Default: 10m].
- pattern: ^(([0-9]*(\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$
- type: string
- icmpTimeout:
- description: |-
- ICMPTimeout controls how long it takes before considering this
- entry for cleanup after the connection became idle. If set to 'Auto', the
- value from nf_conntrack_icmp_timeout is used. If nil, Calico uses its
- own default value. [Default: 5s].
- pattern: ^(([0-9]*(\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$
- type: string
- tcpEstablished:
- description: |-
- TCPEstablished controls how long it takes before considering this entry for
- cleanup after the connection became idle. If set to 'Auto', the
- value from nf_conntrack_tcp_timeout_established is used. If nil, Calico uses
- its own default value. [Default: 1h].
- pattern: ^(([0-9]*(\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$
- type: string
- tcpFinsSeen:
- description: |-
- TCPFinsSeen controls how long it takes before considering this entry for
- cleanup after the connection was closed gracefully. If set to 'Auto', the
- value from nf_conntrack_tcp_timeout_time_wait is used. If nil, Calico uses
- its own default value. [Default: Auto].
- pattern: ^(([0-9]*(\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$
- type: string
- tcpResetSeen:
- description: |-
- TCPResetSeen controls how long it takes before considering this entry for
- cleanup after the connection was aborted. If nil, Calico uses its own
- default value. [Default: 40s].
- pattern: ^(([0-9]*(\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$
- type: string
- tcpSynSent:
- description: |-
- TCPSynSent controls how long it takes before considering this entry for
- cleanup after the last SYN without a response. If set to 'Auto', the
- value from nf_conntrack_tcp_timeout_syn_sent is used. If nil, Calico uses
- its own default value. [Default: 20s].
- pattern: ^(([0-9]*(\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$
- type: string
- udpTimeout:
- description: |-
- UDPTimeout controls how long it takes before considering this entry for
- cleanup after the connection became idle. If nil, Calico uses its own
- default value. [Default: 60s].
- pattern: ^(([0-9]*(\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$
- type: string
- type: object
- bpfDSROptoutCIDRs:
- description: |-
- BPFDSROptoutCIDRs is a list of CIDRs which are excluded from DSR. That is, clients
- in those CIDRs will access service node ports as if BPFExternalServiceMode was set to
- Tunnel.
- items:
- type: string
- type: array
- bpfDataIfacePattern:
- description: |-
- BPFDataIfacePattern is a regular expression that controls which interfaces Felix should attach BPF programs to
- in order to catch traffic to/from the network. This needs to match the interfaces that Calico workload traffic
- flows over as well as any interfaces that handle incoming traffic to nodeports and services from outside the
- cluster. It should not match the workload interfaces (usually named cali...) or any other special device managed
- by Calico itself (e.g., tunnels).
- type: string
- bpfDisableGROForIfaces:
- description: |-
- BPFDisableGROForIfaces is a regular expression that controls which interfaces Felix should disable the
- Generic Receive Offload [GRO] option. It should not match the workload interfaces (usually named cali...).
- type: string
- bpfDisableUnprivileged:
- description: |-
- BPFDisableUnprivileged, if enabled, Felix sets the kernel.unprivileged_bpf_disabled sysctl to disable
- unprivileged use of BPF. This ensures that unprivileged users cannot access Calico's BPF maps and
- cannot insert their own BPF programs to interfere with Calico's. [Default: true]
- type: boolean
- bpfEnabled:
- description: 'BPFEnabled, if enabled Felix will use the BPF dataplane.
- [Default: false]'
- type: boolean
- bpfEnforceRPF:
- description: |-
- BPFEnforceRPF enforce strict RPF on all host interfaces with BPF programs regardless of
- what is the per-interfaces or global setting. Possible values are Disabled, Strict
- or Loose. [Default: Loose]
- pattern: ^(?i)(Disabled|Strict|Loose)?$
- type: string
- bpfExcludeCIDRsFromNAT:
- description: |-
- BPFExcludeCIDRsFromNAT is a list of CIDRs that are to be excluded from NAT
- resolution so that host can handle them. A typical usecase is node local
- DNS cache.
- items:
- type: string
- type: array
- bpfExportBufferSizeMB:
- description: |-
- BPFExportBufferSizeMB in BPF mode, controls the buffer size used for sending BPF events to felix.
- [Default: 1]
- type: integer
- bpfExtToServiceConnmark:
- description: |-
- BPFExtToServiceConnmark in BPF mode, controls a 32bit mark that is set on connections from an
- external client to a local service. This mark allows us to control how packets of that
- connection are routed within the host and how is routing interpreted by RPF check. [Default: 0]
- type: integer
- bpfExternalServiceMode:
- description: |-
- BPFExternalServiceMode in BPF mode, controls how connections from outside the cluster to services (node ports
- and cluster IPs) are forwarded to remote workloads. If set to "Tunnel" then both request and response traffic
- is tunneled to the remote node. If set to "DSR", the request traffic is tunneled but the response traffic
- is sent directly from the remote node. In "DSR" mode, the remote node appears to use the IP of the ingress
- node; this requires a permissive L2 network. [Default: Tunnel]
- pattern: ^(?i)(Tunnel|DSR)?$
- type: string
- bpfForceTrackPacketsFromIfaces:
- description: |-
- BPFForceTrackPacketsFromIfaces in BPF mode, forces traffic from these interfaces
- to skip Calico's iptables NOTRACK rule, allowing traffic from those interfaces to be
- tracked by Linux conntrack. Should only be used for interfaces that are not used for
- the Calico fabric. For example, a docker bridge device for non-Calico-networked
- containers. [Default: docker+]
- items:
- type: string
- type: array
- bpfHostConntrackBypass:
- description: |-
- BPFHostConntrackBypass Controls whether to bypass Linux conntrack in BPF mode for
- workloads and services. [Default: true - bypass Linux conntrack]
- type: boolean
- bpfHostNetworkedNATWithoutCTLB:
- description: |-
- BPFHostNetworkedNATWithoutCTLB when in BPF mode, controls whether Felix does a NAT without CTLB. This along with BPFConnectTimeLoadBalancing
- determines the CTLB behavior. [Default: Enabled]
- enum:
- - Enabled
- - Disabled
- type: string
- bpfKubeProxyEndpointSlicesEnabled:
- description: |-
- BPFKubeProxyEndpointSlicesEnabled is deprecated and has no effect. BPF
- kube-proxy always accepts endpoint slices. This option will be removed in
- the next release.
- type: boolean
- bpfKubeProxyIptablesCleanupEnabled:
- description: |-
- BPFKubeProxyIptablesCleanupEnabled, if enabled in BPF mode, Felix will proactively clean up the upstream
- Kubernetes kube-proxy's iptables chains. Should only be enabled if kube-proxy is not running. [Default: true]
- type: boolean
- bpfKubeProxyMinSyncPeriod:
- description: |-
- BPFKubeProxyMinSyncPeriod, in BPF mode, controls the minimum time between updates to the dataplane for Felix's
- embedded kube-proxy. Lower values give reduced set-up latency. Higher values reduce Felix CPU usage by
- batching up more work. [Default: 1s]
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- bpfL3IfacePattern:
- description: |-
- BPFL3IfacePattern is a regular expression that allows to list tunnel devices like wireguard or vxlan (i.e., L3 devices)
- in addition to BPFDataIfacePattern. That is, tunnel interfaces not created by Calico, that Calico workload traffic flows
- over as well as any interfaces that handle incoming traffic to nodeports and services from outside the cluster.
- type: string
- bpfLogFilters:
- additionalProperties:
- type: string
- description: |-
- BPFLogFilters is a map of key=values where the value is
- a pcap filter expression and the key is an interface name with 'all'
- denoting all interfaces, 'weps' all workload endpoints and 'heps' all host
- endpoints.
-
- When specified as an env var, it accepts a comma-separated list of
- key=values.
- [Default: unset - means all debug logs are emitted]
- type: object
- bpfLogLevel:
- description: |-
- BPFLogLevel controls the log level of the BPF programs when in BPF dataplane mode. One of "Off", "Info", or
- "Debug". The logs are emitted to the BPF trace pipe, accessible with the command `tc exec bpf debug`.
- [Default: Off].
- pattern: ^(?i)(Off|Info|Debug)?$
- type: string
- bpfMapSizeConntrack:
- description: |-
- BPFMapSizeConntrack sets the size for the conntrack map. This map must be large enough to hold
- an entry for each active connection. Warning: changing the size of the conntrack map can cause disruption.
- type: integer
- bpfMapSizeConntrackCleanupQueue:
- description: |-
- BPFMapSizeConntrackCleanupQueue sets the size for the map used to hold NAT conntrack entries that are queued
- for cleanup. This should be big enough to hold all the NAT entries that expire within one cleanup interval.
- minimum: 1
- type: integer
- bpfMapSizeConntrackScaling:
- description: |-
- BPFMapSizeConntrackScaling controls whether and how we scale the conntrack map size depending
- on its usage. 'Disabled' make the size stay at the default or whatever is set by
- BPFMapSizeConntrack*. 'DoubleIfFull' doubles the size when the map is pretty much full even
- after cleanups. [Default: DoubleIfFull]
- pattern: ^(?i)(Disabled|DoubleIfFull)?$
- type: string
- bpfMapSizeIPSets:
- description: |-
- BPFMapSizeIPSets sets the size for ipsets map. The IP sets map must be large enough to hold an entry
- for each endpoint matched by every selector in the source/destination matches in network policy. Selectors
- such as "all()" can result in large numbers of entries (one entry per endpoint in that case).
- type: integer
- bpfMapSizeIfState:
- description: |-
- BPFMapSizeIfState sets the size for ifstate map. The ifstate map must be large enough to hold an entry
- for each device (host + workloads) on a host.
- type: integer
- bpfMapSizeNATAffinity:
- description: |-
- BPFMapSizeNATAffinity sets the size of the BPF map that stores the affinity of a connection (for services that
- enable that feature.
- type: integer
- bpfMapSizeNATBackend:
- description: |-
- BPFMapSizeNATBackend sets the size for NAT back end map.
- This is the total number of endpoints. This is mostly
- more than the size of the number of services.
- type: integer
- bpfMapSizeNATFrontend:
- description: |-
- BPFMapSizeNATFrontend sets the size for NAT front end map.
- FrontendMap should be large enough to hold an entry for each nodeport,
- external IP and each port in each service.
- type: integer
- bpfMapSizePerCpuConntrack:
- description: |-
- BPFMapSizePerCPUConntrack determines the size of conntrack map based on the number of CPUs. If set to a
- non-zero value, overrides BPFMapSizeConntrack with `BPFMapSizePerCPUConntrack * (Number of CPUs)`.
- This map must be large enough to hold an entry for each active connection. Warning: changing the size of the
- conntrack map can cause disruption.
- type: integer
- bpfMapSizeRoute:
- description: |-
- BPFMapSizeRoute sets the size for the routes map. The routes map should be large enough
- to hold one entry per workload and a handful of entries per host (enough to cover its own IPs and
- tunnel IPs).
- type: integer
- bpfPSNATPorts:
- anyOf:
- - type: integer
- - type: string
- description: |-
- BPFPSNATPorts sets the range from which we randomly pick a port if there is a source port
- collision. This should be within the ephemeral range as defined by RFC 6056 (1024–65535) and
- preferably outside the ephemeral ranges used by common operating systems. Linux uses
- 32768–60999, while others mostly use the IANA defined range 49152–65535. It is not necessarily
- a problem if this range overlaps with the operating systems. Both ends of the range are
- inclusive. [Default: 20000:29999]
- pattern: ^.*
- x-kubernetes-int-or-string: true
- bpfPolicyDebugEnabled:
- description: |-
- BPFPolicyDebugEnabled when true, Felix records detailed information
- about the BPF policy programs, which can be examined with the calico-bpf command-line tool.
- type: boolean
- bpfProfiling:
- description: |-
- BPFProfiling controls profiling of BPF programs. At the monent, it can be
- Disabled or Enabled. [Default: Disabled]
- enum:
- - Enabled
- - Disabled
- type: string
- bpfRedirectToPeer:
- description: |-
- BPFRedirectToPeer controls which whether it is allowed to forward straight to the
- peer side of the workload devices. It is allowed for any host L2 devices by default
- (L2Only), but it breaks TCP dump on the host side of workload device as it bypasses
- it on ingress. Value of Enabled also allows redirection from L3 host devices like
- IPIP tunnel or Wireguard directly to the peer side of the workload's device. This
- makes redirection faster, however, it breaks tools like tcpdump on the peer side.
- Use Enabled with caution. [Default: L2Only]
- enum:
- - Enabled
- - Disabled
- - L2Only
- type: string
- chainInsertMode:
- description: |-
- ChainInsertMode controls whether Felix hooks the kernel's top-level iptables chains by inserting a rule
- at the top of the chain or by appending a rule at the bottom. insert is the safe default since it prevents
- Calico's rules from being bypassed. If you switch to append mode, be sure that the other rules in the chains
- signal acceptance by falling through to the Calico rules, otherwise the Calico policy will be bypassed.
- [Default: insert]
- pattern: ^(?i)(Insert|Append)?$
- type: string
- dataplaneDriver:
- description: |-
- DataplaneDriver filename of the external dataplane driver to use. Only used if UseInternalDataplaneDriver
- is set to false.
- type: string
- dataplaneWatchdogTimeout:
- description: |-
- DataplaneWatchdogTimeout is the readiness/liveness timeout used for Felix's (internal) dataplane driver.
- Deprecated: replaced by the generic HealthTimeoutOverrides.
- type: string
- debugDisableLogDropping:
- description: |-
- DebugDisableLogDropping disables the dropping of log messages when the log buffer is full. This can
- significantly impact performance if log write-out is a bottleneck. [Default: false]
- type: boolean
- debugHost:
- description: |-
- DebugHost is the host IP or hostname to bind the debug port to. Only used
- if DebugPort is set. [Default:localhost]
- type: string
- debugMemoryProfilePath:
- description: DebugMemoryProfilePath is the path to write the memory
- profile to when triggered by signal.
- type: string
- debugPort:
- description: |-
- DebugPort if set, enables Felix's debug HTTP port, which allows memory and CPU profiles
- to be retrieved. The debug port is not secure, it should not be exposed to the internet.
- type: integer
- debugSimulateCalcGraphHangAfter:
- description: |-
- DebugSimulateCalcGraphHangAfter is used to simulate a hang in the calculation graph after the specified duration.
- This is useful in tests of the watchdog system only!
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- debugSimulateDataplaneApplyDelay:
- description: |-
- DebugSimulateDataplaneApplyDelay adds an artificial delay to every dataplane operation. This is useful for
- simulating a heavily loaded system for test purposes only.
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- debugSimulateDataplaneHangAfter:
- description: |-
- DebugSimulateDataplaneHangAfter is used to simulate a hang in the dataplane after the specified duration.
- This is useful in tests of the watchdog system only!
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- defaultEndpointToHostAction:
- description: |-
- DefaultEndpointToHostAction controls what happens to traffic that goes from a workload endpoint to the host
- itself (after the endpoint's egress policy is applied). By default, Calico blocks traffic from workload
- endpoints to the host itself with an iptables "DROP" action. If you want to allow some or all traffic from
- endpoint to host, set this parameter to RETURN or ACCEPT. Use RETURN if you have your own rules in the iptables
- "INPUT" chain; Calico will insert its rules at the top of that chain, then "RETURN" packets to the "INPUT" chain
- once it has completed processing workload endpoint egress policy. Use ACCEPT to unconditionally accept packets
- from workloads after processing workload endpoint egress policy. [Default: Drop]
- pattern: ^(?i)(Drop|Accept|Return)?$
- type: string
- deviceRouteProtocol:
- description: |-
- DeviceRouteProtocol controls the protocol to set on routes programmed by Felix. The protocol is an 8-bit label
- used to identify the owner of the route.
- type: integer
- deviceRouteSourceAddress:
- description: |-
- DeviceRouteSourceAddress IPv4 address to set as the source hint for routes programmed by Felix. When not set
- the source address for local traffic from host to workload will be determined by the kernel.
- type: string
- deviceRouteSourceAddressIPv6:
- description: |-
- DeviceRouteSourceAddressIPv6 IPv6 address to set as the source hint for routes programmed by Felix. When not set
- the source address for local traffic from host to workload will be determined by the kernel.
- type: string
- disableConntrackInvalidCheck:
- description: |-
- DisableConntrackInvalidCheck disables the check for invalid connections in conntrack. While the conntrack
- invalid check helps to detect malicious traffic, it can also cause issues with certain multi-NIC scenarios.
- type: boolean
- endpointReportingDelay:
- description: |-
- EndpointReportingDelay is the delay before Felix reports endpoint status to the datastore. This is only used
- by the OpenStack integration. [Default: 1s]
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- endpointReportingEnabled:
- description: |-
- EndpointReportingEnabled controls whether Felix reports endpoint status to the datastore. This is only used
- by the OpenStack integration. [Default: false]
- type: boolean
- endpointStatusPathPrefix:
- description: |-
- EndpointStatusPathPrefix is the path to the directory where endpoint status will be written. Endpoint status
- file reporting is disabled if field is left empty.
-
- Chosen directory should match the directory used by the CNI plugin for PodStartupDelay.
- [Default: /var/run/calico]
- type: string
- externalNodesList:
- description: |-
- ExternalNodesCIDRList is a list of CIDR's of external, non-Calico nodes from which VXLAN/IPIP overlay traffic
- will be allowed. By default, external tunneled traffic is blocked to reduce attack surface.
- items:
- type: string
- type: array
- failsafeInboundHostPorts:
- description: |-
- FailsafeInboundHostPorts is a list of ProtoPort struct objects including UDP/TCP/SCTP ports and CIDRs that Felix will
- allow incoming traffic to host endpoints on irrespective of the security policy. This is useful to avoid accidentally
- cutting off a host with incorrect configuration. For backwards compatibility, if the protocol is not specified,
- it defaults to "tcp". If a CIDR is not specified, it will allow traffic from all addresses. To disable all inbound host ports,
- use the value "[]". The default value allows ssh access, DHCP, BGP, etcd and the Kubernetes API.
- [Default: tcp:22, udp:68, tcp:179, tcp:2379, tcp:2380, tcp:5473, tcp:6443, tcp:6666, tcp:6667 ]
- items:
- description: ProtoPort is combination of protocol, port, and CIDR.
- Protocol and port must be specified.
- properties:
- net:
- type: string
- port:
- type: integer
- protocol:
- type: string
- required:
- - port
- type: object
- type: array
- failsafeOutboundHostPorts:
- description: |-
- FailsafeOutboundHostPorts is a list of PortProto struct objects including UDP/TCP/SCTP ports and CIDRs that Felix
- will allow outgoing traffic from host endpoints to irrespective of the security policy. This is useful to avoid accidentally
- cutting off a host with incorrect configuration. For backwards compatibility, if the protocol is not specified, it defaults
- to "tcp". If a CIDR is not specified, it will allow traffic from all addresses. To disable all outbound host ports,
- use the value "[]". The default value opens etcd's standard ports to ensure that Felix does not get cut off from etcd
- as well as allowing DHCP, DNS, BGP and the Kubernetes API.
- [Default: udp:53, udp:67, tcp:179, tcp:2379, tcp:2380, tcp:5473, tcp:6443, tcp:6666, tcp:6667 ]
- items:
- description: ProtoPort is combination of protocol, port, and CIDR.
- Protocol and port must be specified.
- properties:
- net:
- type: string
- port:
- type: integer
- protocol:
- type: string
- required:
- - port
- type: object
- type: array
- featureDetectOverride:
- description: |-
- FeatureDetectOverride is used to override feature detection based on auto-detected platform
- capabilities. Values are specified in a comma separated list with no spaces, example;
- "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". A value of "true" or "false" will
- force enable/disable feature, empty or omitted values fall back to auto-detection.
- pattern: ^([a-zA-Z0-9-_]+=(true|false|),)*([a-zA-Z0-9-_]+=(true|false|))?$
- type: string
- featureGates:
- description: |-
- FeatureGates is used to enable or disable tech-preview Calico features.
- Values are specified in a comma separated list with no spaces, example;
- "BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false". This is
- used to enable features that are not fully production ready.
- pattern: ^([a-zA-Z0-9-_]+=([^=]+),)*([a-zA-Z0-9-_]+=([^=]+))?$
- type: string
- floatingIPs:
- description: |-
- FloatingIPs configures whether or not Felix will program non-OpenStack floating IP addresses. (OpenStack-derived
- floating IPs are always programmed, regardless of this setting.)
- enum:
- - Enabled
- - Disabled
- type: string
- flowLogsCollectorDebugTrace:
- description: |-
- When FlowLogsCollectorDebugTrace is set to true, enables the logs in the collector to be
- printed in their entirety.
- type: boolean
- flowLogsFlushInterval:
- description: FlowLogsFlushInterval configures the interval at which
- Felix exports flow logs.
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- flowLogsGoldmaneServer:
- description: FlowLogGoldmaneServer is the flow server endpoint to
- which flow data should be published.
- type: string
- flowLogsLocalReporter:
- description: 'FlowLogsLocalReporter configures local unix socket for
- reporting flow data from each node. [Default: Disabled]'
- enum:
- - Disabled
- - Enabled
- type: string
- flowLogsPolicyEvaluationMode:
- description: |-
- Continuous - Felix evaluates active flows on a regular basis to determine the rule
- traces in the flow logs. Any policy updates that impact a flow will be reflected in the
- pending_policies field, offering a near-real-time view of policy changes across flows.
- None - Felix stops evaluating pending traces.
- [Default: Continuous]
- enum:
- - None
- - Continuous
- type: string
- genericXDPEnabled:
- description: |-
- GenericXDPEnabled enables Generic XDP so network cards that don't support XDP offload or driver
- modes can use XDP. This is not recommended since it doesn't provide better performance than
- iptables. [Default: false]
- type: boolean
- goGCThreshold:
- description: |-
- GoGCThreshold Sets the Go runtime's garbage collection threshold. I.e. the percentage that the heap is
- allowed to grow before garbage collection is triggered. In general, doubling the value halves the CPU time
- spent doing GC, but it also doubles peak GC memory overhead. A special value of -1 can be used
- to disable GC entirely; this should only be used in conjunction with the GoMemoryLimitMB setting.
-
- This setting is overridden by the GOGC environment variable.
-
- [Default: 40]
- type: integer
- goMaxProcs:
- description: |-
- GoMaxProcs sets the maximum number of CPUs that the Go runtime will use concurrently. A value of -1 means
- "use the system default"; typically the number of real CPUs on the system.
-
- this setting is overridden by the GOMAXPROCS environment variable.
-
- [Default: -1]
- type: integer
- goMemoryLimitMB:
- description: |-
- GoMemoryLimitMB sets a (soft) memory limit for the Go runtime in MB. The Go runtime will try to keep its memory
- usage under the limit by triggering GC as needed. To avoid thrashing, it will exceed the limit if GC starts to
- take more than 50% of the process's CPU time. A value of -1 disables the memory limit.
-
- Note that the memory limit, if used, must be considerably less than any hard resource limit set at the container
- or pod level. This is because felix is not the only process that must run in the container or pod.
-
- This setting is overridden by the GOMEMLIMIT environment variable.
-
- [Default: -1]
- type: integer
- healthEnabled:
- description: |-
- HealthEnabled if set to true, enables Felix's health port, which provides readiness and liveness endpoints.
- [Default: false]
- type: boolean
- healthHost:
- description: 'HealthHost is the host that the health server should
- bind to. [Default: localhost]'
- type: string
- healthPort:
- description: 'HealthPort is the TCP port that the health server should
- bind to. [Default: 9099]'
- type: integer
- healthTimeoutOverrides:
- description: |-
- HealthTimeoutOverrides allows the internal watchdog timeouts of individual subcomponents to be
- overridden. This is useful for working around "false positive" liveness timeouts that can occur
- in particularly stressful workloads or if CPU is constrained. For a list of active
- subcomponents, see Felix's logs.
- items:
- properties:
- name:
- type: string
- timeout:
- type: string
- required:
- - name
- - timeout
- type: object
- type: array
- interfaceExclude:
- description: |-
- InterfaceExclude A comma-separated list of interface names that should be excluded when Felix is resolving
- host endpoints. The default value ensures that Felix ignores Kubernetes' internal `kube-ipvs0` device. If you
- want to exclude multiple interface names using a single value, the list supports regular expressions. For
- regular expressions you must wrap the value with `/`. For example having values `/^kube/,veth1` will exclude
- all interfaces that begin with `kube` and also the interface `veth1`. [Default: kube-ipvs0]
- type: string
- interfacePrefix:
- description: |-
- InterfacePrefix is the interface name prefix that identifies workload endpoints and so distinguishes
- them from host endpoint interfaces. Note: in environments other than bare metal, the orchestrators
- configure this appropriately. For example our Kubernetes and Docker integrations set the 'cali' value,
- and our OpenStack integration sets the 'tap' value. [Default: cali]
- type: string
- interfaceRefreshInterval:
- description: |-
- InterfaceRefreshInterval is the period at which Felix rescans local interfaces to verify their state.
- The rescan can be disabled by setting the interval to 0.
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- ipForwarding:
- description: |-
- IPForwarding controls whether Felix sets the host sysctls to enable IP forwarding. IP forwarding is required
- when using Calico for workload networking. This should be disabled only on hosts where Calico is used solely for
- host protection. In BPF mode, due to a kernel interaction, either IPForwarding must be enabled or BPFEnforceRPF
- must be disabled. [Default: Enabled]
- enum:
- - Enabled
- - Disabled
- type: string
- ipipEnabled:
- description: |-
- IPIPEnabled overrides whether Felix should configure an IPIP interface on the host. Optional as Felix
- determines this based on the existing IP pools. [Default: nil (unset)]
- type: boolean
- ipipMTU:
- description: |-
- IPIPMTU controls the MTU to set on the IPIP tunnel device. Optional as Felix auto-detects the MTU based on the
- MTU of the host's interfaces. [Default: 0 (auto-detect)]
- type: integer
- ipsetsRefreshInterval:
- description: |-
- IpsetsRefreshInterval controls the period at which Felix re-checks all IP sets to look for discrepancies.
- Set to 0 to disable the periodic refresh. [Default: 90s]
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- iptablesBackend:
- description: |-
- IptablesBackend controls which backend of iptables will be used. The default is `Auto`.
-
- Warning: changing this on a running system can leave "orphaned" rules in the "other" backend. These
- should be cleaned up to avoid confusing interactions.
- pattern: ^(?i)(Auto|Legacy|NFT)?$
- type: string
- iptablesFilterAllowAction:
- description: |-
- IptablesFilterAllowAction controls what happens to traffic that is accepted by a Felix policy chain in the
- iptables filter table (which is used for "normal" policy). The default will immediately `Accept` the traffic. Use
- `Return` to send the traffic back up to the system chains for further processing.
- pattern: ^(?i)(Accept|Return)?$
- type: string
- iptablesFilterDenyAction:
- description: |-
- IptablesFilterDenyAction controls what happens to traffic that is denied by network policy. By default Calico blocks traffic
- with an iptables "DROP" action. If you want to use "REJECT" action instead you can configure it in here.
- pattern: ^(?i)(Drop|Reject)?$
- type: string
- iptablesLockFilePath:
- description: |-
- IptablesLockFilePath is the location of the iptables lock file. You may need to change this
- if the lock file is not in its standard location (for example if you have mapped it into Felix's
- container at a different path). [Default: /run/xtables.lock]
- type: string
- iptablesLockProbeInterval:
- description: |-
- IptablesLockProbeInterval when IptablesLockTimeout is enabled: the time that Felix will wait between
- attempts to acquire the iptables lock if it is not available. Lower values make Felix more
- responsive when the lock is contended, but use more CPU. [Default: 50ms]
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- iptablesLockTimeout:
- description: |-
- IptablesLockTimeout is the time that Felix itself will wait for the iptables lock (rather than delegating the
- lock handling to the `iptables` command).
-
- Deprecated: `iptables-restore` v1.8+ always takes the lock, so enabling this feature results in deadlock.
- [Default: 0s disabled]
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- iptablesMangleAllowAction:
- description: |-
- IptablesMangleAllowAction controls what happens to traffic that is accepted by a Felix policy chain in the
- iptables mangle table (which is used for "pre-DNAT" policy). The default will immediately `Accept` the traffic.
- Use `Return` to send the traffic back up to the system chains for further processing.
- pattern: ^(?i)(Accept|Return)?$
- type: string
- iptablesMarkMask:
- description: |-
- IptablesMarkMask is the mask that Felix selects its IPTables Mark bits from. Should be a 32 bit hexadecimal
- number with at least 8 bits set, none of which clash with any other mark bits in use on the system.
- [Default: 0xffff0000]
- format: int32
- type: integer
- iptablesNATOutgoingInterfaceFilter:
- description: |-
- This parameter can be used to limit the host interfaces on which Calico will apply SNAT to traffic leaving a
- Calico IPAM pool with "NAT outgoing" enabled. This can be useful if you have a main data interface, where
- traffic should be SNATted and a secondary device (such as the docker bridge) which is local to the host and
- doesn't require SNAT. This parameter uses the iptables interface matching syntax, which allows + as a
- wildcard. Most users will not need to set this. Example: if your data interfaces are eth0 and eth1 and you
- want to exclude the docker bridge, you could set this to eth+
- type: string
- iptablesPostWriteCheckInterval:
- description: |-
- IptablesPostWriteCheckInterval is the period after Felix has done a write
- to the dataplane that it schedules an extra read back in order to check the write was not
- clobbered by another process. This should only occur if another application on the system
- doesn't respect the iptables lock. [Default: 1s]
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- iptablesRefreshInterval:
- description: |-
- IptablesRefreshInterval is the period at which Felix re-checks the IP sets
- in the dataplane to ensure that no other process has accidentally broken Calico's rules.
- Set to 0 to disable IP sets refresh. Note: the default for this value is lower than the
- other refresh intervals as a workaround for a Linux kernel bug that was fixed in kernel
- version 4.11. If you are using v4.11 or greater you may want to set this to, a higher value
- to reduce Felix CPU usage. [Default: 10s]
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- ipv6Support:
- description: IPv6Support controls whether Felix enables support for
- IPv6 (if supported by the in-use dataplane).
- type: boolean
- kubeNodePortRanges:
- description: |-
- KubeNodePortRanges holds list of port ranges used for service node ports. Only used if felix detects kube-proxy running in ipvs mode.
- Felix uses these ranges to separate host and workload traffic. [Default: 30000:32767].
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- logDebugFilenameRegex:
- description: |-
- LogDebugFilenameRegex controls which source code files have their Debug log output included in the logs.
- Only logs from files with names that match the given regular expression are included. The filter only applies
- to Debug level logs.
- type: string
- logFilePath:
- description: 'LogFilePath is the full path to the Felix log. Set to
- none to disable file logging. [Default: /var/log/calico/felix.log]'
- type: string
- logPrefix:
- description: 'LogPrefix is the log prefix that Felix uses when rendering
- LOG rules. [Default: calico-packet]'
- type: string
- logSeverityFile:
- description: 'LogSeverityFile is the log severity above which logs
- are sent to the log file. [Default: Info]'
- pattern: ^(?i)(Trace|Debug|Info|Warning|Error|Fatal)?$
- type: string
- logSeverityScreen:
- description: 'LogSeverityScreen is the log severity above which logs
- are sent to the stdout. [Default: Info]'
- pattern: ^(?i)(Trace|Debug|Info|Warning|Error|Fatal)?$
- type: string
- logSeveritySys:
- description: |-
- LogSeveritySys is the log severity above which logs are sent to the syslog. Set to None for no logging to syslog.
- [Default: Info]
- pattern: ^(?i)(Trace|Debug|Info|Warning|Error|Fatal)?$
- type: string
- maxIpsetSize:
- description: |-
- MaxIpsetSize is the maximum number of IP addresses that can be stored in an IP set. Not applicable
- if using the nftables backend.
- type: integer
- metadataAddr:
- description: |-
- MetadataAddr is the IP address or domain name of the server that can answer VM queries for
- cloud-init metadata. In OpenStack, this corresponds to the machine running nova-api (or in
- Ubuntu, nova-api-metadata). A value of none (case-insensitive) means that Felix should not
- set up any NAT rule for the metadata path. [Default: 127.0.0.1]
- type: string
- metadataPort:
- description: |-
- MetadataPort is the port of the metadata server. This, combined with global.MetadataAddr (if
- not 'None'), is used to set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort.
- In most cases this should not need to be changed [Default: 8775].
- type: integer
- mtuIfacePattern:
- description: |-
- MTUIfacePattern is a regular expression that controls which interfaces Felix should scan in order
- to calculate the host's MTU.
- This should not match workload interfaces (usually named cali...).
- type: string
- natOutgoingAddress:
- description: |-
- NATOutgoingAddress specifies an address to use when performing source NAT for traffic in a natOutgoing pool that
- is leaving the network. By default the address used is an address on the interface the traffic is leaving on
- (i.e. it uses the iptables MASQUERADE target).
- type: string
- natPortRange:
- anyOf:
- - type: integer
- - type: string
- description: |-
- NATPortRange specifies the range of ports that is used for port mapping when doing outgoing NAT. When unset the default behavior of the
- network stack is used.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- netlinkTimeout:
- description: |-
- NetlinkTimeout is the timeout when talking to the kernel over the netlink protocol, used for programming
- routes, rules, and other kernel objects. [Default: 10s]
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- nftablesFilterAllowAction:
- description: |-
- NftablesFilterAllowAction controls the nftables action that Felix uses to represent the "allow" policy verdict
- in the filter table. The default is to `ACCEPT` the traffic, which is a terminal action. Alternatively,
- `RETURN` can be used to return the traffic back to the top-level chain for further processing by your rules.
- pattern: ^(?i)(Accept|Return)?$
- type: string
- nftablesFilterDenyAction:
- description: |-
- NftablesFilterDenyAction controls what happens to traffic that is denied by network policy. By default, Calico
- blocks traffic with a "drop" action. If you want to use a "reject" action instead you can configure it here.
- pattern: ^(?i)(Drop|Reject)?$
- type: string
- nftablesMangleAllowAction:
- description: |-
- NftablesMangleAllowAction controls the nftables action that Felix uses to represent the "allow" policy verdict
- in the mangle table. The default is to `ACCEPT` the traffic, which is a terminal action. Alternatively,
- `RETURN` can be used to return the traffic back to the top-level chain for further processing by your rules.
- pattern: ^(?i)(Accept|Return)?$
- type: string
- nftablesMarkMask:
- description: |-
- NftablesMarkMask is the mask that Felix selects its nftables Mark bits from. Should be a 32 bit hexadecimal
- number with at least 8 bits set, none of which clash with any other mark bits in use on the system.
- [Default: 0xffff0000]
- format: int32
- type: integer
- nftablesMode:
- description: 'NFTablesMode configures nftables support in Felix. [Default:
- Disabled]'
- enum:
- - Disabled
- - Enabled
- - Auto
- type: string
- nftablesRefreshInterval:
- description: 'NftablesRefreshInterval controls the interval at which
- Felix periodically refreshes the nftables rules. [Default: 90s]'
- type: string
- openstackRegion:
- description: |-
- OpenstackRegion is the name of the region that a particular Felix belongs to. In a multi-region
- Calico/OpenStack deployment, this must be configured somehow for each Felix (here in the datamodel,
- or in felix.cfg or the environment on each compute node), and must match the [calico]
- openstack_region value configured in neutron.conf on each node. [Default: Empty]
- type: string
- policySyncPathPrefix:
- description: |-
- PolicySyncPathPrefix is used to by Felix to communicate policy changes to external services,
- like Application layer policy. [Default: Empty]
- type: string
- prometheusGoMetricsEnabled:
- description: |-
- PrometheusGoMetricsEnabled disables Go runtime metrics collection, which the Prometheus client does by default, when
- set to false. This reduces the number of metrics reported, reducing Prometheus load. [Default: true]
- type: boolean
- prometheusMetricsEnabled:
- description: 'PrometheusMetricsEnabled enables the Prometheus metrics
- server in Felix if set to true. [Default: false]'
- type: boolean
- prometheusMetricsHost:
- description: 'PrometheusMetricsHost is the host that the Prometheus
- metrics server should bind to. [Default: empty]'
- type: string
- prometheusMetricsPort:
- description: 'PrometheusMetricsPort is the TCP port that the Prometheus
- metrics server should bind to. [Default: 9091]'
- type: integer
- prometheusProcessMetricsEnabled:
- description: |-
- PrometheusProcessMetricsEnabled disables process metrics collection, which the Prometheus client does by default, when
- set to false. This reduces the number of metrics reported, reducing Prometheus load. [Default: true]
- type: boolean
- prometheusWireGuardMetricsEnabled:
- description: |-
- PrometheusWireGuardMetricsEnabled disables wireguard metrics collection, which the Prometheus client does by default, when
- set to false. This reduces the number of metrics reported, reducing Prometheus load. [Default: true]
- type: boolean
- removeExternalRoutes:
- description: |-
- RemoveExternalRoutes Controls whether Felix will remove unexpected routes to workload interfaces. Felix will
- always clean up expected routes that use the configured DeviceRouteProtocol. To add your own routes, you must
- use a distinct protocol (in addition to setting this field to false).
- type: boolean
- reportingInterval:
- description: |-
- ReportingInterval is the interval at which Felix reports its status into the datastore or 0 to disable.
- Must be non-zero in OpenStack deployments. [Default: 30s]
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- reportingTTL:
- description: 'ReportingTTL is the time-to-live setting for process-wide
- status reports. [Default: 90s]'
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- routeRefreshInterval:
- description: |-
- RouteRefreshInterval is the period at which Felix re-checks the routes
- in the dataplane to ensure that no other process has accidentally broken Calico's rules.
- Set to 0 to disable route refresh. [Default: 90s]
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- routeSource:
- description: |-
- RouteSource configures where Felix gets its routing information.
- - WorkloadIPs: use workload endpoints to construct routes.
- - CalicoIPAM: the default - use IPAM data to construct routes.
- pattern: ^(?i)(WorkloadIPs|CalicoIPAM)?$
- type: string
- routeSyncDisabled:
- description: |-
- RouteSyncDisabled will disable all operations performed on the route table. Set to true to
- run in network-policy mode only.
- type: boolean
- routeTableRange:
- description: |-
- Deprecated in favor of RouteTableRanges.
- Calico programs additional Linux route tables for various purposes.
- RouteTableRange specifies the indices of the route tables that Calico should use.
- properties:
- max:
- type: integer
- min:
- type: integer
- required:
- - max
- - min
- type: object
- routeTableRanges:
- description: |-
- Calico programs additional Linux route tables for various purposes.
- RouteTableRanges specifies a set of table index ranges that Calico should use.
- Deprecates`RouteTableRange`, overrides `RouteTableRange`.
- items:
- properties:
- max:
- type: integer
- min:
- type: integer
- required:
- - max
- - min
- type: object
- type: array
- serviceLoopPrevention:
- description: |-
- When service IP advertisement is enabled, prevent routing loops to service IPs that are
- not in use, by dropping or rejecting packets that do not get DNAT'd by kube-proxy.
- Unless set to "Disabled", in which case such routing loops continue to be allowed.
- [Default: Drop]
- pattern: ^(?i)(Drop|Reject|Disabled)?$
- type: string
- sidecarAccelerationEnabled:
- description: 'SidecarAccelerationEnabled enables experimental sidecar
- acceleration [Default: false]'
- type: boolean
- usageReportingEnabled:
- description: |-
- UsageReportingEnabled reports anonymous Calico version number and cluster size to projectcalico.org. Logs warnings returned by the usage
- server. For example, if a significant security vulnerability has been discovered in the version of Calico being used. [Default: true]
- type: boolean
- usageReportingInitialDelay:
- description: 'UsageReportingInitialDelay controls the minimum delay
- before Felix makes a report. [Default: 300s]'
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- usageReportingInterval:
- description: 'UsageReportingInterval controls the interval at which
- Felix makes reports. [Default: 86400s]'
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- useInternalDataplaneDriver:
- description: |-
- UseInternalDataplaneDriver, if true, Felix will use its internal dataplane programming logic. If false, it
- will launch an external dataplane driver and communicate with it over protobuf.
- type: boolean
- vxlanEnabled:
- description: |-
- VXLANEnabled overrides whether Felix should create the VXLAN tunnel device for IPv4 VXLAN networking.
- Optional as Felix determines this based on the existing IP pools. [Default: nil (unset)]
- type: boolean
- vxlanMTU:
- description: |-
- VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel device. Optional as Felix auto-detects the MTU based on the
- MTU of the host's interfaces. [Default: 0 (auto-detect)]
- type: integer
- vxlanMTUV6:
- description: |-
- VXLANMTUV6 is the MTU to set on the IPv6 VXLAN tunnel device. Optional as Felix auto-detects the MTU based on the
- MTU of the host's interfaces. [Default: 0 (auto-detect)]
- type: integer
- vxlanPort:
- description: 'VXLANPort is the UDP port number to use for VXLAN traffic.
- [Default: 4789]'
- type: integer
- vxlanVNI:
- description: |-
- VXLANVNI is the VXLAN VNI to use for VXLAN traffic. You may need to change this if the default value is
- in use on your system. [Default: 4096]
- type: integer
- windowsManageFirewallRules:
- description: 'WindowsManageFirewallRules configures whether or not
- Felix will program Windows Firewall rules (to allow inbound access
- to its own metrics ports). [Default: Disabled]'
- enum:
- - Enabled
- - Disabled
- type: string
- wireguardEnabled:
- description: 'WireguardEnabled controls whether Wireguard is enabled
- for IPv4 (encapsulating IPv4 traffic over an IPv4 underlay network).
- [Default: false]'
- type: boolean
- wireguardEnabledV6:
- description: 'WireguardEnabledV6 controls whether Wireguard is enabled
- for IPv6 (encapsulating IPv6 traffic over an IPv6 underlay network).
- [Default: false]'
- type: boolean
- wireguardHostEncryptionEnabled:
- description: 'WireguardHostEncryptionEnabled controls whether Wireguard
- host-to-host encryption is enabled. [Default: false]'
- type: boolean
- wireguardInterfaceName:
- description: 'WireguardInterfaceName specifies the name to use for
- the IPv4 Wireguard interface. [Default: wireguard.cali]'
- type: string
- wireguardInterfaceNameV6:
- description: 'WireguardInterfaceNameV6 specifies the name to use for
- the IPv6 Wireguard interface. [Default: wg-v6.cali]'
- type: string
- wireguardKeepAlive:
- description: 'WireguardPersistentKeepAlive controls Wireguard PersistentKeepalive
- option. Set 0 to disable. [Default: 0]'
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- wireguardListeningPort:
- description: 'WireguardListeningPort controls the listening port used
- by IPv4 Wireguard. [Default: 51820]'
- type: integer
- wireguardListeningPortV6:
- description: 'WireguardListeningPortV6 controls the listening port
- used by IPv6 Wireguard. [Default: 51821]'
- type: integer
- wireguardMTU:
- description: 'WireguardMTU controls the MTU on the IPv4 Wireguard
- interface. See Configuring MTU [Default: 1440]'
- type: integer
- wireguardMTUV6:
- description: 'WireguardMTUV6 controls the MTU on the IPv6 Wireguard
- interface. See Configuring MTU [Default: 1420]'
- type: integer
- wireguardRoutingRulePriority:
- description: 'WireguardRoutingRulePriority controls the priority value
- to use for the Wireguard routing rule. [Default: 99]'
- type: integer
- wireguardThreadingEnabled:
- description: |-
- WireguardThreadingEnabled controls whether Wireguard has Threaded NAPI enabled. [Default: false]
- This increases the maximum number of packets a Wireguard interface can process.
- Consider threaded NAPI only if you have high packets per second workloads that are causing dropping packets due to a saturated `softirq` CPU core.
- There is a [known issue](https://lore.kernel.org/netdev/CALrw=nEoT2emQ0OAYCjM1d_6Xe_kNLSZ6dhjb5FxrLFYh4kozA@mail.gmail.com/T/) with this setting
- that may cause NAPI to get stuck holding the global `rtnl_mutex` when a peer is removed.
- Workaround: Make sure your Linux kernel [includes this patch](https://github.com/torvalds/linux/commit/56364c910691f6d10ba88c964c9041b9ab777bd6) to unwedge NAPI.
- type: boolean
- workloadSourceSpoofing:
- description: |-
- WorkloadSourceSpoofing controls whether pods can use the allowedSourcePrefixes annotation to send traffic with a source IP
- address that is not theirs. This is disabled by default. When set to "Any", pods can request any prefix.
- pattern: ^(?i)(Disabled|Any)?$
- type: string
- xdpEnabled:
- description: 'XDPEnabled enables XDP acceleration for suitable untracked
- incoming deny rules. [Default: true]'
- type: boolean
- xdpRefreshInterval:
- description: |-
- XDPRefreshInterval is the period at which Felix re-checks all XDP state to ensure that no
- other process has accidentally broken Calico's BPF maps or attached programs. Set to 0 to
- disable XDP refresh. [Default: 90s]
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_globalnetworkpolicies.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: globalnetworkpolicies.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: GlobalNetworkPolicy
- listKind: GlobalNetworkPolicyList
- plural: globalnetworkpolicies
- singular: globalnetworkpolicy
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- properties:
- applyOnForward:
- description: ApplyOnForward indicates to apply the rules in this policy
- on forward traffic.
- type: boolean
- doNotTrack:
- description: |-
- DoNotTrack indicates whether packets matched by the rules in this policy should go through
- the data plane's connection tracking, such as Linux conntrack. If True, the rules in
- this policy are applied before any data plane connection tracking, and packets allowed by
- this policy are marked as not to be tracked.
- type: boolean
- egress:
- description: |-
- The ordered set of egress rules. Each rule contains a set of packet match criteria and
- a corresponding action to apply.
- items:
- description: |-
- A Rule encapsulates a set of match criteria and an action. Both selector-based security Policy
- and security Profiles reference rules - separated out as a list of rules for both
- ingress and egress packet matching.
-
- Each positive match criteria has a negated version, prefixed with "Not". All the match
- criteria within a rule must be satisfied for a packet to match. A single rule can contain
- the positive and negative version of a match and both must be satisfied for the rule to match.
- properties:
- action:
- type: string
- destination:
- description: Destination contains the match criteria that apply
- to destination entity.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector is an optional field that contains a selector expression. Only traffic
- that originates from (or terminates at) endpoints within the selected namespaces will be
- matched. When both NamespaceSelector and another selector are defined on the same rule, then only
- workload endpoints that are matched by both selectors will be selected by the rule.
-
- For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting
- only workload endpoints in the same namespace as the NetworkPolicy.
-
- For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting
- only GlobalNetworkSet or HostEndpoint.
-
- For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload
- endpoints across all namespaces.
- type: string
- nets:
- description: |-
- Nets is an optional field that restricts the rule to only apply to traffic that
- originates from (or terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: |-
- NotPorts is the negated version of the Ports field.
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: |-
- NotSelector is the negated version of the Selector field. See Selector field for
- subtleties with negated selectors.
- type: string
- ports:
- description: |-
- Ports is an optional field that restricts the rule to only apply to traffic that has a
- source (destination) port that matches one of these ranges/values. This value is a
- list of integers or strings that represent ranges of ports.
-
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for\nsample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching\nthe selector will be matched.\n\nNote that:
- in addition to the negated version of the Selector (see
- NotSelector below), the\nselector expression syntax itself
- supports negation. The two types of negation are subtly\ndifferent.
- One negates the set of matched endpoints, the other negates
- the whole match:\n\n\tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled\n\tendpoints
- that do not have the label \"my_label\".\n\n\tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled\n\tendpoints that do have the label
- \"my_label\".\n\nThe effect is that the latter will accept
- packets from non-Calico sources whereas the\nformer is
- limited to packets from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: |-
- ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or
- terminates at) a pod running as a matching service account.
- properties:
- names:
- description: |-
- Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates
- at) a pod running as a service account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: |-
- Selector is an optional field that restricts the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a service account that matches the given label selector.
- If both Names and Selector are specified then they are AND'ed.
- type: string
- type: object
- services:
- description: |-
- Services is an optional field that contains options for matching Kubernetes Services.
- If specified, only traffic that originates from or terminates at endpoints within the selected
- service(s) will be matched, and only to/from each endpoint's port.
-
- Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets,
- NotNets or ServiceAccounts.
-
- Ports and NotPorts can only be specified with Services on ingress rules.
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: |-
- Namespace specifies the namespace of the given Service. If left empty, the rule
- will match within this policy's namespace.
- type: string
- type: object
- type: object
- http:
- description: HTTP contains match criteria that apply to HTTP
- requests.
- properties:
- methods:
- description: |-
- Methods is an optional field that restricts the rule to apply only to HTTP requests that use one of the listed
- HTTP Methods (e.g. GET, PUT, etc.)
- Multiple methods are OR'd together.
- items:
- type: string
- type: array
- paths:
- description: |-
- Paths is an optional field that restricts the rule to apply to HTTP requests that use one of the listed
- HTTP Paths.
- Multiple paths are OR'd together.
- e.g:
- - exact: /foo
- - prefix: /bar
- NOTE: Each entry may ONLY specify either a `exact` or a `prefix` match. The validator will check for it.
- items:
- description: |-
- HTTPPath specifies an HTTP path to match. It may be either of the form:
- exact: <path>: which matches the path exactly or
- prefix: <path-prefix>: which matches the path prefix
- properties:
- exact:
- type: string
- prefix:
- type: string
- type: object
- type: array
- type: object
- icmp:
- description: |-
- ICMP is an optional field that restricts the rule to apply to a specific type and
- code of ICMP traffic. This should only be specified if the Protocol field is set to
- "ICMP" or "ICMPv6".
- properties:
- code:
- description: |-
- Match on a specific ICMP code. If specified, the Type value must also be specified.
- This is a technical limitation imposed by the kernel's iptables firewall, which
- Calico uses to enforce the rule.
- type: integer
- type:
- description: |-
- Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request
- (i.e. pings).
- type: integer
- type: object
- ipVersion:
- description: |-
- IPVersion is an optional field that restricts the rule to only match a specific IP
- version.
- type: integer
- metadata:
- description: Metadata contains additional information for this
- rule
- properties:
- annotations:
- additionalProperties:
- type: string
- description: Annotations is a set of key value pairs that
- give extra information about the rule
- type: object
- type: object
- notICMP:
- description: NotICMP is the negated version of the ICMP field.
- properties:
- code:
- description: |-
- Match on a specific ICMP code. If specified, the Type value must also be specified.
- This is a technical limitation imposed by the kernel's iptables firewall, which
- Calico uses to enforce the rule.
- type: integer
- type:
- description: |-
- Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request
- (i.e. pings).
- type: integer
- type: object
- notProtocol:
- anyOf:
- - type: integer
- - type: string
- description: NotProtocol is the negated version of the Protocol
- field.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- protocol:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Protocol is an optional field that restricts the rule to only apply to traffic of
- a specific IP protocol. Required if any of the EntityRules contain Ports
- (because ports only apply to certain protocols).
-
- Must be one of these string values: "TCP", "UDP", "ICMP", "ICMPv6", "SCTP", "UDPLite"
- or an integer in the range 1-255.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- source:
- description: Source contains the match criteria that apply to
- source entity.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector is an optional field that contains a selector expression. Only traffic
- that originates from (or terminates at) endpoints within the selected namespaces will be
- matched. When both NamespaceSelector and another selector are defined on the same rule, then only
- workload endpoints that are matched by both selectors will be selected by the rule.
-
- For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting
- only workload endpoints in the same namespace as the NetworkPolicy.
-
- For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting
- only GlobalNetworkSet or HostEndpoint.
-
- For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload
- endpoints across all namespaces.
- type: string
- nets:
- description: |-
- Nets is an optional field that restricts the rule to only apply to traffic that
- originates from (or terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: |-
- NotPorts is the negated version of the Ports field.
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: |-
- NotSelector is the negated version of the Selector field. See Selector field for
- subtleties with negated selectors.
- type: string
- ports:
- description: |-
- Ports is an optional field that restricts the rule to only apply to traffic that has a
- source (destination) port that matches one of these ranges/values. This value is a
- list of integers or strings that represent ranges of ports.
-
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for\nsample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching\nthe selector will be matched.\n\nNote that:
- in addition to the negated version of the Selector (see
- NotSelector below), the\nselector expression syntax itself
- supports negation. The two types of negation are subtly\ndifferent.
- One negates the set of matched endpoints, the other negates
- the whole match:\n\n\tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled\n\tendpoints
- that do not have the label \"my_label\".\n\n\tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled\n\tendpoints that do have the label
- \"my_label\".\n\nThe effect is that the latter will accept
- packets from non-Calico sources whereas the\nformer is
- limited to packets from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: |-
- ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or
- terminates at) a pod running as a matching service account.
- properties:
- names:
- description: |-
- Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates
- at) a pod running as a service account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: |-
- Selector is an optional field that restricts the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a service account that matches the given label selector.
- If both Names and Selector are specified then they are AND'ed.
- type: string
- type: object
- services:
- description: |-
- Services is an optional field that contains options for matching Kubernetes Services.
- If specified, only traffic that originates from or terminates at endpoints within the selected
- service(s) will be matched, and only to/from each endpoint's port.
-
- Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets,
- NotNets or ServiceAccounts.
-
- Ports and NotPorts can only be specified with Services on ingress rules.
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: |-
- Namespace specifies the namespace of the given Service. If left empty, the rule
- will match within this policy's namespace.
- type: string
- type: object
- type: object
- required:
- - action
- type: object
- type: array
- ingress:
- description: |-
- The ordered set of ingress rules. Each rule contains a set of packet match criteria and
- a corresponding action to apply.
- items:
- description: |-
- A Rule encapsulates a set of match criteria and an action. Both selector-based security Policy
- and security Profiles reference rules - separated out as a list of rules for both
- ingress and egress packet matching.
-
- Each positive match criteria has a negated version, prefixed with "Not". All the match
- criteria within a rule must be satisfied for a packet to match. A single rule can contain
- the positive and negative version of a match and both must be satisfied for the rule to match.
- properties:
- action:
- type: string
- destination:
- description: Destination contains the match criteria that apply
- to destination entity.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector is an optional field that contains a selector expression. Only traffic
- that originates from (or terminates at) endpoints within the selected namespaces will be
- matched. When both NamespaceSelector and another selector are defined on the same rule, then only
- workload endpoints that are matched by both selectors will be selected by the rule.
-
- For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting
- only workload endpoints in the same namespace as the NetworkPolicy.
-
- For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting
- only GlobalNetworkSet or HostEndpoint.
-
- For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload
- endpoints across all namespaces.
- type: string
- nets:
- description: |-
- Nets is an optional field that restricts the rule to only apply to traffic that
- originates from (or terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: |-
- NotPorts is the negated version of the Ports field.
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: |-
- NotSelector is the negated version of the Selector field. See Selector field for
- subtleties with negated selectors.
- type: string
- ports:
- description: |-
- Ports is an optional field that restricts the rule to only apply to traffic that has a
- source (destination) port that matches one of these ranges/values. This value is a
- list of integers or strings that represent ranges of ports.
-
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for\nsample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching\nthe selector will be matched.\n\nNote that:
- in addition to the negated version of the Selector (see
- NotSelector below), the\nselector expression syntax itself
- supports negation. The two types of negation are subtly\ndifferent.
- One negates the set of matched endpoints, the other negates
- the whole match:\n\n\tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled\n\tendpoints
- that do not have the label \"my_label\".\n\n\tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled\n\tendpoints that do have the label
- \"my_label\".\n\nThe effect is that the latter will accept
- packets from non-Calico sources whereas the\nformer is
- limited to packets from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: |-
- ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or
- terminates at) a pod running as a matching service account.
- properties:
- names:
- description: |-
- Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates
- at) a pod running as a service account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: |-
- Selector is an optional field that restricts the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a service account that matches the given label selector.
- If both Names and Selector are specified then they are AND'ed.
- type: string
- type: object
- services:
- description: |-
- Services is an optional field that contains options for matching Kubernetes Services.
- If specified, only traffic that originates from or terminates at endpoints within the selected
- service(s) will be matched, and only to/from each endpoint's port.
-
- Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets,
- NotNets or ServiceAccounts.
-
- Ports and NotPorts can only be specified with Services on ingress rules.
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: |-
- Namespace specifies the namespace of the given Service. If left empty, the rule
- will match within this policy's namespace.
- type: string
- type: object
- type: object
- http:
- description: HTTP contains match criteria that apply to HTTP
- requests.
- properties:
- methods:
- description: |-
- Methods is an optional field that restricts the rule to apply only to HTTP requests that use one of the listed
- HTTP Methods (e.g. GET, PUT, etc.)
- Multiple methods are OR'd together.
- items:
- type: string
- type: array
- paths:
- description: |-
- Paths is an optional field that restricts the rule to apply to HTTP requests that use one of the listed
- HTTP Paths.
- Multiple paths are OR'd together.
- e.g:
- - exact: /foo
- - prefix: /bar
- NOTE: Each entry may ONLY specify either a `exact` or a `prefix` match. The validator will check for it.
- items:
- description: |-
- HTTPPath specifies an HTTP path to match. It may be either of the form:
- exact: <path>: which matches the path exactly or
- prefix: <path-prefix>: which matches the path prefix
- properties:
- exact:
- type: string
- prefix:
- type: string
- type: object
- type: array
- type: object
- icmp:
- description: |-
- ICMP is an optional field that restricts the rule to apply to a specific type and
- code of ICMP traffic. This should only be specified if the Protocol field is set to
- "ICMP" or "ICMPv6".
- properties:
- code:
- description: |-
- Match on a specific ICMP code. If specified, the Type value must also be specified.
- This is a technical limitation imposed by the kernel's iptables firewall, which
- Calico uses to enforce the rule.
- type: integer
- type:
- description: |-
- Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request
- (i.e. pings).
- type: integer
- type: object
- ipVersion:
- description: |-
- IPVersion is an optional field that restricts the rule to only match a specific IP
- version.
- type: integer
- metadata:
- description: Metadata contains additional information for this
- rule
- properties:
- annotations:
- additionalProperties:
- type: string
- description: Annotations is a set of key value pairs that
- give extra information about the rule
- type: object
- type: object
- notICMP:
- description: NotICMP is the negated version of the ICMP field.
- properties:
- code:
- description: |-
- Match on a specific ICMP code. If specified, the Type value must also be specified.
- This is a technical limitation imposed by the kernel's iptables firewall, which
- Calico uses to enforce the rule.
- type: integer
- type:
- description: |-
- Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request
- (i.e. pings).
- type: integer
- type: object
- notProtocol:
- anyOf:
- - type: integer
- - type: string
- description: NotProtocol is the negated version of the Protocol
- field.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- protocol:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Protocol is an optional field that restricts the rule to only apply to traffic of
- a specific IP protocol. Required if any of the EntityRules contain Ports
- (because ports only apply to certain protocols).
-
- Must be one of these string values: "TCP", "UDP", "ICMP", "ICMPv6", "SCTP", "UDPLite"
- or an integer in the range 1-255.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- source:
- description: Source contains the match criteria that apply to
- source entity.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector is an optional field that contains a selector expression. Only traffic
- that originates from (or terminates at) endpoints within the selected namespaces will be
- matched. When both NamespaceSelector and another selector are defined on the same rule, then only
- workload endpoints that are matched by both selectors will be selected by the rule.
-
- For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting
- only workload endpoints in the same namespace as the NetworkPolicy.
-
- For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting
- only GlobalNetworkSet or HostEndpoint.
-
- For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload
- endpoints across all namespaces.
- type: string
- nets:
- description: |-
- Nets is an optional field that restricts the rule to only apply to traffic that
- originates from (or terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: |-
- NotPorts is the negated version of the Ports field.
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: |-
- NotSelector is the negated version of the Selector field. See Selector field for
- subtleties with negated selectors.
- type: string
- ports:
- description: |-
- Ports is an optional field that restricts the rule to only apply to traffic that has a
- source (destination) port that matches one of these ranges/values. This value is a
- list of integers or strings that represent ranges of ports.
-
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for\nsample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching\nthe selector will be matched.\n\nNote that:
- in addition to the negated version of the Selector (see
- NotSelector below), the\nselector expression syntax itself
- supports negation. The two types of negation are subtly\ndifferent.
- One negates the set of matched endpoints, the other negates
- the whole match:\n\n\tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled\n\tendpoints
- that do not have the label \"my_label\".\n\n\tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled\n\tendpoints that do have the label
- \"my_label\".\n\nThe effect is that the latter will accept
- packets from non-Calico sources whereas the\nformer is
- limited to packets from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: |-
- ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or
- terminates at) a pod running as a matching service account.
- properties:
- names:
- description: |-
- Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates
- at) a pod running as a service account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: |-
- Selector is an optional field that restricts the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a service account that matches the given label selector.
- If both Names and Selector are specified then they are AND'ed.
- type: string
- type: object
- services:
- description: |-
- Services is an optional field that contains options for matching Kubernetes Services.
- If specified, only traffic that originates from or terminates at endpoints within the selected
- service(s) will be matched, and only to/from each endpoint's port.
-
- Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets,
- NotNets or ServiceAccounts.
-
- Ports and NotPorts can only be specified with Services on ingress rules.
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: |-
- Namespace specifies the namespace of the given Service. If left empty, the rule
- will match within this policy's namespace.
- type: string
- type: object
- type: object
- required:
- - action
- type: object
- type: array
- namespaceSelector:
- description: NamespaceSelector is an optional field for an expression
- used to select a pod based on namespaces.
- type: string
- order:
- description: |-
- Order is an optional field that specifies the order in which the policy is applied.
- Policies with higher "order" are applied after those with lower
- order within the same tier. If the order is omitted, it may be considered to be "infinite" - i.e. the
- policy will be applied last. Policies with identical order will be applied in
- alphanumerical order based on the Policy "Name" within the tier.
- type: number
- performanceHints:
- description: |-
- PerformanceHints contains a list of hints to Calico's policy engine to
- help process the policy more efficiently. Hints never change the
- enforcement behaviour of the policy.
-
- Currently, the only available hint is "AssumeNeededOnEveryNode". When
- that hint is set on a policy, Felix will act as if the policy matches
- a local endpoint even if it does not. This is useful for "preloading"
- any large static policies that are known to be used on every node.
- If the policy is _not_ used on a particular node then the work
- done to preload the policy (and to maintain it) is wasted.
- items:
- type: string
- type: array
- preDNAT:
- description: PreDNAT indicates to apply the rules in this policy before
- any DNAT.
- type: boolean
- selector:
- description: "The selector is an expression used to pick out the endpoints
- that the policy should\nbe applied to.\n\nSelector expressions follow
- this syntax:\n\n\tlabel == \"string_literal\" -> comparison, e.g.
- my_label == \"foo bar\"\n\tlabel != \"string_literal\" -> not
- equal; also matches if label is not present\n\tlabel in { \"a\",
- \"b\", \"c\", ... } -> true if the value of label X is one of
- \"a\", \"b\", \"c\"\n\tlabel not in { \"a\", \"b\", \"c\", ... }
- \ -> true if the value of label X is not one of \"a\", \"b\", \"c\"\n\thas(label_name)
- \ -> True if that label is present\n\t! expr -> negation of expr\n\texpr
- && expr -> Short-circuit and\n\texpr || expr -> Short-circuit
- or\n\t( expr ) -> parens for grouping\n\tall() or the empty selector
- -> matches all endpoints.\n\nLabel names are allowed to contain
- alphanumerics, -, _ and /. String literals are more permissive\nbut
- they do not support escape characters.\n\nExamples (with made-up
- labels):\n\n\ttype == \"webserver\" && deployment == \"prod\"\n\ttype
- in {\"frontend\", \"backend\"}\n\tdeployment != \"dev\"\n\t! has(label_name)"
- type: string
- serviceAccountSelector:
- description: ServiceAccountSelector is an optional field for an expression
- used to select a pod based on service accounts.
- type: string
- tier:
- description: |-
- The name of the tier that this policy belongs to. If this is omitted, the default
- tier (name is "default") is assumed. The specified tier must exist in order to create
- security policies within the tier, the "default" tier is created automatically if it
- does not exist, this means for deployments requiring only a single Tier, the tier name
- may be omitted on all policy management requests.
- type: string
- types:
- description: |-
- Types indicates whether this policy applies to ingress, or to egress, or to both. When
- not explicitly specified (and so the value on creation is empty or nil), Calico defaults
- Types according to what Ingress and Egress rules are present in the policy. The
- default is:
-
- - [ PolicyTypeIngress ], if there are no Egress rules (including the case where there are
- also no Ingress rules)
-
- - [ PolicyTypeEgress ], if there are Egress rules but no Ingress rules
-
- - [ PolicyTypeIngress, PolicyTypeEgress ], if there are both Ingress and Egress rules.
-
- When the policy is read back again, Types will always be one of these values, never empty
- or nil.
- items:
- description: PolicyType enumerates the possible values of the PolicySpec
- Types field.
- type: string
- type: array
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_globalnetworksets.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: globalnetworksets.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: GlobalNetworkSet
- listKind: GlobalNetworkSetList
- plural: globalnetworksets
- singular: globalnetworkset
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- description: |-
- GlobalNetworkSet contains a set of arbitrary IP sub-networks/CIDRs that share labels to
- allow rules to refer to them via selectors. The labels of GlobalNetworkSet are not namespaced.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: GlobalNetworkSetSpec contains the specification for a NetworkSet
- resource.
- properties:
- nets:
- description: The list of IP networks that belong to this set.
- items:
- type: string
- type: array
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_hostendpoints.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: hostendpoints.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: HostEndpoint
- listKind: HostEndpointList
- plural: hostendpoints
- singular: hostendpoint
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: HostEndpointSpec contains the specification for a HostEndpoint
- resource.
- properties:
- expectedIPs:
- description: "The expected IP addresses (IPv4 and IPv6) of the endpoint.\nIf
- \"InterfaceName\" is not present, Calico will look for an interface
- matching any\nof the IPs in the list and apply policy to that.\nNote:\n\tWhen
- using the selector match criteria in an ingress or egress security
- Policy\n\tor Profile, Calico converts the selector into a set of
- IP addresses. For host\n\tendpoints, the ExpectedIPs field is used
- for that purpose. (If only the interface\n\tname is specified, Calico
- does not learn the IPs of the interface for use in match\n\tcriteria.)"
- items:
- type: string
- type: array
- interfaceName:
- description: |-
- Either "*", or the name of a specific Linux interface to apply policy to; or empty. "*"
- indicates that this HostEndpoint governs all traffic to, from or through the default
- network namespace of the host named by the "Node" field; entering and leaving that
- namespace via any interface, including those from/to non-host-networked local workloads.
-
- If InterfaceName is not "*", this HostEndpoint only governs traffic that enters or leaves
- the host through the specific interface named by InterfaceName, or - when InterfaceName
- is empty - through the specific interface that has one of the IPs in ExpectedIPs.
- Therefore, when InterfaceName is empty, at least one expected IP must be specified. Only
- external interfaces (such as "eth0") are supported here; it isn't possible for a
- HostEndpoint to protect traffic through a specific local workload interface.
-
- Note: Only some kinds of policy are implemented for "*" HostEndpoints; initially just
- pre-DNAT policy. Please check Calico documentation for the latest position.
- type: string
- node:
- description: The node name identifying the Calico node instance.
- type: string
- ports:
- description: Ports contains the endpoint's named ports, which may
- be referenced in security policy rules.
- items:
- properties:
- name:
- type: string
- port:
- type: integer
- protocol:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- required:
- - name
- - port
- - protocol
- type: object
- type: array
- profiles:
- description: |-
- A list of identifiers of security Profile objects that apply to this endpoint. Each
- profile is applied in the order that they appear in this list. Profile rules are applied
- after the selector-based security policy.
- items:
- type: string
- type: array
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_ipamblocks.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: ipamblocks.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: IPAMBlock
- listKind: IPAMBlockList
- plural: ipamblocks
- singular: ipamblock
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: IPAMBlockSpec contains the specification for an IPAMBlock
- resource.
- properties:
- affinity:
- description: |-
- Affinity of the block, if this block has one. If set, it will be of the form
- "host:<hostname>". If not set, this block is not affine to a host.
- type: string
- allocations:
- description: |-
- Array of allocations in-use within this block. nil entries mean the allocation is free.
- For non-nil entries at index i, the index is the ordinal of the allocation within this block
- and the value is the index of the associated attributes in the Attributes array.
- items:
- type: integer
- # TODO: This nullable is manually added in. We should update controller-gen
- # to handle []*int properly itself.
- nullable: true
- type: array
- attributes:
- description: |-
- Attributes is an array of arbitrary metadata associated with allocations in the block. To find
- attributes for a given allocation, use the value of the allocation's entry in the Allocations array
- as the index of the element in this array.
- items:
- properties:
- handle_id:
- type: string
- secondary:
- additionalProperties:
- type: string
- type: object
- type: object
- type: array
- cidr:
- description: The block's CIDR.
- type: string
- deleted:
- description: |-
- Deleted is an internal boolean used to workaround a limitation in the Kubernetes API whereby
- deletion will not return a conflict error if the block has been updated. It should not be set manually.
- type: boolean
- sequenceNumber:
- default: 0
- description: |-
- We store a sequence number that is updated each time the block is written.
- Each allocation will also store the sequence number of the block at the time of its creation.
- When releasing an IP, passing the sequence number associated with the allocation allows us
- to protect against a race condition and ensure the IP hasn't been released and re-allocated
- since the release request.
- format: int64
- type: integer
- sequenceNumberForAllocation:
- additionalProperties:
- format: int64
- type: integer
- description: |-
- Map of allocated ordinal within the block to sequence number of the block at
- the time of allocation. Kubernetes does not allow numerical keys for maps, so
- the key is cast to a string.
- type: object
- strictAffinity:
- description: StrictAffinity on the IPAMBlock is deprecated and no
- longer used by the code. Use IPAMConfig StrictAffinity instead.
- type: boolean
- unallocated:
- description: Unallocated is an ordered list of allocations which are
- free in the block.
- items:
- type: integer
- type: array
- required:
- - allocations
- - attributes
- - cidr
- - strictAffinity
- - unallocated
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_ipamconfigs.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: ipamconfigs.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: IPAMConfig
- listKind: IPAMConfigList
- plural: ipamconfigs
- singular: ipamconfig
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: IPAMConfigSpec contains the specification for an IPAMConfig
- resource.
- properties:
- autoAllocateBlocks:
- type: boolean
- maxBlocksPerHost:
- description: |-
- MaxBlocksPerHost, if non-zero, is the max number of blocks that can be
- affine to each host.
- maximum: 2147483647
- minimum: 0
- type: integer
- strictAffinity:
- type: boolean
- required:
- - autoAllocateBlocks
- - strictAffinity
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_ipamhandles.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: ipamhandles.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: IPAMHandle
- listKind: IPAMHandleList
- plural: ipamhandles
- singular: ipamhandle
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: IPAMHandleSpec contains the specification for an IPAMHandle
- resource.
- properties:
- block:
- additionalProperties:
- type: integer
- type: object
- deleted:
- type: boolean
- handleID:
- type: string
- required:
- - block
- - handleID
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_ippools.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: ippools.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: IPPool
- listKind: IPPoolList
- plural: ippools
- singular: ippool
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: IPPoolSpec contains the specification for an IPPool resource.
- properties:
- allowedUses:
- description: |-
- AllowedUse controls what the IP pool will be used for. If not specified or empty, defaults to
- ["Tunnel", "Workload"] for back-compatibility
- items:
- type: string
- type: array
- assignmentMode:
- description: Determines the mode how IP addresses should be assigned
- from this pool
- enum:
- - Automatic
- - Manual
- type: string
- blockSize:
- description: The block size to use for IP address assignments from
- this pool. Defaults to 26 for IPv4 and 122 for IPv6.
- type: integer
- cidr:
- description: The pool CIDR.
- type: string
- disableBGPExport:
- description: 'Disable exporting routes from this IP Pool''s CIDR over
- BGP. [Default: false]'
- type: boolean
- disabled:
- description: When disabled is true, Calico IPAM will not assign addresses
- from this pool.
- type: boolean
- ipip:
- description: |-
- Deprecated: this field is only used for APIv1 backwards compatibility.
- Setting this field is not allowed, this field is for internal use only.
- properties:
- enabled:
- description: |-
- When enabled is true, ipip tunneling will be used to deliver packets to
- destinations within this pool.
- type: boolean
- mode:
- description: |-
- The IPIP mode. This can be one of "always" or "cross-subnet". A mode
- of "always" will also use IPIP tunneling for routing to destination IP
- addresses within this pool. A mode of "cross-subnet" will only use IPIP
- tunneling when the destination node is on a different subnet to the
- originating node. The default value (if not specified) is "always".
- type: string
- type: object
- ipipMode:
- description: |-
- Contains configuration for IPIP tunneling for this pool. If not specified,
- then this is defaulted to "Never" (i.e. IPIP tunneling is disabled).
- type: string
- nat-outgoing:
- description: |-
- Deprecated: this field is only used for APIv1 backwards compatibility.
- Setting this field is not allowed, this field is for internal use only.
- type: boolean
- natOutgoing:
- description: |-
- When natOutgoing is true, packets sent from Calico networked containers in
- this pool to destinations outside of this pool will be masqueraded.
- type: boolean
- nodeSelector:
- description: Allows IPPool to allocate for a specific node by label
- selector.
- type: string
- vxlanMode:
- description: |-
- Contains configuration for VXLAN tunneling for this pool. If not specified,
- then this is defaulted to "Never" (i.e. VXLAN tunneling is disabled).
- type: string
- required:
- - cidr
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_ipreservations.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: ipreservations.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: IPReservation
- listKind: IPReservationList
- plural: ipreservations
- singular: ipreservation
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: IPReservationSpec contains the specification for an IPReservation
- resource.
- properties:
- reservedCIDRs:
- description: ReservedCIDRs is a list of CIDRs and/or IP addresses
- that Calico IPAM will exclude from new allocations.
- items:
- type: string
- type: array
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_kubecontrollersconfigurations.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: kubecontrollersconfigurations.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: KubeControllersConfiguration
- listKind: KubeControllersConfigurationList
- plural: kubecontrollersconfigurations
- singular: kubecontrollersconfiguration
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: KubeControllersConfigurationSpec contains the values of the
- Kubernetes controllers configuration.
- properties:
- controllers:
- description: Controllers enables and configures individual Kubernetes
- controllers
- properties:
- loadBalancer:
- description: LoadBalancer enables and configures the LoadBalancer
- controller. Enabled by default, set to nil to disable.
- properties:
- assignIPs:
- type: string
- type: object
- namespace:
- description: Namespace enables and configures the namespace controller.
- Enabled by default, set to nil to disable.
- properties:
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform reconciliation
- with the Calico datastore. [Default: 5m]'
- type: string
- type: object
- node:
- description: Node enables and configures the node controller.
- Enabled by default, set to nil to disable.
- properties:
- hostEndpoint:
- description: HostEndpoint controls syncing nodes to host endpoints.
- Disabled by default, set to nil to disable.
- properties:
- autoCreate:
- description: 'AutoCreate enables automatic creation of
- host endpoints for every node. [Default: Disabled]'
- type: string
- createDefaultHostEndpoint:
- type: string
- templates:
- description: Templates contains definition for creating
- AutoHostEndpoints
- items:
- properties:
- generateName:
- description: GenerateName is appended to the end
- of the generated AutoHostEndpoint name
- type: string
- interfaceCIDRs:
- description: InterfaceCIDRs contains a list of CIRDs
- used for matching nodeIPs to the AutoHostEndpoint
- items:
- type: string
- type: array
- labels:
- additionalProperties:
- type: string
- description: Labels adds the specified labels to
- the generated AutoHostEndpoint, labels from node
- with the same name will be overwritten by values
- from the template label
- type: object
- nodeSelector:
- description: NodeSelector allows the AutoHostEndpoint
- to be created only for specific nodes
- type: string
- type: object
- type: array
- type: object
- leakGracePeriod:
- description: |-
- LeakGracePeriod is the period used by the controller to determine if an IP address has been leaked.
- Set to 0 to disable IP garbage collection. [Default: 15m]
- type: string
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform reconciliation
- with the Calico datastore. [Default: 5m]'
- type: string
- syncLabels:
- description: 'SyncLabels controls whether to copy Kubernetes
- node labels to Calico nodes. [Default: Enabled]'
- type: string
- type: object
- policy:
- description: Policy enables and configures the policy controller.
- Enabled by default, set to nil to disable.
- properties:
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform reconciliation
- with the Calico datastore. [Default: 5m]'
- type: string
- type: object
- serviceAccount:
- description: ServiceAccount enables and configures the service
- account controller. Enabled by default, set to nil to disable.
- properties:
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform reconciliation
- with the Calico datastore. [Default: 5m]'
- type: string
- type: object
- workloadEndpoint:
- description: WorkloadEndpoint enables and configures the workload
- endpoint controller. Enabled by default, set to nil to disable.
- properties:
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform reconciliation
- with the Calico datastore. [Default: 5m]'
- type: string
- type: object
- type: object
- debugProfilePort:
- description: |-
- DebugProfilePort configures the port to serve memory and cpu profiles on. If not specified, profiling
- is disabled.
- format: int32
- type: integer
- etcdV3CompactionPeriod:
- description: 'EtcdV3CompactionPeriod is the period between etcdv3
- compaction requests. Set to 0 to disable. [Default: 10m]'
- type: string
- healthChecks:
- description: 'HealthChecks enables or disables support for health
- checks [Default: Enabled]'
- type: string
- logSeverityScreen:
- description: 'LogSeverityScreen is the log severity above which logs
- are sent to the stdout. [Default: Info]'
- type: string
- prometheusMetricsPort:
- description: 'PrometheusMetricsPort is the TCP port that the Prometheus
- metrics server should bind to. Set to 0 to disable. [Default: 9094]'
- type: integer
- required:
- - controllers
- type: object
- status:
- description: |-
- KubeControllersConfigurationStatus represents the status of the configuration. It's useful for admins to
- be able to see the actual config that was applied, which can be modified by environment variables on the
- kube-controllers process.
- properties:
- environmentVars:
- additionalProperties:
- type: string
- description: |-
- EnvironmentVars contains the environment variables on the kube-controllers that influenced
- the RunningConfig.
- type: object
- runningConfig:
- description: |-
- RunningConfig contains the effective config that is running in the kube-controllers pod, after
- merging the API resource with any environment variables.
- properties:
- controllers:
- description: Controllers enables and configures individual Kubernetes
- controllers
- properties:
- loadBalancer:
- description: LoadBalancer enables and configures the LoadBalancer
- controller. Enabled by default, set to nil to disable.
- properties:
- assignIPs:
- type: string
- type: object
- namespace:
- description: Namespace enables and configures the namespace
- controller. Enabled by default, set to nil to disable.
- properties:
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform
- reconciliation with the Calico datastore. [Default:
- 5m]'
- type: string
- type: object
- node:
- description: Node enables and configures the node controller.
- Enabled by default, set to nil to disable.
- properties:
- hostEndpoint:
- description: HostEndpoint controls syncing nodes to host
- endpoints. Disabled by default, set to nil to disable.
- properties:
- autoCreate:
- description: 'AutoCreate enables automatic creation
- of host endpoints for every node. [Default: Disabled]'
- type: string
- createDefaultHostEndpoint:
- type: string
- templates:
- description: Templates contains definition for creating
- AutoHostEndpoints
- items:
- properties:
- generateName:
- description: GenerateName is appended to the
- end of the generated AutoHostEndpoint name
- type: string
- interfaceCIDRs:
- description: InterfaceCIDRs contains a list
- of CIRDs used for matching nodeIPs to the
- AutoHostEndpoint
- items:
- type: string
- type: array
- labels:
- additionalProperties:
- type: string
- description: Labels adds the specified labels
- to the generated AutoHostEndpoint, labels
- from node with the same name will be overwritten
- by values from the template label
- type: object
- nodeSelector:
- description: NodeSelector allows the AutoHostEndpoint
- to be created only for specific nodes
- type: string
- type: object
- type: array
- type: object
- leakGracePeriod:
- description: |-
- LeakGracePeriod is the period used by the controller to determine if an IP address has been leaked.
- Set to 0 to disable IP garbage collection. [Default: 15m]
- type: string
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform
- reconciliation with the Calico datastore. [Default:
- 5m]'
- type: string
- syncLabels:
- description: 'SyncLabels controls whether to copy Kubernetes
- node labels to Calico nodes. [Default: Enabled]'
- type: string
- type: object
- policy:
- description: Policy enables and configures the policy controller.
- Enabled by default, set to nil to disable.
- properties:
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform
- reconciliation with the Calico datastore. [Default:
- 5m]'
- type: string
- type: object
- serviceAccount:
- description: ServiceAccount enables and configures the service
- account controller. Enabled by default, set to nil to disable.
- properties:
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform
- reconciliation with the Calico datastore. [Default:
- 5m]'
- type: string
- type: object
- workloadEndpoint:
- description: WorkloadEndpoint enables and configures the workload
- endpoint controller. Enabled by default, set to nil to disable.
- properties:
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform
- reconciliation with the Calico datastore. [Default:
- 5m]'
- type: string
- type: object
- type: object
- debugProfilePort:
- description: |-
- DebugProfilePort configures the port to serve memory and cpu profiles on. If not specified, profiling
- is disabled.
- format: int32
- type: integer
- etcdV3CompactionPeriod:
- description: 'EtcdV3CompactionPeriod is the period between etcdv3
- compaction requests. Set to 0 to disable. [Default: 10m]'
- type: string
- healthChecks:
- description: 'HealthChecks enables or disables support for health
- checks [Default: Enabled]'
- type: string
- logSeverityScreen:
- description: 'LogSeverityScreen is the log severity above which
- logs are sent to the stdout. [Default: Info]'
- type: string
- prometheusMetricsPort:
- description: 'PrometheusMetricsPort is the TCP port that the Prometheus
- metrics server should bind to. Set to 0 to disable. [Default:
- 9094]'
- type: integer
- required:
- - controllers
- type: object
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_networkpolicies.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: networkpolicies.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: NetworkPolicy
- listKind: NetworkPolicyList
- plural: networkpolicies
- singular: networkpolicy
- preserveUnknownFields: false
- scope: Namespaced
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- properties:
- egress:
- description: |-
- The ordered set of egress rules. Each rule contains a set of packet match criteria and
- a corresponding action to apply.
- items:
- description: |-
- A Rule encapsulates a set of match criteria and an action. Both selector-based security Policy
- and security Profiles reference rules - separated out as a list of rules for both
- ingress and egress packet matching.
-
- Each positive match criteria has a negated version, prefixed with "Not". All the match
- criteria within a rule must be satisfied for a packet to match. A single rule can contain
- the positive and negative version of a match and both must be satisfied for the rule to match.
- properties:
- action:
- type: string
- destination:
- description: Destination contains the match criteria that apply
- to destination entity.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector is an optional field that contains a selector expression. Only traffic
- that originates from (or terminates at) endpoints within the selected namespaces will be
- matched. When both NamespaceSelector and another selector are defined on the same rule, then only
- workload endpoints that are matched by both selectors will be selected by the rule.
-
- For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting
- only workload endpoints in the same namespace as the NetworkPolicy.
-
- For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting
- only GlobalNetworkSet or HostEndpoint.
-
- For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload
- endpoints across all namespaces.
- type: string
- nets:
- description: |-
- Nets is an optional field that restricts the rule to only apply to traffic that
- originates from (or terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: |-
- NotPorts is the negated version of the Ports field.
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: |-
- NotSelector is the negated version of the Selector field. See Selector field for
- subtleties with negated selectors.
- type: string
- ports:
- description: |-
- Ports is an optional field that restricts the rule to only apply to traffic that has a
- source (destination) port that matches one of these ranges/values. This value is a
- list of integers or strings that represent ranges of ports.
-
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for\nsample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching\nthe selector will be matched.\n\nNote that:
- in addition to the negated version of the Selector (see
- NotSelector below), the\nselector expression syntax itself
- supports negation. The two types of negation are subtly\ndifferent.
- One negates the set of matched endpoints, the other negates
- the whole match:\n\n\tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled\n\tendpoints
- that do not have the label \"my_label\".\n\n\tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled\n\tendpoints that do have the label
- \"my_label\".\n\nThe effect is that the latter will accept
- packets from non-Calico sources whereas the\nformer is
- limited to packets from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: |-
- ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or
- terminates at) a pod running as a matching service account.
- properties:
- names:
- description: |-
- Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates
- at) a pod running as a service account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: |-
- Selector is an optional field that restricts the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a service account that matches the given label selector.
- If both Names and Selector are specified then they are AND'ed.
- type: string
- type: object
- services:
- description: |-
- Services is an optional field that contains options for matching Kubernetes Services.
- If specified, only traffic that originates from or terminates at endpoints within the selected
- service(s) will be matched, and only to/from each endpoint's port.
-
- Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets,
- NotNets or ServiceAccounts.
-
- Ports and NotPorts can only be specified with Services on ingress rules.
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: |-
- Namespace specifies the namespace of the given Service. If left empty, the rule
- will match within this policy's namespace.
- type: string
- type: object
- type: object
- http:
- description: HTTP contains match criteria that apply to HTTP
- requests.
- properties:
- methods:
- description: |-
- Methods is an optional field that restricts the rule to apply only to HTTP requests that use one of the listed
- HTTP Methods (e.g. GET, PUT, etc.)
- Multiple methods are OR'd together.
- items:
- type: string
- type: array
- paths:
- description: |-
- Paths is an optional field that restricts the rule to apply to HTTP requests that use one of the listed
- HTTP Paths.
- Multiple paths are OR'd together.
- e.g:
- - exact: /foo
- - prefix: /bar
- NOTE: Each entry may ONLY specify either a `exact` or a `prefix` match. The validator will check for it.
- items:
- description: |-
- HTTPPath specifies an HTTP path to match. It may be either of the form:
- exact: <path>: which matches the path exactly or
- prefix: <path-prefix>: which matches the path prefix
- properties:
- exact:
- type: string
- prefix:
- type: string
- type: object
- type: array
- type: object
- icmp:
- description: |-
- ICMP is an optional field that restricts the rule to apply to a specific type and
- code of ICMP traffic. This should only be specified if the Protocol field is set to
- "ICMP" or "ICMPv6".
- properties:
- code:
- description: |-
- Match on a specific ICMP code. If specified, the Type value must also be specified.
- This is a technical limitation imposed by the kernel's iptables firewall, which
- Calico uses to enforce the rule.
- type: integer
- type:
- description: |-
- Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request
- (i.e. pings).
- type: integer
- type: object
- ipVersion:
- description: |-
- IPVersion is an optional field that restricts the rule to only match a specific IP
- version.
- type: integer
- metadata:
- description: Metadata contains additional information for this
- rule
- properties:
- annotations:
- additionalProperties:
- type: string
- description: Annotations is a set of key value pairs that
- give extra information about the rule
- type: object
- type: object
- notICMP:
- description: NotICMP is the negated version of the ICMP field.
- properties:
- code:
- description: |-
- Match on a specific ICMP code. If specified, the Type value must also be specified.
- This is a technical limitation imposed by the kernel's iptables firewall, which
- Calico uses to enforce the rule.
- type: integer
- type:
- description: |-
- Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request
- (i.e. pings).
- type: integer
- type: object
- notProtocol:
- anyOf:
- - type: integer
- - type: string
- description: NotProtocol is the negated version of the Protocol
- field.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- protocol:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Protocol is an optional field that restricts the rule to only apply to traffic of
- a specific IP protocol. Required if any of the EntityRules contain Ports
- (because ports only apply to certain protocols).
-
- Must be one of these string values: "TCP", "UDP", "ICMP", "ICMPv6", "SCTP", "UDPLite"
- or an integer in the range 1-255.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- source:
- description: Source contains the match criteria that apply to
- source entity.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector is an optional field that contains a selector expression. Only traffic
- that originates from (or terminates at) endpoints within the selected namespaces will be
- matched. When both NamespaceSelector and another selector are defined on the same rule, then only
- workload endpoints that are matched by both selectors will be selected by the rule.
-
- For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting
- only workload endpoints in the same namespace as the NetworkPolicy.
-
- For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting
- only GlobalNetworkSet or HostEndpoint.
-
- For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload
- endpoints across all namespaces.
- type: string
- nets:
- description: |-
- Nets is an optional field that restricts the rule to only apply to traffic that
- originates from (or terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: |-
- NotPorts is the negated version of the Ports field.
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: |-
- NotSelector is the negated version of the Selector field. See Selector field for
- subtleties with negated selectors.
- type: string
- ports:
- description: |-
- Ports is an optional field that restricts the rule to only apply to traffic that has a
- source (destination) port that matches one of these ranges/values. This value is a
- list of integers or strings that represent ranges of ports.
-
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for\nsample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching\nthe selector will be matched.\n\nNote that:
- in addition to the negated version of the Selector (see
- NotSelector below), the\nselector expression syntax itself
- supports negation. The two types of negation are subtly\ndifferent.
- One negates the set of matched endpoints, the other negates
- the whole match:\n\n\tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled\n\tendpoints
- that do not have the label \"my_label\".\n\n\tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled\n\tendpoints that do have the label
- \"my_label\".\n\nThe effect is that the latter will accept
- packets from non-Calico sources whereas the\nformer is
- limited to packets from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: |-
- ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or
- terminates at) a pod running as a matching service account.
- properties:
- names:
- description: |-
- Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates
- at) a pod running as a service account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: |-
- Selector is an optional field that restricts the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a service account that matches the given label selector.
- If both Names and Selector are specified then they are AND'ed.
- type: string
- type: object
- services:
- description: |-
- Services is an optional field that contains options for matching Kubernetes Services.
- If specified, only traffic that originates from or terminates at endpoints within the selected
- service(s) will be matched, and only to/from each endpoint's port.
-
- Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets,
- NotNets or ServiceAccounts.
-
- Ports and NotPorts can only be specified with Services on ingress rules.
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: |-
- Namespace specifies the namespace of the given Service. If left empty, the rule
- will match within this policy's namespace.
- type: string
- type: object
- type: object
- required:
- - action
- type: object
- type: array
- ingress:
- description: |-
- The ordered set of ingress rules. Each rule contains a set of packet match criteria and
- a corresponding action to apply.
- items:
- description: |-
- A Rule encapsulates a set of match criteria and an action. Both selector-based security Policy
- and security Profiles reference rules - separated out as a list of rules for both
- ingress and egress packet matching.
-
- Each positive match criteria has a negated version, prefixed with "Not". All the match
- criteria within a rule must be satisfied for a packet to match. A single rule can contain
- the positive and negative version of a match and both must be satisfied for the rule to match.
- properties:
- action:
- type: string
- destination:
- description: Destination contains the match criteria that apply
- to destination entity.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector is an optional field that contains a selector expression. Only traffic
- that originates from (or terminates at) endpoints within the selected namespaces will be
- matched. When both NamespaceSelector and another selector are defined on the same rule, then only
- workload endpoints that are matched by both selectors will be selected by the rule.
-
- For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting
- only workload endpoints in the same namespace as the NetworkPolicy.
-
- For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting
- only GlobalNetworkSet or HostEndpoint.
-
- For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload
- endpoints across all namespaces.
- type: string
- nets:
- description: |-
- Nets is an optional field that restricts the rule to only apply to traffic that
- originates from (or terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: |-
- NotPorts is the negated version of the Ports field.
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: |-
- NotSelector is the negated version of the Selector field. See Selector field for
- subtleties with negated selectors.
- type: string
- ports:
- description: |-
- Ports is an optional field that restricts the rule to only apply to traffic that has a
- source (destination) port that matches one of these ranges/values. This value is a
- list of integers or strings that represent ranges of ports.
-
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for\nsample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching\nthe selector will be matched.\n\nNote that:
- in addition to the negated version of the Selector (see
- NotSelector below), the\nselector expression syntax itself
- supports negation. The two types of negation are subtly\ndifferent.
- One negates the set of matched endpoints, the other negates
- the whole match:\n\n\tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled\n\tendpoints
- that do not have the label \"my_label\".\n\n\tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled\n\tendpoints that do have the label
- \"my_label\".\n\nThe effect is that the latter will accept
- packets from non-Calico sources whereas the\nformer is
- limited to packets from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: |-
- ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or
- terminates at) a pod running as a matching service account.
- properties:
- names:
- description: |-
- Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates
- at) a pod running as a service account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: |-
- Selector is an optional field that restricts the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a service account that matches the given label selector.
- If both Names and Selector are specified then they are AND'ed.
- type: string
- type: object
- services:
- description: |-
- Services is an optional field that contains options for matching Kubernetes Services.
- If specified, only traffic that originates from or terminates at endpoints within the selected
- service(s) will be matched, and only to/from each endpoint's port.
-
- Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets,
- NotNets or ServiceAccounts.
-
- Ports and NotPorts can only be specified with Services on ingress rules.
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: |-
- Namespace specifies the namespace of the given Service. If left empty, the rule
- will match within this policy's namespace.
- type: string
- type: object
- type: object
- http:
- description: HTTP contains match criteria that apply to HTTP
- requests.
- properties:
- methods:
- description: |-
- Methods is an optional field that restricts the rule to apply only to HTTP requests that use one of the listed
- HTTP Methods (e.g. GET, PUT, etc.)
- Multiple methods are OR'd together.
- items:
- type: string
- type: array
- paths:
- description: |-
- Paths is an optional field that restricts the rule to apply to HTTP requests that use one of the listed
- HTTP Paths.
- Multiple paths are OR'd together.
- e.g:
- - exact: /foo
- - prefix: /bar
- NOTE: Each entry may ONLY specify either a `exact` or a `prefix` match. The validator will check for it.
- items:
- description: |-
- HTTPPath specifies an HTTP path to match. It may be either of the form:
- exact: <path>: which matches the path exactly or
- prefix: <path-prefix>: which matches the path prefix
- properties:
- exact:
- type: string
- prefix:
- type: string
- type: object
- type: array
- type: object
- icmp:
- description: |-
- ICMP is an optional field that restricts the rule to apply to a specific type and
- code of ICMP traffic. This should only be specified if the Protocol field is set to
- "ICMP" or "ICMPv6".
- properties:
- code:
- description: |-
- Match on a specific ICMP code. If specified, the Type value must also be specified.
- This is a technical limitation imposed by the kernel's iptables firewall, which
- Calico uses to enforce the rule.
- type: integer
- type:
- description: |-
- Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request
- (i.e. pings).
- type: integer
- type: object
- ipVersion:
- description: |-
- IPVersion is an optional field that restricts the rule to only match a specific IP
- version.
- type: integer
- metadata:
- description: Metadata contains additional information for this
- rule
- properties:
- annotations:
- additionalProperties:
- type: string
- description: Annotations is a set of key value pairs that
- give extra information about the rule
- type: object
- type: object
- notICMP:
- description: NotICMP is the negated version of the ICMP field.
- properties:
- code:
- description: |-
- Match on a specific ICMP code. If specified, the Type value must also be specified.
- This is a technical limitation imposed by the kernel's iptables firewall, which
- Calico uses to enforce the rule.
- type: integer
- type:
- description: |-
- Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request
- (i.e. pings).
- type: integer
- type: object
- notProtocol:
- anyOf:
- - type: integer
- - type: string
- description: NotProtocol is the negated version of the Protocol
- field.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- protocol:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Protocol is an optional field that restricts the rule to only apply to traffic of
- a specific IP protocol. Required if any of the EntityRules contain Ports
- (because ports only apply to certain protocols).
-
- Must be one of these string values: "TCP", "UDP", "ICMP", "ICMPv6", "SCTP", "UDPLite"
- or an integer in the range 1-255.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- source:
- description: Source contains the match criteria that apply to
- source entity.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector is an optional field that contains a selector expression. Only traffic
- that originates from (or terminates at) endpoints within the selected namespaces will be
- matched. When both NamespaceSelector and another selector are defined on the same rule, then only
- workload endpoints that are matched by both selectors will be selected by the rule.
-
- For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting
- only workload endpoints in the same namespace as the NetworkPolicy.
-
- For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting
- only GlobalNetworkSet or HostEndpoint.
-
- For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload
- endpoints across all namespaces.
- type: string
- nets:
- description: |-
- Nets is an optional field that restricts the rule to only apply to traffic that
- originates from (or terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: |-
- NotPorts is the negated version of the Ports field.
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: |-
- NotSelector is the negated version of the Selector field. See Selector field for
- subtleties with negated selectors.
- type: string
- ports:
- description: |-
- Ports is an optional field that restricts the rule to only apply to traffic that has a
- source (destination) port that matches one of these ranges/values. This value is a
- list of integers or strings that represent ranges of ports.
-
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for\nsample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching\nthe selector will be matched.\n\nNote that:
- in addition to the negated version of the Selector (see
- NotSelector below), the\nselector expression syntax itself
- supports negation. The two types of negation are subtly\ndifferent.
- One negates the set of matched endpoints, the other negates
- the whole match:\n\n\tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled\n\tendpoints
- that do not have the label \"my_label\".\n\n\tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled\n\tendpoints that do have the label
- \"my_label\".\n\nThe effect is that the latter will accept
- packets from non-Calico sources whereas the\nformer is
- limited to packets from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: |-
- ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or
- terminates at) a pod running as a matching service account.
- properties:
- names:
- description: |-
- Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates
- at) a pod running as a service account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: |-
- Selector is an optional field that restricts the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a service account that matches the given label selector.
- If both Names and Selector are specified then they are AND'ed.
- type: string
- type: object
- services:
- description: |-
- Services is an optional field that contains options for matching Kubernetes Services.
- If specified, only traffic that originates from or terminates at endpoints within the selected
- service(s) will be matched, and only to/from each endpoint's port.
-
- Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets,
- NotNets or ServiceAccounts.
-
- Ports and NotPorts can only be specified with Services on ingress rules.
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: |-
- Namespace specifies the namespace of the given Service. If left empty, the rule
- will match within this policy's namespace.
- type: string
- type: object
- type: object
- required:
- - action
- type: object
- type: array
- order:
- description: |-
- Order is an optional field that specifies the order in which the policy is applied.
- Policies with higher "order" are applied after those with lower
- order within the same tier. If the order is omitted, it may be considered to be "infinite" - i.e. the
- policy will be applied last. Policies with identical order will be applied in
- alphanumerical order based on the Policy "Name" within the tier.
- type: number
- performanceHints:
- description: |-
- PerformanceHints contains a list of hints to Calico's policy engine to
- help process the policy more efficiently. Hints never change the
- enforcement behaviour of the policy.
-
- Currently, the only available hint is "AssumeNeededOnEveryNode". When
- that hint is set on a policy, Felix will act as if the policy matches
- a local endpoint even if it does not. This is useful for "preloading"
- any large static policies that are known to be used on every node.
- If the policy is _not_ used on a particular node then the work
- done to preload the policy (and to maintain it) is wasted.
- items:
- type: string
- type: array
- selector:
- description: "The selector is an expression used to pick out the endpoints
- that the policy should\nbe applied to.\n\nSelector expressions follow
- this syntax:\n\n\tlabel == \"string_literal\" -> comparison, e.g.
- my_label == \"foo bar\"\n\tlabel != \"string_literal\" -> not
- equal; also matches if label is not present\n\tlabel in { \"a\",
- \"b\", \"c\", ... } -> true if the value of label X is one of
- \"a\", \"b\", \"c\"\n\tlabel not in { \"a\", \"b\", \"c\", ... }
- \ -> true if the value of label X is not one of \"a\", \"b\", \"c\"\n\thas(label_name)
- \ -> True if that label is present\n\t! expr -> negation of expr\n\texpr
- && expr -> Short-circuit and\n\texpr || expr -> Short-circuit
- or\n\t( expr ) -> parens for grouping\n\tall() or the empty selector
- -> matches all endpoints.\n\nLabel names are allowed to contain
- alphanumerics, -, _ and /. String literals are more permissive\nbut
- they do not support escape characters.\n\nExamples (with made-up
- labels):\n\n\ttype == \"webserver\" && deployment == \"prod\"\n\ttype
- in {\"frontend\", \"backend\"}\n\tdeployment != \"dev\"\n\t! has(label_name)"
- type: string
- serviceAccountSelector:
- description: ServiceAccountSelector is an optional field for an expression
- used to select a pod based on service accounts.
- type: string
- tier:
- description: |-
- The name of the tier that this policy belongs to. If this is omitted, the default
- tier (name is "default") is assumed. The specified tier must exist in order to create
- security policies within the tier, the "default" tier is created automatically if it
- does not exist, this means for deployments requiring only a single Tier, the tier name
- may be omitted on all policy management requests.
- type: string
- types:
- description: |-
- Types indicates whether this policy applies to ingress, or to egress, or to both. When
- not explicitly specified (and so the value on creation is empty or nil), Calico defaults
- Types according to what Ingress and Egress are present in the policy. The
- default is:
-
- - [ PolicyTypeIngress ], if there are no Egress rules (including the case where there are
- also no Ingress rules)
-
- - [ PolicyTypeEgress ], if there are Egress rules but no Ingress rules
-
- - [ PolicyTypeIngress, PolicyTypeEgress ], if there are both Ingress and Egress rules.
-
- When the policy is read back again, Types will always be one of these values, never empty
- or nil.
- items:
- description: PolicyType enumerates the possible values of the PolicySpec
- Types field.
- type: string
- type: array
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_networksets.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: networksets.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: NetworkSet
- listKind: NetworkSetList
- plural: networksets
- singular: networkset
- preserveUnknownFields: false
- scope: Namespaced
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- description: NetworkSet is the Namespaced-equivalent of the GlobalNetworkSet.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: NetworkSetSpec contains the specification for a NetworkSet
- resource.
- properties:
- nets:
- description: The list of IP networks that belong to this set.
- items:
- type: string
- type: array
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_stagedglobalnetworkpolicies.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: stagedglobalnetworkpolicies.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: StagedGlobalNetworkPolicy
- listKind: StagedGlobalNetworkPolicyList
- plural: stagedglobalnetworkpolicies
- singular: stagedglobalnetworkpolicy
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- properties:
- applyOnForward:
- description: ApplyOnForward indicates to apply the rules in this policy
- on forward traffic.
- type: boolean
- doNotTrack:
- description: |-
- DoNotTrack indicates whether packets matched by the rules in this policy should go through
- the data plane's connection tracking, such as Linux conntrack. If True, the rules in
- this policy are applied before any data plane connection tracking, and packets allowed by
- this policy are marked as not to be tracked.
- type: boolean
- egress:
- description: |-
- The ordered set of egress rules. Each rule contains a set of packet match criteria and
- a corresponding action to apply.
- items:
- description: |-
- A Rule encapsulates a set of match criteria and an action. Both selector-based security Policy
- and security Profiles reference rules - separated out as a list of rules for both
- ingress and egress packet matching.
-
- Each positive match criteria has a negated version, prefixed with "Not". All the match
- criteria within a rule must be satisfied for a packet to match. A single rule can contain
- the positive and negative version of a match and both must be satisfied for the rule to match.
- properties:
- action:
- type: string
- destination:
- description: Destination contains the match criteria that apply
- to destination entity.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector is an optional field that contains a selector expression. Only traffic
- that originates from (or terminates at) endpoints within the selected namespaces will be
- matched. When both NamespaceSelector and another selector are defined on the same rule, then only
- workload endpoints that are matched by both selectors will be selected by the rule.
-
- For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting
- only workload endpoints in the same namespace as the NetworkPolicy.
-
- For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting
- only GlobalNetworkSet or HostEndpoint.
-
- For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload
- endpoints across all namespaces.
- type: string
- nets:
- description: |-
- Nets is an optional field that restricts the rule to only apply to traffic that
- originates from (or terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: |-
- NotPorts is the negated version of the Ports field.
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: |-
- NotSelector is the negated version of the Selector field. See Selector field for
- subtleties with negated selectors.
- type: string
- ports:
- description: |-
- Ports is an optional field that restricts the rule to only apply to traffic that has a
- source (destination) port that matches one of these ranges/values. This value is a
- list of integers or strings that represent ranges of ports.
-
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for\nsample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching\nthe selector will be matched.\n\nNote that:
- in addition to the negated version of the Selector (see
- NotSelector below), the\nselector expression syntax itself
- supports negation. The two types of negation are subtly\ndifferent.
- One negates the set of matched endpoints, the other negates
- the whole match:\n\n\tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled\n\tendpoints
- that do not have the label \"my_label\".\n\n\tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled\n\tendpoints that do have the label
- \"my_label\".\n\nThe effect is that the latter will accept
- packets from non-Calico sources whereas the\nformer is
- limited to packets from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: |-
- ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or
- terminates at) a pod running as a matching service account.
- properties:
- names:
- description: |-
- Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates
- at) a pod running as a service account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: |-
- Selector is an optional field that restricts the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a service account that matches the given label selector.
- If both Names and Selector are specified then they are AND'ed.
- type: string
- type: object
- services:
- description: |-
- Services is an optional field that contains options for matching Kubernetes Services.
- If specified, only traffic that originates from or terminates at endpoints within the selected
- service(s) will be matched, and only to/from each endpoint's port.
-
- Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets,
- NotNets or ServiceAccounts.
-
- Ports and NotPorts can only be specified with Services on ingress rules.
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: |-
- Namespace specifies the namespace of the given Service. If left empty, the rule
- will match within this policy's namespace.
- type: string
- type: object
- type: object
- http:
- description: HTTP contains match criteria that apply to HTTP
- requests.
- properties:
- methods:
- description: |-
- Methods is an optional field that restricts the rule to apply only to HTTP requests that use one of the listed
- HTTP Methods (e.g. GET, PUT, etc.)
- Multiple methods are OR'd together.
- items:
- type: string
- type: array
- paths:
- description: |-
- Paths is an optional field that restricts the rule to apply to HTTP requests that use one of the listed
- HTTP Paths.
- Multiple paths are OR'd together.
- e.g:
- - exact: /foo
- - prefix: /bar
- NOTE: Each entry may ONLY specify either a `exact` or a `prefix` match. The validator will check for it.
- items:
- description: |-
- HTTPPath specifies an HTTP path to match. It may be either of the form:
- exact: <path>: which matches the path exactly or
- prefix: <path-prefix>: which matches the path prefix
- properties:
- exact:
- type: string
- prefix:
- type: string
- type: object
- type: array
- type: object
- icmp:
- description: |-
- ICMP is an optional field that restricts the rule to apply to a specific type and
- code of ICMP traffic. This should only be specified if the Protocol field is set to
- "ICMP" or "ICMPv6".
- properties:
- code:
- description: |-
- Match on a specific ICMP code. If specified, the Type value must also be specified.
- This is a technical limitation imposed by the kernel's iptables firewall, which
- Calico uses to enforce the rule.
- type: integer
- type:
- description: |-
- Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request
- (i.e. pings).
- type: integer
- type: object
- ipVersion:
- description: |-
- IPVersion is an optional field that restricts the rule to only match a specific IP
- version.
- type: integer
- metadata:
- description: Metadata contains additional information for this
- rule
- properties:
- annotations:
- additionalProperties:
- type: string
- description: Annotations is a set of key value pairs that
- give extra information about the rule
- type: object
- type: object
- notICMP:
- description: NotICMP is the negated version of the ICMP field.
- properties:
- code:
- description: |-
- Match on a specific ICMP code. If specified, the Type value must also be specified.
- This is a technical limitation imposed by the kernel's iptables firewall, which
- Calico uses to enforce the rule.
- type: integer
- type:
- description: |-
- Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request
- (i.e. pings).
- type: integer
- type: object
- notProtocol:
- anyOf:
- - type: integer
- - type: string
- description: NotProtocol is the negated version of the Protocol
- field.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- protocol:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Protocol is an optional field that restricts the rule to only apply to traffic of
- a specific IP protocol. Required if any of the EntityRules contain Ports
- (because ports only apply to certain protocols).
-
- Must be one of these string values: "TCP", "UDP", "ICMP", "ICMPv6", "SCTP", "UDPLite"
- or an integer in the range 1-255.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- source:
- description: Source contains the match criteria that apply to
- source entity.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector is an optional field that contains a selector expression. Only traffic
- that originates from (or terminates at) endpoints within the selected namespaces will be
- matched. When both NamespaceSelector and another selector are defined on the same rule, then only
- workload endpoints that are matched by both selectors will be selected by the rule.
-
- For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting
- only workload endpoints in the same namespace as the NetworkPolicy.
-
- For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting
- only GlobalNetworkSet or HostEndpoint.
-
- For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload
- endpoints across all namespaces.
- type: string
- nets:
- description: |-
- Nets is an optional field that restricts the rule to only apply to traffic that
- originates from (or terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: |-
- NotPorts is the negated version of the Ports field.
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: |-
- NotSelector is the negated version of the Selector field. See Selector field for
- subtleties with negated selectors.
- type: string
- ports:
- description: |-
- Ports is an optional field that restricts the rule to only apply to traffic that has a
- source (destination) port that matches one of these ranges/values. This value is a
- list of integers or strings that represent ranges of ports.
-
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for\nsample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching\nthe selector will be matched.\n\nNote that:
- in addition to the negated version of the Selector (see
- NotSelector below), the\nselector expression syntax itself
- supports negation. The two types of negation are subtly\ndifferent.
- One negates the set of matched endpoints, the other negates
- the whole match:\n\n\tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled\n\tendpoints
- that do not have the label \"my_label\".\n\n\tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled\n\tendpoints that do have the label
- \"my_label\".\n\nThe effect is that the latter will accept
- packets from non-Calico sources whereas the\nformer is
- limited to packets from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: |-
- ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or
- terminates at) a pod running as a matching service account.
- properties:
- names:
- description: |-
- Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates
- at) a pod running as a service account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: |-
- Selector is an optional field that restricts the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a service account that matches the given label selector.
- If both Names and Selector are specified then they are AND'ed.
- type: string
- type: object
- services:
- description: |-
- Services is an optional field that contains options for matching Kubernetes Services.
- If specified, only traffic that originates from or terminates at endpoints within the selected
- service(s) will be matched, and only to/from each endpoint's port.
-
- Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets,
- NotNets or ServiceAccounts.
-
- Ports and NotPorts can only be specified with Services on ingress rules.
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: |-
- Namespace specifies the namespace of the given Service. If left empty, the rule
- will match within this policy's namespace.
- type: string
- type: object
- type: object
- required:
- - action
- type: object
- type: array
- ingress:
- description: |-
- The ordered set of ingress rules. Each rule contains a set of packet match criteria and
- a corresponding action to apply.
- items:
- description: |-
- A Rule encapsulates a set of match criteria and an action. Both selector-based security Policy
- and security Profiles reference rules - separated out as a list of rules for both
- ingress and egress packet matching.
-
- Each positive match criteria has a negated version, prefixed with "Not". All the match
- criteria within a rule must be satisfied for a packet to match. A single rule can contain
- the positive and negative version of a match and both must be satisfied for the rule to match.
- properties:
- action:
- type: string
- destination:
- description: Destination contains the match criteria that apply
- to destination entity.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector is an optional field that contains a selector expression. Only traffic
- that originates from (or terminates at) endpoints within the selected namespaces will be
- matched. When both NamespaceSelector and another selector are defined on the same rule, then only
- workload endpoints that are matched by both selectors will be selected by the rule.
-
- For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting
- only workload endpoints in the same namespace as the NetworkPolicy.
-
- For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting
- only GlobalNetworkSet or HostEndpoint.
-
- For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload
- endpoints across all namespaces.
- type: string
- nets:
- description: |-
- Nets is an optional field that restricts the rule to only apply to traffic that
- originates from (or terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: |-
- NotPorts is the negated version of the Ports field.
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: |-
- NotSelector is the negated version of the Selector field. See Selector field for
- subtleties with negated selectors.
- type: string
- ports:
- description: |-
- Ports is an optional field that restricts the rule to only apply to traffic that has a
- source (destination) port that matches one of these ranges/values. This value is a
- list of integers or strings that represent ranges of ports.
-
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for\nsample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching\nthe selector will be matched.\n\nNote that:
- in addition to the negated version of the Selector (see
- NotSelector below), the\nselector expression syntax itself
- supports negation. The two types of negation are subtly\ndifferent.
- One negates the set of matched endpoints, the other negates
- the whole match:\n\n\tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled\n\tendpoints
- that do not have the label \"my_label\".\n\n\tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled\n\tendpoints that do have the label
- \"my_label\".\n\nThe effect is that the latter will accept
- packets from non-Calico sources whereas the\nformer is
- limited to packets from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: |-
- ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or
- terminates at) a pod running as a matching service account.
- properties:
- names:
- description: |-
- Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates
- at) a pod running as a service account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: |-
- Selector is an optional field that restricts the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a service account that matches the given label selector.
- If both Names and Selector are specified then they are AND'ed.
- type: string
- type: object
- services:
- description: |-
- Services is an optional field that contains options for matching Kubernetes Services.
- If specified, only traffic that originates from or terminates at endpoints within the selected
- service(s) will be matched, and only to/from each endpoint's port.
-
- Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets,
- NotNets or ServiceAccounts.
-
- Ports and NotPorts can only be specified with Services on ingress rules.
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: |-
- Namespace specifies the namespace of the given Service. If left empty, the rule
- will match within this policy's namespace.
- type: string
- type: object
- type: object
- http:
- description: HTTP contains match criteria that apply to HTTP
- requests.
- properties:
- methods:
- description: |-
- Methods is an optional field that restricts the rule to apply only to HTTP requests that use one of the listed
- HTTP Methods (e.g. GET, PUT, etc.)
- Multiple methods are OR'd together.
- items:
- type: string
- type: array
- paths:
- description: |-
- Paths is an optional field that restricts the rule to apply to HTTP requests that use one of the listed
- HTTP Paths.
- Multiple paths are OR'd together.
- e.g:
- - exact: /foo
- - prefix: /bar
- NOTE: Each entry may ONLY specify either a `exact` or a `prefix` match. The validator will check for it.
- items:
- description: |-
- HTTPPath specifies an HTTP path to match. It may be either of the form:
- exact: <path>: which matches the path exactly or
- prefix: <path-prefix>: which matches the path prefix
- properties:
- exact:
- type: string
- prefix:
- type: string
- type: object
- type: array
- type: object
- icmp:
- description: |-
- ICMP is an optional field that restricts the rule to apply to a specific type and
- code of ICMP traffic. This should only be specified if the Protocol field is set to
- "ICMP" or "ICMPv6".
- properties:
- code:
- description: |-
- Match on a specific ICMP code. If specified, the Type value must also be specified.
- This is a technical limitation imposed by the kernel's iptables firewall, which
- Calico uses to enforce the rule.
- type: integer
- type:
- description: |-
- Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request
- (i.e. pings).
- type: integer
- type: object
- ipVersion:
- description: |-
- IPVersion is an optional field that restricts the rule to only match a specific IP
- version.
- type: integer
- metadata:
- description: Metadata contains additional information for this
- rule
- properties:
- annotations:
- additionalProperties:
- type: string
- description: Annotations is a set of key value pairs that
- give extra information about the rule
- type: object
- type: object
- notICMP:
- description: NotICMP is the negated version of the ICMP field.
- properties:
- code:
- description: |-
- Match on a specific ICMP code. If specified, the Type value must also be specified.
- This is a technical limitation imposed by the kernel's iptables firewall, which
- Calico uses to enforce the rule.
- type: integer
- type:
- description: |-
- Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request
- (i.e. pings).
- type: integer
- type: object
- notProtocol:
- anyOf:
- - type: integer
- - type: string
- description: NotProtocol is the negated version of the Protocol
- field.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- protocol:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Protocol is an optional field that restricts the rule to only apply to traffic of
- a specific IP protocol. Required if any of the EntityRules contain Ports
- (because ports only apply to certain protocols).
-
- Must be one of these string values: "TCP", "UDP", "ICMP", "ICMPv6", "SCTP", "UDPLite"
- or an integer in the range 1-255.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- source:
- description: Source contains the match criteria that apply to
- source entity.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector is an optional field that contains a selector expression. Only traffic
- that originates from (or terminates at) endpoints within the selected namespaces will be
- matched. When both NamespaceSelector and another selector are defined on the same rule, then only
- workload endpoints that are matched by both selectors will be selected by the rule.
-
- For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting
- only workload endpoints in the same namespace as the NetworkPolicy.
-
- For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting
- only GlobalNetworkSet or HostEndpoint.
-
- For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload
- endpoints across all namespaces.
- type: string
- nets:
- description: |-
- Nets is an optional field that restricts the rule to only apply to traffic that
- originates from (or terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: |-
- NotPorts is the negated version of the Ports field.
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: |-
- NotSelector is the negated version of the Selector field. See Selector field for
- subtleties with negated selectors.
- type: string
- ports:
- description: |-
- Ports is an optional field that restricts the rule to only apply to traffic that has a
- source (destination) port that matches one of these ranges/values. This value is a
- list of integers or strings that represent ranges of ports.
-
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for\nsample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching\nthe selector will be matched.\n\nNote that:
- in addition to the negated version of the Selector (see
- NotSelector below), the\nselector expression syntax itself
- supports negation. The two types of negation are subtly\ndifferent.
- One negates the set of matched endpoints, the other negates
- the whole match:\n\n\tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled\n\tendpoints
- that do not have the label \"my_label\".\n\n\tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled\n\tendpoints that do have the label
- \"my_label\".\n\nThe effect is that the latter will accept
- packets from non-Calico sources whereas the\nformer is
- limited to packets from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: |-
- ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or
- terminates at) a pod running as a matching service account.
- properties:
- names:
- description: |-
- Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates
- at) a pod running as a service account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: |-
- Selector is an optional field that restricts the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a service account that matches the given label selector.
- If both Names and Selector are specified then they are AND'ed.
- type: string
- type: object
- services:
- description: |-
- Services is an optional field that contains options for matching Kubernetes Services.
- If specified, only traffic that originates from or terminates at endpoints within the selected
- service(s) will be matched, and only to/from each endpoint's port.
-
- Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets,
- NotNets or ServiceAccounts.
-
- Ports and NotPorts can only be specified with Services on ingress rules.
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: |-
- Namespace specifies the namespace of the given Service. If left empty, the rule
- will match within this policy's namespace.
- type: string
- type: object
- type: object
- required:
- - action
- type: object
- type: array
- namespaceSelector:
- description: NamespaceSelector is an optional field for an expression
- used to select a pod based on namespaces.
- type: string
- order:
- description: |-
- Order is an optional field that specifies the order in which the policy is applied.
- Policies with higher "order" are applied after those with lower
- order within the same tier. If the order is omitted, it may be considered to be "infinite" - i.e. the
- policy will be applied last. Policies with identical order will be applied in
- alphanumerical order based on the Policy "Name" within the tier.
- type: number
- performanceHints:
- description: |-
- PerformanceHints contains a list of hints to Calico's policy engine to
- help process the policy more efficiently. Hints never change the
- enforcement behaviour of the policy.
-
- Currently, the only available hint is "AssumeNeededOnEveryNode". When
- that hint is set on a policy, Felix will act as if the policy matches
- a local endpoint even if it does not. This is useful for "preloading"
- any large static policies that are known to be used on every node.
- If the policy is _not_ used on a particular node then the work
- done to preload the policy (and to maintain it) is wasted.
- items:
- type: string
- type: array
- preDNAT:
- description: PreDNAT indicates to apply the rules in this policy before
- any DNAT.
- type: boolean
- selector:
- description: "The selector is an expression used to pick pick out
- the endpoints that the policy should\nbe applied to.\n\nSelector
- expressions follow this syntax:\n\n\tlabel == \"string_literal\"
- \ -> comparison, e.g. my_label == \"foo bar\"\n\tlabel != \"string_literal\"
- \ -> not equal; also matches if label is not present\n\tlabel
- in { \"a\", \"b\", \"c\", ... } -> true if the value of label
- X is one of \"a\", \"b\", \"c\"\n\tlabel not in { \"a\", \"b\",
- \"c\", ... } -> true if the value of label X is not one of \"a\",
- \"b\", \"c\"\n\thas(label_name) -> True if that label is present\n\t!
- expr -> negation of expr\n\texpr && expr -> Short-circuit and\n\texpr
- || expr -> Short-circuit or\n\t( expr ) -> parens for grouping\n\tall()
- or the empty selector -> matches all endpoints.\n\nLabel names are
- allowed to contain alphanumerics, -, _ and /. String literals are
- more permissive\nbut they do not support escape characters.\n\nExamples
- (with made-up labels):\n\n\ttype == \"webserver\" && deployment
- == \"prod\"\n\ttype in {\"frontend\", \"backend\"}\n\tdeployment
- != \"dev\"\n\t! has(label_name)"
- type: string
- serviceAccountSelector:
- description: ServiceAccountSelector is an optional field for an expression
- used to select a pod based on service accounts.
- type: string
- stagedAction:
- description: The staged action. If this is omitted, the default is
- Set.
- type: string
- tier:
- description: |-
- The name of the tier that this policy belongs to. If this is omitted, the default
- tier (name is "default") is assumed. The specified tier must exist in order to create
- security policies within the tier, the "default" tier is created automatically if it
- does not exist, this means for deployments requiring only a single Tier, the tier name
- may be omitted on all policy management requests.
- type: string
- types:
- description: |-
- Types indicates whether this policy applies to ingress, or to egress, or to both. When
- not explicitly specified (and so the value on creation is empty or nil), Calico defaults
- Types according to what Ingress and Egress rules are present in the policy. The
- default is:
-
- - [ PolicyTypeIngress ], if there are no Egress rules (including the case where there are
- also no Ingress rules)
-
- - [ PolicyTypeEgress ], if there are Egress rules but no Ingress rules
-
- - [ PolicyTypeIngress, PolicyTypeEgress ], if there are both Ingress and Egress rules.
-
- When the policy is read back again, Types will always be one of these values, never empty
- or nil.
- items:
- description: PolicyType enumerates the possible values of the PolicySpec
- Types field.
- type: string
- type: array
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_stagedkubernetesnetworkpolicies.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: stagedkubernetesnetworkpolicies.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: StagedKubernetesNetworkPolicy
- listKind: StagedKubernetesNetworkPolicyList
- plural: stagedkubernetesnetworkpolicies
- singular: stagedkubernetesnetworkpolicy
- preserveUnknownFields: false
- scope: Namespaced
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- properties:
- egress:
- description: |-
- List of egress rules to be applied to the selected pods. Outgoing traffic is
- allowed if there are no NetworkPolicies selecting the pod (and cluster policy
- otherwise allows the traffic), OR if the traffic matches at least one egress rule
- across all of the NetworkPolicy objects whose podSelector matches the pod. If
- this field is empty then this NetworkPolicy limits all outgoing traffic (and serves
- solely to ensure that the pods it selects are isolated by default).
- This field is beta-level in 1.8
- items:
- description: |-
- NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods
- matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to.
- This type is beta-level in 1.8
- properties:
- ports:
- description: |-
- ports is a list of destination ports for outgoing traffic.
- Each item in this list is combined using a logical OR. If this field is
- empty or missing, this rule matches all ports (traffic not restricted by port).
- If this field is present and contains at least one item, then this rule allows
- traffic only if the traffic matches at least one port in the list.
- items:
- description: NetworkPolicyPort describes a port to allow traffic
- on
- properties:
- endPort:
- description: |-
- endPort indicates that the range of ports from port to endPort if set, inclusive,
- should be allowed by the policy. This field cannot be defined if the port field
- is not defined or if the port field is defined as a named (string) port.
- The endPort must be equal or greater than port.
- format: int32
- type: integer
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- port represents the port on the given protocol. This can either be a numerical or named
- port on a pod. If this field is not provided, this matches all port names and
- numbers.
- If present, only traffic on the specified protocol AND port will be matched.
- x-kubernetes-int-or-string: true
- protocol:
- description: |-
- protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.
- If not specified, this field defaults to TCP.
- type: string
- type: object
- type: array
- x-kubernetes-list-type: atomic
- to:
- description: |-
- to is a list of destinations for outgoing traffic of pods selected for this rule.
- Items in this list are combined using a logical OR operation. If this field is
- empty or missing, this rule matches all destinations (traffic not restricted by
- destination). If this field is present and contains at least one item, this rule
- allows traffic only if the traffic matches at least one item in the to list.
- items:
- description: |-
- NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain combinations of
- fields are allowed
- properties:
- ipBlock:
- description: |-
- ipBlock defines policy on a particular IPBlock. If this field is set then
- neither of the other fields can be.
- properties:
- cidr:
- description: |-
- cidr is a string representing the IPBlock
- Valid examples are "192.168.1.0/24" or "2001:db8::/64"
- type: string
- except:
- description: |-
- except is a slice of CIDRs that should not be included within an IPBlock
- Valid examples are "192.168.1.0/24" or "2001:db8::/64"
- Except values will be rejected if they are outside the cidr range
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - cidr
- type: object
- namespaceSelector:
- description: |-
- namespaceSelector selects namespaces using cluster-scoped labels. This field follows
- standard label selector semantics; if present but empty, it selects all namespaces.
-
- If podSelector is also set, then the NetworkPolicyPeer as a whole selects
- the pods matching podSelector in the namespaces selected by namespaceSelector.
- Otherwise it selects all pods in the namespaces selected by namespaceSelector.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- podSelector:
- description: |-
- podSelector is a label selector which selects pods. This field follows standard label
- selector semantics; if present but empty, it selects all pods.
-
- If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects
- the pods matching podSelector in the Namespaces selected by NamespaceSelector.
- Otherwise it selects the pods matching podSelector in the policy's own namespace.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: array
- ingress:
- description: |-
- List of ingress rules to be applied to the selected pods. Traffic is allowed to
- a pod if there are no NetworkPolicies selecting the pod
- (and cluster policy otherwise allows the traffic), OR if the traffic source is
- the pod's local node, OR if the traffic matches at least one ingress rule
- across all of the NetworkPolicy objects whose podSelector matches the pod. If
- this field is empty then this NetworkPolicy does not allow any traffic (and serves
- solely to ensure that the pods it selects are isolated by default)
- items:
- description: |-
- NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods
- matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from.
- properties:
- from:
- description: |-
- from is a list of sources which should be able to access the pods selected for this rule.
- Items in this list are combined using a logical OR operation. If this field is
- empty or missing, this rule matches all sources (traffic not restricted by
- source). If this field is present and contains at least one item, this rule
- allows traffic only if the traffic matches at least one item in the from list.
- items:
- description: |-
- NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain combinations of
- fields are allowed
- properties:
- ipBlock:
- description: |-
- ipBlock defines policy on a particular IPBlock. If this field is set then
- neither of the other fields can be.
- properties:
- cidr:
- description: |-
- cidr is a string representing the IPBlock
- Valid examples are "192.168.1.0/24" or "2001:db8::/64"
- type: string
- except:
- description: |-
- except is a slice of CIDRs that should not be included within an IPBlock
- Valid examples are "192.168.1.0/24" or "2001:db8::/64"
- Except values will be rejected if they are outside the cidr range
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - cidr
- type: object
- namespaceSelector:
- description: |-
- namespaceSelector selects namespaces using cluster-scoped labels. This field follows
- standard label selector semantics; if present but empty, it selects all namespaces.
-
- If podSelector is also set, then the NetworkPolicyPeer as a whole selects
- the pods matching podSelector in the namespaces selected by namespaceSelector.
- Otherwise it selects all pods in the namespaces selected by namespaceSelector.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- podSelector:
- description: |-
- podSelector is a label selector which selects pods. This field follows standard label
- selector semantics; if present but empty, it selects all pods.
-
- If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects
- the pods matching podSelector in the Namespaces selected by NamespaceSelector.
- Otherwise it selects the pods matching podSelector in the policy's own namespace.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- x-kubernetes-list-type: atomic
- ports:
- description: |-
- ports is a list of ports which should be made accessible on the pods selected for
- this rule. Each item in this list is combined using a logical OR. If this field is
- empty or missing, this rule matches all ports (traffic not restricted by port).
- If this field is present and contains at least one item, then this rule allows
- traffic only if the traffic matches at least one port in the list.
- items:
- description: NetworkPolicyPort describes a port to allow traffic
- on
- properties:
- endPort:
- description: |-
- endPort indicates that the range of ports from port to endPort if set, inclusive,
- should be allowed by the policy. This field cannot be defined if the port field
- is not defined or if the port field is defined as a named (string) port.
- The endPort must be equal or greater than port.
- format: int32
- type: integer
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- port represents the port on the given protocol. This can either be a numerical or named
- port on a pod. If this field is not provided, this matches all port names and
- numbers.
- If present, only traffic on the specified protocol AND port will be matched.
- x-kubernetes-int-or-string: true
- protocol:
- description: |-
- protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.
- If not specified, this field defaults to TCP.
- type: string
- type: object
- type: array
- x-kubernetes-list-type: atomic
- type: object
- type: array
- podSelector:
- description: |-
- Selects the pods to which this NetworkPolicy object applies. The array of
- ingress rules is applied to any pods selected by this field. Multiple network
- policies can select the same set of pods. In this case, the ingress rules for
- each are combined additively. This field is NOT optional and follows standard
- label selector semantics. An empty podSelector matches all pods in this
- namespace.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- policyTypes:
- description: |-
- List of rule types that the NetworkPolicy relates to.
- Valid options are Ingress, Egress, or Ingress,Egress.
- If this field is not specified, it will default based on the existence of Ingress or Egress rules;
- policies that contain an Egress section are assumed to affect Egress, and all policies
- (whether or not they contain an Ingress section) are assumed to affect Ingress.
- If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ].
- Likewise, if you want to write a policy that specifies that no egress is allowed,
- you must specify a policyTypes value that include "Egress" (since such a policy would not include
- an Egress section and would otherwise default to just [ "Ingress" ]).
- This field is beta-level in 1.8
- items:
- description: |-
- PolicyType string describes the NetworkPolicy type
- This type is beta-level in 1.8
- type: string
- type: array
- stagedAction:
- description: The staged action. If this is omitted, the default is
- Set.
- type: string
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_stagednetworkpolicies.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: stagednetworkpolicies.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: StagedNetworkPolicy
- listKind: StagedNetworkPolicyList
- plural: stagednetworkpolicies
- singular: stagednetworkpolicy
- preserveUnknownFields: false
- scope: Namespaced
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- properties:
- egress:
- description: |-
- The ordered set of egress rules. Each rule contains a set of packet match criteria and
- a corresponding action to apply.
- items:
- description: |-
- A Rule encapsulates a set of match criteria and an action. Both selector-based security Policy
- and security Profiles reference rules - separated out as a list of rules for both
- ingress and egress packet matching.
-
- Each positive match criteria has a negated version, prefixed with "Not". All the match
- criteria within a rule must be satisfied for a packet to match. A single rule can contain
- the positive and negative version of a match and both must be satisfied for the rule to match.
- properties:
- action:
- type: string
- destination:
- description: Destination contains the match criteria that apply
- to destination entity.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector is an optional field that contains a selector expression. Only traffic
- that originates from (or terminates at) endpoints within the selected namespaces will be
- matched. When both NamespaceSelector and another selector are defined on the same rule, then only
- workload endpoints that are matched by both selectors will be selected by the rule.
-
- For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting
- only workload endpoints in the same namespace as the NetworkPolicy.
-
- For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting
- only GlobalNetworkSet or HostEndpoint.
-
- For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload
- endpoints across all namespaces.
- type: string
- nets:
- description: |-
- Nets is an optional field that restricts the rule to only apply to traffic that
- originates from (or terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: |-
- NotPorts is the negated version of the Ports field.
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: |-
- NotSelector is the negated version of the Selector field. See Selector field for
- subtleties with negated selectors.
- type: string
- ports:
- description: |-
- Ports is an optional field that restricts the rule to only apply to traffic that has a
- source (destination) port that matches one of these ranges/values. This value is a
- list of integers or strings that represent ranges of ports.
-
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for\nsample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching\nthe selector will be matched.\n\nNote that:
- in addition to the negated version of the Selector (see
- NotSelector below), the\nselector expression syntax itself
- supports negation. The two types of negation are subtly\ndifferent.
- One negates the set of matched endpoints, the other negates
- the whole match:\n\n\tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled\n\tendpoints
- that do not have the label \"my_label\".\n\n\tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled\n\tendpoints that do have the label
- \"my_label\".\n\nThe effect is that the latter will accept
- packets from non-Calico sources whereas the\nformer is
- limited to packets from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: |-
- ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or
- terminates at) a pod running as a matching service account.
- properties:
- names:
- description: |-
- Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates
- at) a pod running as a service account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: |-
- Selector is an optional field that restricts the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a service account that matches the given label selector.
- If both Names and Selector are specified then they are AND'ed.
- type: string
- type: object
- services:
- description: |-
- Services is an optional field that contains options for matching Kubernetes Services.
- If specified, only traffic that originates from or terminates at endpoints within the selected
- service(s) will be matched, and only to/from each endpoint's port.
-
- Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets,
- NotNets or ServiceAccounts.
-
- Ports and NotPorts can only be specified with Services on ingress rules.
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: |-
- Namespace specifies the namespace of the given Service. If left empty, the rule
- will match within this policy's namespace.
- type: string
- type: object
- type: object
- http:
- description: HTTP contains match criteria that apply to HTTP
- requests.
- properties:
- methods:
- description: |-
- Methods is an optional field that restricts the rule to apply only to HTTP requests that use one of the listed
- HTTP Methods (e.g. GET, PUT, etc.)
- Multiple methods are OR'd together.
- items:
- type: string
- type: array
- paths:
- description: |-
- Paths is an optional field that restricts the rule to apply to HTTP requests that use one of the listed
- HTTP Paths.
- Multiple paths are OR'd together.
- e.g:
- - exact: /foo
- - prefix: /bar
- NOTE: Each entry may ONLY specify either a `exact` or a `prefix` match. The validator will check for it.
- items:
- description: |-
- HTTPPath specifies an HTTP path to match. It may be either of the form:
- exact: <path>: which matches the path exactly or
- prefix: <path-prefix>: which matches the path prefix
- properties:
- exact:
- type: string
- prefix:
- type: string
- type: object
- type: array
- type: object
- icmp:
- description: |-
- ICMP is an optional field that restricts the rule to apply to a specific type and
- code of ICMP traffic. This should only be specified if the Protocol field is set to
- "ICMP" or "ICMPv6".
- properties:
- code:
- description: |-
- Match on a specific ICMP code. If specified, the Type value must also be specified.
- This is a technical limitation imposed by the kernel's iptables firewall, which
- Calico uses to enforce the rule.
- type: integer
- type:
- description: |-
- Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request
- (i.e. pings).
- type: integer
- type: object
- ipVersion:
- description: |-
- IPVersion is an optional field that restricts the rule to only match a specific IP
- version.
- type: integer
- metadata:
- description: Metadata contains additional information for this
- rule
- properties:
- annotations:
- additionalProperties:
- type: string
- description: Annotations is a set of key value pairs that
- give extra information about the rule
- type: object
- type: object
- notICMP:
- description: NotICMP is the negated version of the ICMP field.
- properties:
- code:
- description: |-
- Match on a specific ICMP code. If specified, the Type value must also be specified.
- This is a technical limitation imposed by the kernel's iptables firewall, which
- Calico uses to enforce the rule.
- type: integer
- type:
- description: |-
- Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request
- (i.e. pings).
- type: integer
- type: object
- notProtocol:
- anyOf:
- - type: integer
- - type: string
- description: NotProtocol is the negated version of the Protocol
- field.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- protocol:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Protocol is an optional field that restricts the rule to only apply to traffic of
- a specific IP protocol. Required if any of the EntityRules contain Ports
- (because ports only apply to certain protocols).
-
- Must be one of these string values: "TCP", "UDP", "ICMP", "ICMPv6", "SCTP", "UDPLite"
- or an integer in the range 1-255.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- source:
- description: Source contains the match criteria that apply to
- source entity.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector is an optional field that contains a selector expression. Only traffic
- that originates from (or terminates at) endpoints within the selected namespaces will be
- matched. When both NamespaceSelector and another selector are defined on the same rule, then only
- workload endpoints that are matched by both selectors will be selected by the rule.
-
- For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting
- only workload endpoints in the same namespace as the NetworkPolicy.
-
- For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting
- only GlobalNetworkSet or HostEndpoint.
-
- For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload
- endpoints across all namespaces.
- type: string
- nets:
- description: |-
- Nets is an optional field that restricts the rule to only apply to traffic that
- originates from (or terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: |-
- NotPorts is the negated version of the Ports field.
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: |-
- NotSelector is the negated version of the Selector field. See Selector field for
- subtleties with negated selectors.
- type: string
- ports:
- description: |-
- Ports is an optional field that restricts the rule to only apply to traffic that has a
- source (destination) port that matches one of these ranges/values. This value is a
- list of integers or strings that represent ranges of ports.
-
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for\nsample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching\nthe selector will be matched.\n\nNote that:
- in addition to the negated version of the Selector (see
- NotSelector below), the\nselector expression syntax itself
- supports negation. The two types of negation are subtly\ndifferent.
- One negates the set of matched endpoints, the other negates
- the whole match:\n\n\tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled\n\tendpoints
- that do not have the label \"my_label\".\n\n\tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled\n\tendpoints that do have the label
- \"my_label\".\n\nThe effect is that the latter will accept
- packets from non-Calico sources whereas the\nformer is
- limited to packets from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: |-
- ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or
- terminates at) a pod running as a matching service account.
- properties:
- names:
- description: |-
- Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates
- at) a pod running as a service account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: |-
- Selector is an optional field that restricts the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a service account that matches the given label selector.
- If both Names and Selector are specified then they are AND'ed.
- type: string
- type: object
- services:
- description: |-
- Services is an optional field that contains options for matching Kubernetes Services.
- If specified, only traffic that originates from or terminates at endpoints within the selected
- service(s) will be matched, and only to/from each endpoint's port.
-
- Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets,
- NotNets or ServiceAccounts.
-
- Ports and NotPorts can only be specified with Services on ingress rules.
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: |-
- Namespace specifies the namespace of the given Service. If left empty, the rule
- will match within this policy's namespace.
- type: string
- type: object
- type: object
- required:
- - action
- type: object
- type: array
- ingress:
- description: |-
- The ordered set of ingress rules. Each rule contains a set of packet match criteria and
- a corresponding action to apply.
- items:
- description: |-
- A Rule encapsulates a set of match criteria and an action. Both selector-based security Policy
- and security Profiles reference rules - separated out as a list of rules for both
- ingress and egress packet matching.
-
- Each positive match criteria has a negated version, prefixed with "Not". All the match
- criteria within a rule must be satisfied for a packet to match. A single rule can contain
- the positive and negative version of a match and both must be satisfied for the rule to match.
- properties:
- action:
- type: string
- destination:
- description: Destination contains the match criteria that apply
- to destination entity.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector is an optional field that contains a selector expression. Only traffic
- that originates from (or terminates at) endpoints within the selected namespaces will be
- matched. When both NamespaceSelector and another selector are defined on the same rule, then only
- workload endpoints that are matched by both selectors will be selected by the rule.
-
- For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting
- only workload endpoints in the same namespace as the NetworkPolicy.
-
- For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting
- only GlobalNetworkSet or HostEndpoint.
-
- For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload
- endpoints across all namespaces.
- type: string
- nets:
- description: |-
- Nets is an optional field that restricts the rule to only apply to traffic that
- originates from (or terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: |-
- NotPorts is the negated version of the Ports field.
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: |-
- NotSelector is the negated version of the Selector field. See Selector field for
- subtleties with negated selectors.
- type: string
- ports:
- description: |-
- Ports is an optional field that restricts the rule to only apply to traffic that has a
- source (destination) port that matches one of these ranges/values. This value is a
- list of integers or strings that represent ranges of ports.
-
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for\nsample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching\nthe selector will be matched.\n\nNote that:
- in addition to the negated version of the Selector (see
- NotSelector below), the\nselector expression syntax itself
- supports negation. The two types of negation are subtly\ndifferent.
- One negates the set of matched endpoints, the other negates
- the whole match:\n\n\tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled\n\tendpoints
- that do not have the label \"my_label\".\n\n\tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled\n\tendpoints that do have the label
- \"my_label\".\n\nThe effect is that the latter will accept
- packets from non-Calico sources whereas the\nformer is
- limited to packets from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: |-
- ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or
- terminates at) a pod running as a matching service account.
- properties:
- names:
- description: |-
- Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates
- at) a pod running as a service account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: |-
- Selector is an optional field that restricts the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a service account that matches the given label selector.
- If both Names and Selector are specified then they are AND'ed.
- type: string
- type: object
- services:
- description: |-
- Services is an optional field that contains options for matching Kubernetes Services.
- If specified, only traffic that originates from or terminates at endpoints within the selected
- service(s) will be matched, and only to/from each endpoint's port.
-
- Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets,
- NotNets or ServiceAccounts.
-
- Ports and NotPorts can only be specified with Services on ingress rules.
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: |-
- Namespace specifies the namespace of the given Service. If left empty, the rule
- will match within this policy's namespace.
- type: string
- type: object
- type: object
- http:
- description: HTTP contains match criteria that apply to HTTP
- requests.
- properties:
- methods:
- description: |-
- Methods is an optional field that restricts the rule to apply only to HTTP requests that use one of the listed
- HTTP Methods (e.g. GET, PUT, etc.)
- Multiple methods are OR'd together.
- items:
- type: string
- type: array
- paths:
- description: |-
- Paths is an optional field that restricts the rule to apply to HTTP requests that use one of the listed
- HTTP Paths.
- Multiple paths are OR'd together.
- e.g:
- - exact: /foo
- - prefix: /bar
- NOTE: Each entry may ONLY specify either a `exact` or a `prefix` match. The validator will check for it.
- items:
- description: |-
- HTTPPath specifies an HTTP path to match. It may be either of the form:
- exact: <path>: which matches the path exactly or
- prefix: <path-prefix>: which matches the path prefix
- properties:
- exact:
- type: string
- prefix:
- type: string
- type: object
- type: array
- type: object
- icmp:
- description: |-
- ICMP is an optional field that restricts the rule to apply to a specific type and
- code of ICMP traffic. This should only be specified if the Protocol field is set to
- "ICMP" or "ICMPv6".
- properties:
- code:
- description: |-
- Match on a specific ICMP code. If specified, the Type value must also be specified.
- This is a technical limitation imposed by the kernel's iptables firewall, which
- Calico uses to enforce the rule.
- type: integer
- type:
- description: |-
- Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request
- (i.e. pings).
- type: integer
- type: object
- ipVersion:
- description: |-
- IPVersion is an optional field that restricts the rule to only match a specific IP
- version.
- type: integer
- metadata:
- description: Metadata contains additional information for this
- rule
- properties:
- annotations:
- additionalProperties:
- type: string
- description: Annotations is a set of key value pairs that
- give extra information about the rule
- type: object
- type: object
- notICMP:
- description: NotICMP is the negated version of the ICMP field.
- properties:
- code:
- description: |-
- Match on a specific ICMP code. If specified, the Type value must also be specified.
- This is a technical limitation imposed by the kernel's iptables firewall, which
- Calico uses to enforce the rule.
- type: integer
- type:
- description: |-
- Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request
- (i.e. pings).
- type: integer
- type: object
- notProtocol:
- anyOf:
- - type: integer
- - type: string
- description: NotProtocol is the negated version of the Protocol
- field.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- protocol:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Protocol is an optional field that restricts the rule to only apply to traffic of
- a specific IP protocol. Required if any of the EntityRules contain Ports
- (because ports only apply to certain protocols).
-
- Must be one of these string values: "TCP", "UDP", "ICMP", "ICMPv6", "SCTP", "UDPLite"
- or an integer in the range 1-255.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- source:
- description: Source contains the match criteria that apply to
- source entity.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector is an optional field that contains a selector expression. Only traffic
- that originates from (or terminates at) endpoints within the selected namespaces will be
- matched. When both NamespaceSelector and another selector are defined on the same rule, then only
- workload endpoints that are matched by both selectors will be selected by the rule.
-
- For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting
- only workload endpoints in the same namespace as the NetworkPolicy.
-
- For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting
- only GlobalNetworkSet or HostEndpoint.
-
- For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload
- endpoints across all namespaces.
- type: string
- nets:
- description: |-
- Nets is an optional field that restricts the rule to only apply to traffic that
- originates from (or terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: |-
- NotPorts is the negated version of the Ports field.
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: |-
- NotSelector is the negated version of the Selector field. See Selector field for
- subtleties with negated selectors.
- type: string
- ports:
- description: |-
- Ports is an optional field that restricts the rule to only apply to traffic that has a
- source (destination) port that matches one of these ranges/values. This value is a
- list of integers or strings that represent ranges of ports.
-
- Since only some protocols have ports, if any ports are specified it requires the
- Protocol match in the Rule to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for\nsample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching\nthe selector will be matched.\n\nNote that:
- in addition to the negated version of the Selector (see
- NotSelector below), the\nselector expression syntax itself
- supports negation. The two types of negation are subtly\ndifferent.
- One negates the set of matched endpoints, the other negates
- the whole match:\n\n\tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled\n\tendpoints
- that do not have the label \"my_label\".\n\n\tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled\n\tendpoints that do have the label
- \"my_label\".\n\nThe effect is that the latter will accept
- packets from non-Calico sources whereas the\nformer is
- limited to packets from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: |-
- ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or
- terminates at) a pod running as a matching service account.
- properties:
- names:
- description: |-
- Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates
- at) a pod running as a service account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: |-
- Selector is an optional field that restricts the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a service account that matches the given label selector.
- If both Names and Selector are specified then they are AND'ed.
- type: string
- type: object
- services:
- description: |-
- Services is an optional field that contains options for matching Kubernetes Services.
- If specified, only traffic that originates from or terminates at endpoints within the selected
- service(s) will be matched, and only to/from each endpoint's port.
-
- Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets,
- NotNets or ServiceAccounts.
-
- Ports and NotPorts can only be specified with Services on ingress rules.
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: |-
- Namespace specifies the namespace of the given Service. If left empty, the rule
- will match within this policy's namespace.
- type: string
- type: object
- type: object
- required:
- - action
- type: object
- type: array
- order:
- description: |-
- Order is an optional field that specifies the order in which the policy is applied.
- Policies with higher "order" are applied after those with lower
- order within the same tier. If the order is omitted, it may be considered to be "infinite" - i.e. the
- policy will be applied last. Policies with identical order will be applied in
- alphanumerical order based on the Policy "Name" within the tier.
- type: number
- performanceHints:
- description: |-
- PerformanceHints contains a list of hints to Calico's policy engine to
- help process the policy more efficiently. Hints never change the
- enforcement behaviour of the policy.
-
- Currently, the only available hint is "AssumeNeededOnEveryNode". When
- that hint is set on a policy, Felix will act as if the policy matches
- a local endpoint even if it does not. This is useful for "preloading"
- any large static policies that are known to be used on every node.
- If the policy is _not_ used on a particular node then the work
- done to preload the policy (and to maintain it) is wasted.
- items:
- type: string
- type: array
- selector:
- description: "The selector is an expression used to pick pick out
- the endpoints that the policy should\nbe applied to.\n\nSelector
- expressions follow this syntax:\n\n\tlabel == \"string_literal\"
- \ -> comparison, e.g. my_label == \"foo bar\"\n\tlabel != \"string_literal\"
- \ -> not equal; also matches if label is not present\n\tlabel
- in { \"a\", \"b\", \"c\", ... } -> true if the value of label
- X is one of \"a\", \"b\", \"c\"\n\tlabel not in { \"a\", \"b\",
- \"c\", ... } -> true if the value of label X is not one of \"a\",
- \"b\", \"c\"\n\thas(label_name) -> True if that label is present\n\t!
- expr -> negation of expr\n\texpr && expr -> Short-circuit and\n\texpr
- || expr -> Short-circuit or\n\t( expr ) -> parens for grouping\n\tall()
- or the empty selector -> matches all endpoints.\n\nLabel names are
- allowed to contain alphanumerics, -, _ and /. String literals are
- more permissive\nbut they do not support escape characters.\n\nExamples
- (with made-up labels):\n\n\ttype == \"webserver\" && deployment
- == \"prod\"\n\ttype in {\"frontend\", \"backend\"}\n\tdeployment
- != \"dev\"\n\t! has(label_name)"
- type: string
- serviceAccountSelector:
- description: ServiceAccountSelector is an optional field for an expression
- used to select a pod based on service accounts.
- type: string
- stagedAction:
- description: The staged action. If this is omitted, the default is
- Set.
- type: string
- tier:
- description: |-
- The name of the tier that this policy belongs to. If this is omitted, the default
- tier (name is "default") is assumed. The specified tier must exist in order to create
- security policies within the tier, the "default" tier is created automatically if it
- does not exist, this means for deployments requiring only a single Tier, the tier name
- may be omitted on all policy management requests.
- type: string
- types:
- description: |-
- Types indicates whether this policy applies to ingress, or to egress, or to both. When
- not explicitly specified (and so the value on creation is empty or nil), Calico defaults
- Types according to what Ingress and Egress are present in the policy. The
- default is:
-
- - [ PolicyTypeIngress ], if there are no Egress rules (including the case where there are
- also no Ingress rules)
-
- - [ PolicyTypeEgress ], if there are Egress rules but no Ingress rules
-
- - [ PolicyTypeIngress, PolicyTypeEgress ], if there are both Ingress and Egress rules.
-
- When the policy is read back again, Types will always be one of these values, never empty
- or nil.
- items:
- description: PolicyType enumerates the possible values of the PolicySpec
- Types field.
- type: string
- type: array
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/crd.projectcalico.org_tiers.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.17.3
- name: tiers.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: Tier
- listKind: TierList
- plural: tiers
- singular: tier
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: TierSpec contains the specification for a security policy
- tier resource.
- properties:
- defaultAction:
- description: |-
- DefaultAction specifies the action applied to workloads selected by a policy in the tier,
- but not rule matched the workload's traffic.
- [Default: Deny]
- enum:
- - Pass
- - Deny
- type: string
- order:
- description: |-
- Order is an optional field that specifies the order in which the tier is applied.
- Tiers with higher "order" are applied after those with lower order. If the order
- is omitted, it may be considered to be "infinite" - i.e. the tier will be applied
- last. Tiers with identical order will be applied in alphanumerical order based
- on the Tier "Name".
- type: number
- type: object
- type: object
- served: true
- storage: true
----
-# Source: crds/policy.networking.k8s.io_adminnetworkpolicies.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- api-approved.kubernetes.io: https://github.com/kubernetes-sigs/network-policy-api/pull/30
- policy.networking.k8s.io/bundle-version: v0.1.1
- policy.networking.k8s.io/channel: experimental
- creationTimestamp: null
- name: adminnetworkpolicies.policy.networking.k8s.io
-spec:
- group: policy.networking.k8s.io
- names:
- kind: AdminNetworkPolicy
- listKind: AdminNetworkPolicyList
- plural: adminnetworkpolicies
- shortNames:
- - anp
- singular: adminnetworkpolicy
- scope: Cluster
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.priority
- name: Priority
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1alpha1
- schema:
- openAPIV3Schema:
- description: |-
- AdminNetworkPolicy is a cluster level resource that is part of the
- AdminNetworkPolicy API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: Specification of the desired behavior of AdminNetworkPolicy.
- properties:
- egress:
- description: |-
- Egress is the list of Egress rules to be applied to the selected pods.
- A total of 100 rules will be allowed in each ANP instance.
- The relative precedence of egress rules within a single ANP object (all of
- which share the priority) will be determined by the order in which the rule
- is written. Thus, a rule that appears at the top of the egress rules
- would take the highest precedence.
- ANPs with no egress rules do not affect egress traffic.
-
-
- Support: Core
- items:
- description: |-
- AdminNetworkPolicyEgressRule describes an action to take on a particular
- set of traffic originating from pods selected by a AdminNetworkPolicy's
- Subject field.
- <network-policy-api:experimental:validation>
- properties:
- action:
- description: |-
- Action specifies the effect this rule will have on matching traffic.
- Currently the following actions are supported:
- Allow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy)
- Deny: denies the selected traffic
- Pass: instructs the selected traffic to skip any remaining ANP rules, and
- then pass execution to any NetworkPolicies that select the pod.
- If the pod is not selected by any NetworkPolicies then execution
- is passed to any BaselineAdminNetworkPolicies that select the pod.
-
-
- Support: Core
- enum:
- - Allow
- - Deny
- - Pass
- type: string
- name:
- description: |-
- Name is an identifier for this rule, that may be no more than 100 characters
- in length. This field should be used by the implementation to help
- improve observability, readability and error-reporting for any applied
- AdminNetworkPolicies.
-
-
- Support: Core
- maxLength: 100
- type: string
- ports:
- description: |-
- Ports allows for matching traffic based on port and protocols.
- This field is a list of destination ports for the outgoing egress traffic.
- If Ports is not set then the rule does not filter traffic via port.
-
-
- Support: Core
- items:
- description: |-
- AdminNetworkPolicyPort describes how to select network ports on pod(s).
- Exactly one field must be set.
- maxProperties: 1
- minProperties: 1
- properties:
- namedPort:
- description: |-
- NamedPort selects a port on a pod(s) based on name.
-
-
- Support: Extended
-
-
- <network-policy-api:experimental>
- type: string
- portNumber:
- description: |-
- Port selects a port on a pod(s) based on number.
-
-
- Support: Core
- properties:
- port:
- description: |-
- Number defines a network port value.
-
-
- Support: Core
- format: int32
- maximum: 65535
- minimum: 1
- type: integer
- protocol:
- default: TCP
- description: |-
- Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must
- match. If not specified, this field defaults to TCP.
-
-
- Support: Core
- type: string
- required:
- - port
- - protocol
- type: object
- portRange:
- description: |-
- PortRange selects a port range on a pod(s) based on provided start and end
- values.
-
-
- Support: Core
- properties:
- end:
- description: |-
- End defines a network port that is the end of a port range, the End value
- must be greater than Start.
-
-
- Support: Core
- format: int32
- maximum: 65535
- minimum: 1
- type: integer
- protocol:
- default: TCP
- description: |-
- Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must
- match. If not specified, this field defaults to TCP.
-
-
- Support: Core
- type: string
- start:
- description: |-
- Start defines a network port that is the start of a port range, the Start
- value must be less than End.
-
-
- Support: Core
- format: int32
- maximum: 65535
- minimum: 1
- type: integer
- required:
- - end
- - start
- type: object
- type: object
- maxItems: 100
- type: array
- to:
- description: |-
- To is the List of destinations whose traffic this rule applies to.
- If any AdminNetworkPolicyEgressPeer matches the destination of outgoing
- traffic then the specified action is applied.
- This field must be defined and contain at least one item.
-
-
- Support: Core
- items:
- description: |-
- AdminNetworkPolicyEgressPeer defines a peer to allow traffic to.
- Exactly one of the selector pointers must be set for a given peer. If a
- consumer observes none of its fields are set, they must assume an unknown
- option has been specified and fail closed.
- maxProperties: 1
- minProperties: 1
- properties:
- namespaces:
- description: |-
- Namespaces defines a way to select all pods within a set of Namespaces.
- Note that host-networked pods are not included in this type of peer.
-
-
- Support: Core
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- networks:
- description: |-
- Networks defines a way to select peers via CIDR blocks.
- This is intended for representing entities that live outside the cluster,
- which can't be selected by pods, namespaces and nodes peers, but note
- that cluster-internal traffic will be checked against the rule as
- well. So if you Allow or Deny traffic to `"0.0.0.0/0"`, that will allow
- or deny all IPv4 pod-to-pod traffic as well. If you don't want that,
- add a rule that Passes all pod traffic before the Networks rule.
-
-
- Each item in Networks should be provided in the CIDR format and should be
- IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8".
-
-
- Networks can have upto 25 CIDRs specified.
-
-
- Support: Extended
-
-
- <network-policy-api:experimental>
- items:
- description: |-
- CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8").
- This string must be validated by implementations using net.ParseCIDR
- TODO: Introduce CEL CIDR validation regex isCIDR() in Kube 1.31 when it is available.
- maxLength: 43
- type: string
- x-kubernetes-validations:
- - message: CIDR must be either an IPv4 or IPv6 address.
- IPv4 address embedded in IPv6 addresses are not
- supported
- rule: self.contains(':') != self.contains('.')
- maxItems: 25
- minItems: 1
- type: array
- x-kubernetes-list-type: set
- nodes:
- description: |-
- Nodes defines a way to select a set of nodes in
- the cluster. This field follows standard label selector
- semantics; if present but empty, it selects all Nodes.
-
-
- Support: Extended
-
-
- <network-policy-api:experimental>
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- pods:
- description: |-
- Pods defines a way to select a set of pods in
- a set of namespaces. Note that host-networked pods
- are not included in this type of peer.
-
-
- Support: Core
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector follows standard label selector semantics; if empty,
- it selects all Namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- podSelector:
- description: |-
- PodSelector is used to explicitly select pods within a namespace; if empty,
- it selects all Pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- required:
- - namespaceSelector
- - podSelector
- type: object
- type: object
- maxItems: 100
- minItems: 1
- type: array
- required:
- - action
- - to
- type: object
- x-kubernetes-validations:
- - message: networks/nodes peer cannot be set with namedPorts since
- there are no namedPorts for networks/nodes
- rule: '!(self.to.exists(peer, has(peer.networks) || has(peer.nodes))
- && has(self.ports) && self.ports.exists(port, has(port.namedPort)))'
- maxItems: 100
- type: array
- ingress:
- description: |-
- Ingress is the list of Ingress rules to be applied to the selected pods.
- A total of 100 rules will be allowed in each ANP instance.
- The relative precedence of ingress rules within a single ANP object (all of
- which share the priority) will be determined by the order in which the rule
- is written. Thus, a rule that appears at the top of the ingress rules
- would take the highest precedence.
- ANPs with no ingress rules do not affect ingress traffic.
-
-
- Support: Core
- items:
- description: |-
- AdminNetworkPolicyIngressRule describes an action to take on a particular
- set of traffic destined for pods selected by an AdminNetworkPolicy's
- Subject field.
- properties:
- action:
- description: |-
- Action specifies the effect this rule will have on matching traffic.
- Currently the following actions are supported:
- Allow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy)
- Deny: denies the selected traffic
- Pass: instructs the selected traffic to skip any remaining ANP rules, and
- then pass execution to any NetworkPolicies that select the pod.
- If the pod is not selected by any NetworkPolicies then execution
- is passed to any BaselineAdminNetworkPolicies that select the pod.
-
-
- Support: Core
- enum:
- - Allow
- - Deny
- - Pass
- type: string
- from:
- description: |-
- From is the list of sources whose traffic this rule applies to.
- If any AdminNetworkPolicyIngressPeer matches the source of incoming
- traffic then the specified action is applied.
- This field must be defined and contain at least one item.
-
-
- Support: Core
- items:
- description: |-
- AdminNetworkPolicyIngressPeer defines an in-cluster peer to allow traffic from.
- Exactly one of the selector pointers must be set for a given peer. If a
- consumer observes none of its fields are set, they must assume an unknown
- option has been specified and fail closed.
- maxProperties: 1
- minProperties: 1
- properties:
- namespaces:
- description: |-
- Namespaces defines a way to select all pods within a set of Namespaces.
- Note that host-networked pods are not included in this type of peer.
-
-
- Support: Core
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- pods:
- description: |-
- Pods defines a way to select a set of pods in
- a set of namespaces. Note that host-networked pods
- are not included in this type of peer.
-
-
- Support: Core
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector follows standard label selector semantics; if empty,
- it selects all Namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- podSelector:
- description: |-
- PodSelector is used to explicitly select pods within a namespace; if empty,
- it selects all Pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- required:
- - namespaceSelector
- - podSelector
- type: object
- type: object
- maxItems: 100
- minItems: 1
- type: array
- name:
- description: |-
- Name is an identifier for this rule, that may be no more than 100 characters
- in length. This field should be used by the implementation to help
- improve observability, readability and error-reporting for any applied
- AdminNetworkPolicies.
-
-
- Support: Core
- maxLength: 100
- type: string
- ports:
- description: |-
- Ports allows for matching traffic based on port and protocols.
- This field is a list of ports which should be matched on
- the pods selected for this policy i.e the subject of the policy.
- So it matches on the destination port for the ingress traffic.
- If Ports is not set then the rule does not filter traffic via port.
-
-
- Support: Core
- items:
- description: |-
- AdminNetworkPolicyPort describes how to select network ports on pod(s).
- Exactly one field must be set.
- maxProperties: 1
- minProperties: 1
- properties:
- namedPort:
- description: |-
- NamedPort selects a port on a pod(s) based on name.
-
-
- Support: Extended
-
-
- <network-policy-api:experimental>
- type: string
- portNumber:
- description: |-
- Port selects a port on a pod(s) based on number.
-
-
- Support: Core
- properties:
- port:
- description: |-
- Number defines a network port value.
-
-
- Support: Core
- format: int32
- maximum: 65535
- minimum: 1
- type: integer
- protocol:
- default: TCP
- description: |-
- Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must
- match. If not specified, this field defaults to TCP.
-
-
- Support: Core
- type: string
- required:
- - port
- - protocol
- type: object
- portRange:
- description: |-
- PortRange selects a port range on a pod(s) based on provided start and end
- values.
-
-
- Support: Core
- properties:
- end:
- description: |-
- End defines a network port that is the end of a port range, the End value
- must be greater than Start.
-
-
- Support: Core
- format: int32
- maximum: 65535
- minimum: 1
- type: integer
- protocol:
- default: TCP
- description: |-
- Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must
- match. If not specified, this field defaults to TCP.
-
-
- Support: Core
- type: string
- start:
- description: |-
- Start defines a network port that is the start of a port range, the Start
- value must be less than End.
-
-
- Support: Core
- format: int32
- maximum: 65535
- minimum: 1
- type: integer
- required:
- - end
- - start
- type: object
- type: object
- maxItems: 100
- type: array
- required:
- - action
- - from
- type: object
- maxItems: 100
- type: array
- priority:
- description: |-
- Priority is a value from 0 to 1000. Rules with lower priority values have
- higher precedence, and are checked before rules with higher priority values.
- All AdminNetworkPolicy rules have higher precedence than NetworkPolicy or
- BaselineAdminNetworkPolicy rules
- The behavior is undefined if two ANP objects have same priority.
-
-
- Support: Core
- format: int32
- maximum: 1000
- minimum: 0
- type: integer
- subject:
- description: |-
- Subject defines the pods to which this AdminNetworkPolicy applies.
- Note that host-networked pods are not included in subject selection.
-
-
- Support: Core
- maxProperties: 1
- minProperties: 1
- properties:
- namespaces:
- description: Namespaces is used to select pods via namespace selectors.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- pods:
- description: Pods is used to select pods via namespace AND pod
- selectors.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector follows standard label selector semantics; if empty,
- it selects all Namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- podSelector:
- description: |-
- PodSelector is used to explicitly select pods within a namespace; if empty,
- it selects all Pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- required:
- - namespaceSelector
- - podSelector
- type: object
- type: object
- required:
- - priority
- - subject
- type: object
- status:
- description: Status is the status to be reported by the implementation.
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource.\n---\nThis struct is intended for
- direct use as an array at the field path .status.conditions. For
- example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
- observations of a foo's current state.\n\t // Known .status.conditions.type
- are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
- +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
- \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
- \ // other fields\n\t}"
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- ---
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
- useful (see .node.status.conditions), the ability to deconflict is important.
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- required:
- - conditions
- type: object
- required:
- - metadata
- - spec
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-# Source: crds/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- api-approved.kubernetes.io: https://github.com/kubernetes-sigs/network-policy-api/pull/30
- policy.networking.k8s.io/bundle-version: v0.1.1
- policy.networking.k8s.io/channel: experimental
- creationTimestamp: null
- name: baselineadminnetworkpolicies.policy.networking.k8s.io
-spec:
- group: policy.networking.k8s.io
- names:
- kind: BaselineAdminNetworkPolicy
- listKind: BaselineAdminNetworkPolicyList
- plural: baselineadminnetworkpolicies
- shortNames:
- - banp
- singular: baselineadminnetworkpolicy
- scope: Cluster
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1alpha1
- schema:
- openAPIV3Schema:
- description: |-
- BaselineAdminNetworkPolicy is a cluster level resource that is part of the
- AdminNetworkPolicy API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: Specification of the desired behavior of BaselineAdminNetworkPolicy.
- properties:
- egress:
- description: |-
- Egress is the list of Egress rules to be applied to the selected pods if
- they are not matched by any AdminNetworkPolicy or NetworkPolicy rules.
- A total of 100 Egress rules will be allowed in each BANP instance.
- The relative precedence of egress rules within a single BANP object
- will be determined by the order in which the rule is written.
- Thus, a rule that appears at the top of the egress rules
- would take the highest precedence.
- BANPs with no egress rules do not affect egress traffic.
-
-
- Support: Core
- items:
- description: |-
- BaselineAdminNetworkPolicyEgressRule describes an action to take on a particular
- set of traffic originating from pods selected by a BaselineAdminNetworkPolicy's
- Subject field.
- <network-policy-api:experimental:validation>
- properties:
- action:
- description: |-
- Action specifies the effect this rule will have on matching traffic.
- Currently the following actions are supported:
- Allow: allows the selected traffic
- Deny: denies the selected traffic
-
-
- Support: Core
- enum:
- - Allow
- - Deny
- type: string
- name:
- description: |-
- Name is an identifier for this rule, that may be no more than 100 characters
- in length. This field should be used by the implementation to help
- improve observability, readability and error-reporting for any applied
- BaselineAdminNetworkPolicies.
-
-
- Support: Core
- maxLength: 100
- type: string
- ports:
- description: |-
- Ports allows for matching traffic based on port and protocols.
- This field is a list of destination ports for the outgoing egress traffic.
- If Ports is not set then the rule does not filter traffic via port.
- items:
- description: |-
- AdminNetworkPolicyPort describes how to select network ports on pod(s).
- Exactly one field must be set.
- maxProperties: 1
- minProperties: 1
- properties:
- namedPort:
- description: |-
- NamedPort selects a port on a pod(s) based on name.
-
-
- Support: Extended
-
-
- <network-policy-api:experimental>
- type: string
- portNumber:
- description: |-
- Port selects a port on a pod(s) based on number.
-
-
- Support: Core
- properties:
- port:
- description: |-
- Number defines a network port value.
-
-
- Support: Core
- format: int32
- maximum: 65535
- minimum: 1
- type: integer
- protocol:
- default: TCP
- description: |-
- Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must
- match. If not specified, this field defaults to TCP.
-
-
- Support: Core
- type: string
- required:
- - port
- - protocol
- type: object
- portRange:
- description: |-
- PortRange selects a port range on a pod(s) based on provided start and end
- values.
-
-
- Support: Core
- properties:
- end:
- description: |-
- End defines a network port that is the end of a port range, the End value
- must be greater than Start.
-
-
- Support: Core
- format: int32
- maximum: 65535
- minimum: 1
- type: integer
- protocol:
- default: TCP
- description: |-
- Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must
- match. If not specified, this field defaults to TCP.
-
-
- Support: Core
- type: string
- start:
- description: |-
- Start defines a network port that is the start of a port range, the Start
- value must be less than End.
-
-
- Support: Core
- format: int32
- maximum: 65535
- minimum: 1
- type: integer
- required:
- - end
- - start
- type: object
- type: object
- maxItems: 100
- type: array
- to:
- description: |-
- To is the list of destinations whose traffic this rule applies to.
- If any AdminNetworkPolicyEgressPeer matches the destination of outgoing
- traffic then the specified action is applied.
- This field must be defined and contain at least one item.
-
-
- Support: Core
- items:
- description: |-
- AdminNetworkPolicyEgressPeer defines a peer to allow traffic to.
- Exactly one of the selector pointers must be set for a given peer. If a
- consumer observes none of its fields are set, they must assume an unknown
- option has been specified and fail closed.
- maxProperties: 1
- minProperties: 1
- properties:
- namespaces:
- description: |-
- Namespaces defines a way to select all pods within a set of Namespaces.
- Note that host-networked pods are not included in this type of peer.
-
-
- Support: Core
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- networks:
- description: |-
- Networks defines a way to select peers via CIDR blocks.
- This is intended for representing entities that live outside the cluster,
- which can't be selected by pods, namespaces and nodes peers, but note
- that cluster-internal traffic will be checked against the rule as
- well. So if you Allow or Deny traffic to `"0.0.0.0/0"`, that will allow
- or deny all IPv4 pod-to-pod traffic as well. If you don't want that,
- add a rule that Passes all pod traffic before the Networks rule.
-
-
- Each item in Networks should be provided in the CIDR format and should be
- IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8".
-
-
- Networks can have upto 25 CIDRs specified.
-
-
- Support: Extended
-
-
- <network-policy-api:experimental>
- items:
- description: |-
- CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8").
- This string must be validated by implementations using net.ParseCIDR
- TODO: Introduce CEL CIDR validation regex isCIDR() in Kube 1.31 when it is available.
- maxLength: 43
- type: string
- x-kubernetes-validations:
- - message: CIDR must be either an IPv4 or IPv6 address.
- IPv4 address embedded in IPv6 addresses are not
- supported
- rule: self.contains(':') != self.contains('.')
- maxItems: 25
- minItems: 1
- type: array
- x-kubernetes-list-type: set
- nodes:
- description: |-
- Nodes defines a way to select a set of nodes in
- the cluster. This field follows standard label selector
- semantics; if present but empty, it selects all Nodes.
-
-
- Support: Extended
-
-
- <network-policy-api:experimental>
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- pods:
- description: |-
- Pods defines a way to select a set of pods in
- a set of namespaces. Note that host-networked pods
- are not included in this type of peer.
-
-
- Support: Core
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector follows standard label selector semantics; if empty,
- it selects all Namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- podSelector:
- description: |-
- PodSelector is used to explicitly select pods within a namespace; if empty,
- it selects all Pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- required:
- - namespaceSelector
- - podSelector
- type: object
- type: object
- maxItems: 100
- minItems: 1
- type: array
- required:
- - action
- - to
- type: object
- x-kubernetes-validations:
- - message: networks/nodes peer cannot be set with namedPorts since
- there are no namedPorts for networks/nodes
- rule: '!(self.to.exists(peer, has(peer.networks) || has(peer.nodes))
- && has(self.ports) && self.ports.exists(port, has(port.namedPort)))'
- maxItems: 100
- type: array
- ingress:
- description: |-
- Ingress is the list of Ingress rules to be applied to the selected pods
- if they are not matched by any AdminNetworkPolicy or NetworkPolicy rules.
- A total of 100 Ingress rules will be allowed in each BANP instance.
- The relative precedence of ingress rules within a single BANP object
- will be determined by the order in which the rule is written.
- Thus, a rule that appears at the top of the ingress rules
- would take the highest precedence.
- BANPs with no ingress rules do not affect ingress traffic.
-
-
- Support: Core
- items:
- description: |-
- BaselineAdminNetworkPolicyIngressRule describes an action to take on a particular
- set of traffic destined for pods selected by a BaselineAdminNetworkPolicy's
- Subject field.
- properties:
- action:
- description: |-
- Action specifies the effect this rule will have on matching traffic.
- Currently the following actions are supported:
- Allow: allows the selected traffic
- Deny: denies the selected traffic
-
-
- Support: Core
- enum:
- - Allow
- - Deny
- type: string
- from:
- description: |-
- From is the list of sources whose traffic this rule applies to.
- If any AdminNetworkPolicyIngressPeer matches the source of incoming
- traffic then the specified action is applied.
- This field must be defined and contain at least one item.
-
-
- Support: Core
- items:
- description: |-
- AdminNetworkPolicyIngressPeer defines an in-cluster peer to allow traffic from.
- Exactly one of the selector pointers must be set for a given peer. If a
- consumer observes none of its fields are set, they must assume an unknown
- option has been specified and fail closed.
- maxProperties: 1
- minProperties: 1
- properties:
- namespaces:
- description: |-
- Namespaces defines a way to select all pods within a set of Namespaces.
- Note that host-networked pods are not included in this type of peer.
-
-
- Support: Core
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- pods:
- description: |-
- Pods defines a way to select a set of pods in
- a set of namespaces. Note that host-networked pods
- are not included in this type of peer.
-
-
- Support: Core
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector follows standard label selector semantics; if empty,
- it selects all Namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- podSelector:
- description: |-
- PodSelector is used to explicitly select pods within a namespace; if empty,
- it selects all Pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- required:
- - namespaceSelector
- - podSelector
- type: object
- type: object
- maxItems: 100
- minItems: 1
- type: array
- name:
- description: |-
- Name is an identifier for this rule, that may be no more than 100 characters
- in length. This field should be used by the implementation to help
- improve observability, readability and error-reporting for any applied
- BaselineAdminNetworkPolicies.
-
-
- Support: Core
- maxLength: 100
- type: string
- ports:
- description: |-
- Ports allows for matching traffic based on port and protocols.
- This field is a list of ports which should be matched on
- the pods selected for this policy i.e the subject of the policy.
- So it matches on the destination port for the ingress traffic.
- If Ports is not set then the rule does not filter traffic via port.
-
-
- Support: Core
- items:
- description: |-
- AdminNetworkPolicyPort describes how to select network ports on pod(s).
- Exactly one field must be set.
- maxProperties: 1
- minProperties: 1
- properties:
- namedPort:
- description: |-
- NamedPort selects a port on a pod(s) based on name.
-
-
- Support: Extended
-
-
- <network-policy-api:experimental>
- type: string
- portNumber:
- description: |-
- Port selects a port on a pod(s) based on number.
-
-
- Support: Core
- properties:
- port:
- description: |-
- Number defines a network port value.
-
-
- Support: Core
- format: int32
- maximum: 65535
- minimum: 1
- type: integer
- protocol:
- default: TCP
- description: |-
- Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must
- match. If not specified, this field defaults to TCP.
-
-
- Support: Core
- type: string
- required:
- - port
- - protocol
- type: object
- portRange:
- description: |-
- PortRange selects a port range on a pod(s) based on provided start and end
- values.
-
-
- Support: Core
- properties:
- end:
- description: |-
- End defines a network port that is the end of a port range, the End value
- must be greater than Start.
-
-
- Support: Core
- format: int32
- maximum: 65535
- minimum: 1
- type: integer
- protocol:
- default: TCP
- description: |-
- Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must
- match. If not specified, this field defaults to TCP.
-
-
- Support: Core
- type: string
- start:
- description: |-
- Start defines a network port that is the start of a port range, the Start
- value must be less than End.
-
-
- Support: Core
- format: int32
- maximum: 65535
- minimum: 1
- type: integer
- required:
- - end
- - start
- type: object
- type: object
- maxItems: 100
- type: array
- required:
- - action
- - from
- type: object
- maxItems: 100
- type: array
- subject:
- description: |-
- Subject defines the pods to which this BaselineAdminNetworkPolicy applies.
- Note that host-networked pods are not included in subject selection.
-
-
- Support: Core
- maxProperties: 1
- minProperties: 1
- properties:
- namespaces:
- description: Namespaces is used to select pods via namespace selectors.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- pods:
- description: Pods is used to select pods via namespace AND pod
- selectors.
- properties:
- namespaceSelector:
- description: |-
- NamespaceSelector follows standard label selector semantics; if empty,
- it selects all Namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- podSelector:
- description: |-
- PodSelector is used to explicitly select pods within a namespace; if empty,
- it selects all Pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- required:
- - namespaceSelector
- - podSelector
- type: object
- type: object
- required:
- - subject
- type: object
- status:
- description: Status is the status to be reported by the implementation.
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource.\n---\nThis struct is intended for
- direct use as an array at the field path .status.conditions. For
- example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
- observations of a foo's current state.\n\t // Known .status.conditions.type
- are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
- +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
- \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
- \ // other fields\n\t}"
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- ---
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
- useful (see .node.status.conditions), the ability to deconflict is important.
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- required:
- - conditions
- type: object
- required:
- - metadata
- - spec
- type: object
- x-kubernetes-validations:
- - message: Only one baseline admin network policy with metadata.name="default"
- can be created in the cluster
- rule: self.metadata.name == 'default'
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
Code Review / csit.git / commitdiff