From 18399a9ff523c4cc0f4ca8b73d90c5211746746d Mon Sep 17 00:00:00 2001 From: Nirmal Vadakke Palangatt Date: Wed, 26 Apr 2023 16:53:20 +0200 Subject: [PATCH 01/27] feat: Add AWSAZChaos Co-authored-by: Georgios Koutsoumpakis --- api/v1alpha1/awsazchaos_types.go | 73 +++ .../chaosimpl/awsazchaos/awsdrclient/model.go | 9 + .../chaosimpl/awsazchaos/awsdrclient/stack.go | 427 ++++++++++++++++++ .../awsazchaos/ctxutil/context_keys.go | 18 + controllers/chaosimpl/awsazchaos/impl.go | 112 +++++ .../chaosimpl/awsazchaos/subnetloss/loss.go | 120 +++++ controllers/chaosimpl/fx.go | 3 +- controllers/types/types.go | 7 + pkg/selector/awsaz/selector.go | 17 + pkg/selector/selector.go | 3 + 10 files changed, 788 insertions(+), 1 deletion(-) create mode 100644 api/v1alpha1/awsazchaos_types.go create mode 100644 controllers/chaosimpl/awsazchaos/awsdrclient/model.go create mode 100644 controllers/chaosimpl/awsazchaos/awsdrclient/stack.go create mode 100644 controllers/chaosimpl/awsazchaos/ctxutil/context_keys.go create mode 100644 controllers/chaosimpl/awsazchaos/impl.go create mode 100644 controllers/chaosimpl/awsazchaos/subnetloss/loss.go create mode 100644 pkg/selector/awsaz/selector.go diff --git a/api/v1alpha1/awsazchaos_types.go b/api/v1alpha1/awsazchaos_types.go new file mode 100644 index 0000000000..7b6da6da01 --- /dev/null +++ b/api/v1alpha1/awsazchaos_types.go @@ -0,0 +1,73 @@ +package v1alpha1 + +import ( + "encoding/json" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +kubebuilder:object:root=true +// +kubebuilder:printcolumn:name="duration",type=string,JSONPath=`.spec.duration` +// +chaos-mesh:experiment + +// AWSAzChaos is the Schema for the helloworldchaos API +type AWSAzChaos struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec AWSAzChaosSpec `json:"spec"` + Status AWSAzChaosStatus `json:"status,omitempty"` +} + +var _ InnerObjectWithCustomStatus = (*AWSAzChaos)(nil) +var _ InnerObjectWithSelector = (*AWSAzChaos)(nil) +var _ InnerObject = (*AWSAzChaos)(nil) + +// AWSAzChaosSpec is the content of the specification for a HelloWorldChaos +type AWSAzChaosSpec struct { + // ContainerSelector specifies target + AWSAZSelector `json:",inline"` + + // Duration represents the duration of the chaos action + // +optional + Duration *string `json:"duration,omitempty"` + + RemoteCluster string `json:"remoteCluster,omitempty"` +} + +// AWSAzChaosStatus represents the status of a HelloWorldChaos +type AWSAzChaosStatus struct { + ChaosStatus `json:",inline"` + // SubnetToACL represents the connection between a subnet and its Network ACL + SubnetToACL map[string]string `json:"subnetToACL,omitempty"` +} + +type AWSAZSelector struct { + // TODO: it would be better to split them into multiple different selector and implementation + // but to keep the minimal modification on current implementation, it hasn't been splited. + + // AWSRegion defines the region of aws. + Stack string `json:"stack"` + + // Ec2Instance indicates the ID of the ec2 instance. + AZ string `json:"az"` +} + +// GetSelectorSpecs is a getter for selectors +func (obj *AWSAzChaos) GetSelectorSpecs() map[string]interface{} { + return map[string]interface{}{ + ".": &obj.Spec.AWSAZSelector, + } +} + +func (obj *AWSAZSelector) Id() string { + // TODO: handle the error here + // or ignore it is enough ? + json, _ := json.Marshal(obj) + + return string(json) +} + +func (obj *AWSAzChaos) GetCustomStatus() interface{} { + return &obj.Status.SubnetToACL +} diff --git a/controllers/chaosimpl/awsazchaos/awsdrclient/model.go b/controllers/chaosimpl/awsazchaos/awsdrclient/model.go new file mode 100644 index 0000000000..3f74d31227 --- /dev/null +++ b/controllers/chaosimpl/awsazchaos/awsdrclient/model.go @@ -0,0 +1,9 @@ +package awsdrclient + +type AutoScalingGroupState struct { + AutoScalingGroupName string + AvailabilityZones []string + DesiredCapacity int32 + MaxSize int32 + MinSize int32 +} diff --git a/controllers/chaosimpl/awsazchaos/awsdrclient/stack.go b/controllers/chaosimpl/awsazchaos/awsdrclient/stack.go new file mode 100644 index 0000000000..c8f14263ad --- /dev/null +++ b/controllers/chaosimpl/awsazchaos/awsdrclient/stack.go @@ -0,0 +1,427 @@ +package awsdrclient + +import ( + "context" + "fmt" + + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/autoscaling" + autoscalingTypes "github.com/aws/aws-sdk-go-v2/service/autoscaling/types" + "github.com/aws/aws-sdk-go-v2/service/ec2" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" + "github.com/chaos-mesh/chaos-mesh/controllers/chaosimpl/awsazchaos/ctxutil" + "github.com/go-logr/logr" +) + +func NewPtr[T any](val T) *T { + return &val +} + +type StackScopedDRClient struct { + stack string + + ec2StackFilters []ec2types.Filter + ec2Client *ec2.Client + autoscalingStackFilters []autoscalingTypes.Filter + autoscalingClient *autoscaling.Client + dryRun bool + log logr.Logger +} + +type StackScopedDRClientOptions struct { + DryRun bool +} + +func New(stack string, log logr.Logger, options ...StackScopedDRClientOptions) (*StackScopedDRClient, error) { + if len(options) > 1 { + return nil, fmt.Errorf("merging of StackScopedDRClientOptions is not supported, specify at most one options struct") + } + + sess, err := config.LoadDefaultConfig(context.Background()) + if err != nil { + return nil, err + } + + ec2Client := ec2.NewFromConfig(sess) + autoscalingClient := autoscaling.NewFromConfig(sess) + + dryRun := len(options) == 1 && options[0].DryRun + + return &StackScopedDRClient{ + stack: stack, + ec2StackFilters: []ec2types.Filter{{ + Name: NewPtr("tag:Stack"), + Values: []string{stack}, + }}, + autoscalingStackFilters: []autoscalingTypes.Filter{{ + Name: NewPtr("tag:Stack"), + Values: []string{stack}, + }}, + ec2Client: ec2Client, + autoscalingClient: autoscalingClient, + dryRun: dryRun, + log: log, + }, nil +} + +func (a *StackScopedDRClient) DescribeMainVPC(ctx context.Context) (ec2types.Vpc, error) { + vpcs, err := a.ec2Client.DescribeVpcs(ctx, &ec2.DescribeVpcsInput{ + Filters: append([]ec2types.Filter{ + { + //main vpc has Name=${stack} + Name: NewPtr("tag:Name"), + Values: []string{a.stack}, + }, + }, a.ec2StackFilters...), + MaxResults: int32(1000), + }) + + if err != nil { + return ec2types.Vpc{}, err + } + + if len(vpcs.Vpcs) != 1 { + return ec2types.Vpc{}, fmt.Errorf("got %d VPCs for stack %s, expected 1", len(vpcs.Vpcs), a.stack) + } + + return vpcs.Vpcs[0], nil +} + +func (a *StackScopedDRClient) DescribeSubnets(ctx context.Context, vpcId string) ([]ec2types.Subnet, error) { + subnets, err := a.ec2Client.DescribeSubnets(ctx, &ec2.DescribeSubnetsInput{ + Filters: append([]ec2types.Filter{ + { + Name: NewPtr("vpc-id"), + Values: []string{vpcId}, + }, + }, a.ec2StackFilters...), + MaxResults: int32(1000), + }) + + if err != nil { + return nil, err + } + return subnets.Subnets, nil +} + +func (a *StackScopedDRClient) tagsForDRResources(simulationId string, resourceType ec2types.ResourceType) []ec2types.TagSpecification { + return []ec2types.TagSpecification{ + { + ResourceType: resourceType, + Tags: []ec2types.Tag{ + { + Key: NewPtr("Stack"), + Value: &a.stack, + }, + { + Key: NewPtr("DisasterRecoveryResource"), + Value: NewPtr("true"), + }, + { + Key: NewPtr("DisasterRecoverySimulationId"), + Value: NewPtr(simulationId), + }, + }, + }, + } +} + +func isSubnetIdInSubnetsAssociations(subnetId string, subnetAssociations []ec2types.NetworkAclAssociation) bool { + for _, assoc := range subnetAssociations { + if *assoc.SubnetId == subnetId { + return true + } + } + return false +} + +func (a *StackScopedDRClient) DescribeNetworkAclsForStackSubnets(ctx context.Context) (map[string]string, error) { + vpc, err := a.DescribeMainVPC(ctx) + if err != nil { + return nil, err + } + + subnets, err := a.DescribeSubnets(ctx, *vpc.VpcId) + if err != nil { + return nil, err + } + + networkAcls, err := a.ec2Client.DescribeNetworkAcls(ctx, &ec2.DescribeNetworkAclsInput{ + DryRun: false, + Filters: []ec2types.Filter{ + { + Name: NewPtr("vpc-id"), + Values: []string{*vpc.VpcId}, + }, + }, + MaxResults: int32(1000), + }) + if err != nil { + return nil, fmt.Errorf("failed to describe network ACLs for ") + } + + subnetToACL := make(map[string]string) + + // check if all subnets have a corresponding network Acl + for _, subnet := range subnets { + aclID := a.getACLAssociatedToSubnet(subnet, networkAcls.NetworkAcls) + if aclID == "" { + return nil, fmt.Errorf("subnet %s does not have a corresponding ACL", *subnet.SubnetId) + } + subnetToACL[*subnet.SubnetId] = aclID + } + + return subnetToACL, nil +} + +func (a *StackScopedDRClient) getACLAssociatedToSubnet(subnet ec2types.Subnet, acls []ec2types.NetworkAcl) string { + for _, networkAcl := range acls { + if isSubnetIdInSubnetsAssociations(*subnet.SubnetId, networkAcl.Associations) { + a.log.Info(fmt.Sprintf("subnet %s corresponds to network acl %s", *subnet.SubnetId, *networkAcl.NetworkAclId)) + return *networkAcl.NetworkAclId + } + } + return "" +} + +func (a *StackScopedDRClient) deleteAssociatedNetworkAclEntries(ctx context.Context, entry AssociatedNetworkAclEntry) error { + _, err := a.ec2Client.DeleteNetworkAclEntry(ctx, &ec2.DeleteNetworkAclEntryInput{ + Egress: entry.Egress, + NetworkAclId: &entry.NetworkAclId, + RuleNumber: entry.RuleNumber, + DryRun: a.dryRun, + }) + if err != nil { + + return fmt.Errorf("error deleting DR network entry %v, cause: %w", entry, err) + } + a.log.Info(fmt.Sprintf("deleted network acl entry %+v", entry)) + return nil +} + +type AssociatedNetworkAclEntry struct { + Egress bool + NetworkAclId string + RuleNumber int32 +} + +func (a *StackScopedDRClient) DeleteNetworkAclEntries(ctx context.Context, entries []AssociatedNetworkAclEntry) error { + var entriesThatWereNotDeleted []AssociatedNetworkAclEntry + var errors []error + + for _, entry := range entries { + if err := a.deleteAssociatedNetworkAclEntries(ctx, entry); err != nil { + entriesThatWereNotDeleted = append(entriesThatWereNotDeleted, entry) + errors = append(errors, err) + a.log.Error(err, fmt.Sprintf("deleting network acl %v failed", entry)) + } + } + + if len(errors) != 0 { + return fmt.Errorf("error clearing DR network ACL entries. "+ + "The following entries have not been deleted, please do it manually: %v. Errors: %v", entriesThatWereNotDeleted, errors) + } + + return nil +} + +// CreateOrGetEmptyNetworkAcl creates a new Network ACL without only the default "deny-all" +// rules in the given VPC. It returns the ID of the Network ACL created. +func (a *StackScopedDRClient) CreateOrGetEmptyNetworkAcl(ctx context.Context, vpcId *string, curb bool) (networkAclId string, err error) { + exisitngEmptyNetworkACL, err := a.GetEmptyNetworkACL(ctx, vpcId) + if err != nil { + return "", err + } + + if exisitngEmptyNetworkACL != "" { + return exisitngEmptyNetworkACL, nil + } + + acl, err := a.ec2Client.CreateNetworkAcl(ctx, &ec2.CreateNetworkAclInput{ + VpcId: vpcId, + DryRun: a.dryRun, + TagSpecifications: a.tagsForDRResources(ctx.Value(ctxutil.CtxKeySimulationId).(string), ec2types.ResourceTypeNetworkAcl), + }) + if err != nil { + return "", fmt.Errorf("error creating Network Acl: %w", err) + } + + a.log.Info(fmt.Sprintf("created empty Network ACL: %s", *acl.NetworkAcl.NetworkAclId)) + if curb { + a.log.Info(fmt.Sprintf("scenario curbed; adding allow-all entries to ACL")) + for _, isEgress := range []bool{true, false} { + egress := isEgress + _, err := a.ec2Client.CreateNetworkAclEntry(ctx, &ec2.CreateNetworkAclEntryInput{ + Egress: egress, + NetworkAclId: acl.NetworkAcl.NetworkAclId, + Protocol: NewPtr("-1"), + RuleAction: ec2types.RuleActionAllow, + RuleNumber: int32(100), + CidrBlock: NewPtr("0.0.0.0/0"), + }) + if err != nil { + return "", fmt.Errorf("error creating entries in ACL: %w", err) + } + } + } + + return *acl.NetworkAcl.NetworkAclId, nil +} + +func (a *StackScopedDRClient) GetEmptyNetworkACL(ctx context.Context, vpcId *string) (string, error) { + existingEmptyNetworkAcl, err := a.ec2Client.DescribeNetworkAcls(ctx, &ec2.DescribeNetworkAclsInput{ + DryRun: false, + Filters: []ec2types.Filter{ + { + Name: NewPtr("vpc-id"), + Values: []string{*vpcId}, + }, + { + Name: NewPtr("tag:DisasterRecoveryResource"), + Values: []string{"true"}, + }, + }, + MaxResults: int32(1), + }) + if err != nil { + return "", err + } + if len(existingEmptyNetworkAcl.NetworkAcls) == 0 { + return "", nil + } + return *existingEmptyNetworkAcl.NetworkAcls[0].NetworkAclId, nil +} + +// DeleteNetworkAcl deletes a Network ACL. +func (a *StackScopedDRClient) DeleteNetworkAcl(ctx context.Context, networkAclId string) error { + _, err := a.ec2Client.DeleteNetworkAcl(ctx, &ec2.DeleteNetworkAclInput{ + NetworkAclId: NewPtr(networkAclId), + DryRun: a.dryRun, + }) + if err != nil { + return fmt.Errorf("error deleting Network Acl: %w", err) + } + + a.log.Info(fmt.Sprintf("deleted Network ACL: %s", networkAclId)) + return nil +} + +type NetworkAclAssociation struct { + AclAssociationId string + AclId string +} + +func (a *StackScopedDRClient) ReplaceNetworkAclForSubnet(ctx context.Context, subnetId string, newNetworkAclId string) (err error) { + + a.log.Info(fmt.Sprintf("replacing Network ACL for subnet (%s) with new acl ID: %s", subnetId, newNetworkAclId)) + + acls, err := a.ec2Client.DescribeNetworkAcls(ctx, &ec2.DescribeNetworkAclsInput{ + DryRun: false, + Filters: []ec2types.Filter{ + { + Name: NewPtr("association.subnet-id"), + Values: []string{ + subnetId, + }, + }, + }, + MaxResults: int32(1000), + }) + if err != nil { + return err + } + if len(acls.NetworkAcls) != 1 { + return fmt.Errorf("expected a single Network ACL association for subnet (%s), got %d", subnetId, len(acls.NetworkAcls)) + } + + aclIdBeforeReplace := *acls.NetworkAcls[0].NetworkAclId // Undo needs to restore old ACL + if aclIdBeforeReplace == newNetworkAclId { + a.log.Info(fmt.Sprintf("not replacing Network ACL for subnet (%s) which is already attached to the desired aclID (%s)", + subnetId, newNetworkAclId)) + return nil + } + + var associationIdToReplace *string + for _, a := range acls.NetworkAcls[0].Associations { + if *a.SubnetId == subnetId { + associationIdToReplace = a.NetworkAclAssociationId + break + } + } + if associationIdToReplace == nil { + return fmt.Errorf("couldn't find associationId for subnet (%s) and ACL (%s)", subnetId, *acls.NetworkAcls[0].NetworkAclId) + } + + newNetworkAssociationId, err := a.ReplaceNetworkAcl(ctx, *associationIdToReplace, newNetworkAclId) + if err != nil { + return fmt.Errorf("unable to replace network ACL for subnet (%s): %w", subnetId, err) + } + a.log.Info(fmt.Sprintf("replaced Network ACL for subnet (%s) having AclId (%s) and AclAssociationId (%s) with new NetworkAclId (%s) and new AclAssociationId(%s)", + subnetId, aclIdBeforeReplace, *associationIdToReplace, newNetworkAclId, newNetworkAssociationId)) + return nil +} + +func (a *StackScopedDRClient) ReplaceNetworkAcl(ctx context.Context, networkAssociationId, networkAclId string) (newNetworkAssociationId string, err error) { + a.log.Info(fmt.Sprintf("replacing Network ACL for association (%s) with: %s", networkAssociationId, networkAclId)) + newAssociation, err := a.ec2Client.ReplaceNetworkAclAssociation(ctx, &ec2.ReplaceNetworkAclAssociationInput{ + AssociationId: NewPtr(networkAssociationId), + NetworkAclId: NewPtr(networkAclId), + DryRun: a.dryRun, + }) + if err != nil { + return "", err + } + + return *newAssociation.NewAssociationId, nil +} + +/*func (a *StackScopedDRClient) DescribeAutoscalingGroups(ctx context.Context) ([]*AutoScalingGroupState, error) { + asgs, err := a.autoscalingClient.DescribeAutoScalingGroups(ctx, &autoscaling.DescribeAutoScalingGroupsInput{ + Filters: append([]autoscalingTypes.Filter{ + { + Name: NewPtr("tag:Cluster"), + Values: []string{fmt.Sprintf("%s-eks-general-blue-01", a.stack)}, + }, + }, a.autoscalingStackFilters...), + MaxRecords: NewPtr(int32(100)), + }) + if err != nil { + return nil, err + } + + results := make([]*AutoScalingGroupState, len(asgs.AutoScalingGroups)) + for i, asg := range asgs.AutoScalingGroups { + results[i] = &AutoScalingGroupState{ + AutoScalingGroupName: *asg.AutoScalingGroupName, + AvailabilityZones: asg.AvailabilityZones, + DesiredCapacity: *asg.DesiredCapacity, + MaxSize: *asg.MaxSize, + MinSize: *asg.MinSize, + } + } + + return results, nil +}*/ + +/*func (a *StackScopedDRClient) ScaleAutoscalingGroups(ctx context.Context, desiredStates []*AutoScalingGroupState) error { + _, errors := parallel.ExecuteInParallel(desiredStates, func(group *AutoScalingGroupState) (interface{}, error) { + log.Infof("scaling Auto Scaling Group %s to min %d, desired %d, max %d)", + group.AutoScalingGroupName, group.MinSize, group.DesiredCapacity, group.MaxSize) + _, err := a.autoscalingClient.UpdateAutoScalingGroup(ctx, &autoscaling.UpdateAutoScalingGroupInput{ + AutoScalingGroupName: &group.AutoScalingGroupName, + DesiredCapacity: &group.DesiredCapacity, + MaxSize: &group.MaxSize, + MinSize: &group.MinSize, + }) + if err != nil { + return nil, fmt.Errorf("error scaling Auto Scaling Group: %w", err) + } + return nil, nil + }) + + if len(errors) != 0 { + return fmt.Errorf("error(s) during scaling Auto Scaling Groups: %v", errors) + } + + return nil +}*/ diff --git a/controllers/chaosimpl/awsazchaos/ctxutil/context_keys.go b/controllers/chaosimpl/awsazchaos/ctxutil/context_keys.go new file mode 100644 index 0000000000..04ddba2d62 --- /dev/null +++ b/controllers/chaosimpl/awsazchaos/ctxutil/context_keys.go @@ -0,0 +1,18 @@ +package ctxutil + +import "context" + +type ctxKey string + +const ( + CtxKeySimulationId ctxKey = "simulationId" + CtxKeyCurbFlag ctxKey = "curbFlag" +) + +func GetOptionalBool(ctx context.Context, key ctxKey) bool { + val := ctx.Value(key) + if b, _ := val.(bool); b { + return true + } + return false +} diff --git a/controllers/chaosimpl/awsazchaos/impl.go b/controllers/chaosimpl/awsazchaos/impl.go new file mode 100644 index 0000000000..dfe7544aac --- /dev/null +++ b/controllers/chaosimpl/awsazchaos/impl.go @@ -0,0 +1,112 @@ +package awsazchaos + +import ( + "context" + "encoding/json" + "fmt" + + "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" + "github.com/chaos-mesh/chaos-mesh/controllers/chaosimpl/awsazchaos/ctxutil" + "github.com/chaos-mesh/chaos-mesh/controllers/chaosimpl/awsazchaos/subnetloss" + impltypes "github.com/chaos-mesh/chaos-mesh/controllers/chaosimpl/types" + "github.com/go-logr/logr" + "go.uber.org/fx" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +type Impl struct { + client.Client + Log logr.Logger +} + +const ( + waitForApplySync v1alpha1.Phase = "Not Injected/Wait" +) + +// Apply applies KernelChaos +func (impl *Impl) Apply(ctx context.Context, index int, records []*v1alpha1.Record, obj v1alpha1.InnerObject) (v1alpha1.Phase, error) { + impl.Log.Info("Apply awsazchaos chaos") + + awsAZChaos := obj.(*v1alpha1.AWSAzChaos) + ctx = context.WithValue(ctx, ctxutil.CtxKeySimulationId, awsAZChaos.Name) + + var selected v1alpha1.AWSAZSelector + record := records[index] + err := json.Unmarshal([]byte(record.Id), &selected) + if err != nil { + impl.Log.Error(err, "fail to unmarshal the selector") + return v1alpha1.NotInjected, err + } + + azLoss, err := subnetloss.NewAWSAzLoss(ctx, selected.Stack, selected.AZ, impl.Log) + if err != nil { + impl.Log.Error(err, "fail to create NewAWSAzLoss") + return v1alpha1.NotInjected, err + } + + phase := record.Phase + if phase == waitForApplySync { + impl.Log.Info(fmt.Sprintf("Applying awsazchaos chaos for stack (%s) and AZ (%s)", selected.Stack, selected.AZ)) + err := azLoss.Start(ctx, awsAZChaos.Status.SubnetToACL) + if err != nil { + impl.Log.Error(err, "fail to start NewAWSAzLoss") + return waitForApplySync, err + } + return v1alpha1.Injected, nil + } + + subnetToACL, err := azLoss.GetSubnetToACL(ctx) + if err != nil { + impl.Log.Error(err, "fail to get initial state") + return v1alpha1.NotInjected, err + } + awsAZChaos.Status.SubnetToACL = subnetToACL + return waitForApplySync, nil +} + +// Recover means the reconciler recovers the chaos action +func (impl *Impl) Recover(ctx context.Context, index int, records []*v1alpha1.Record, obj v1alpha1.InnerObject) (v1alpha1.Phase, error) { + impl.Log.Info("Recover awsazchaos chaos") + + awsAZChaos := obj.(*v1alpha1.AWSAzChaos) + ctx = context.WithValue(ctx, ctxutil.CtxKeySimulationId, awsAZChaos.Name) + + var selected v1alpha1.AWSAZSelector + err := json.Unmarshal([]byte(records[index].Id), &selected) + if err != nil { + impl.Log.Error(err, "fail to unmarshal the selector") + return v1alpha1.Injected, err + } + + azLoss, err := subnetloss.NewAWSAzLoss(ctx, selected.Stack, selected.AZ, impl.Log) + if err != nil { + impl.Log.Error(err, "fail to create NewAWSAzLoss") + return v1alpha1.Injected, err + } + impl.Log.Info(fmt.Sprintf("Recovering awsazchaos chaos for stack (%s) and AZ (%s)", selected.Stack, selected.AZ)) + err = azLoss.Stop(ctx, awsAZChaos.Status.SubnetToACL) + if err != nil { + impl.Log.Error(err, fmt.Sprintf("failed to recover awsazchaos chaos for stack (%s) and AZ (%s)", selected.Stack, selected.AZ)) + return v1alpha1.Injected, err + } + return v1alpha1.NotInjected, nil +} + +func NewImpl(c client.Client, log logr.Logger) *impltypes.ChaosImplPair { + return &impltypes.ChaosImplPair{ + Name: "awsazchaos", + Object: &v1alpha1.AWSAzChaos{}, + Impl: &Impl{ + Client: c, + Log: log.WithName("awsazchaos"), + }, + ObjectList: &v1alpha1.AWSAzChaosList{}, + } +} + +var Module = fx.Provide( + fx.Annotated{ + Group: "impl", + Target: NewImpl, + }, +) diff --git a/controllers/chaosimpl/awsazchaos/subnetloss/loss.go b/controllers/chaosimpl/awsazchaos/subnetloss/loss.go new file mode 100644 index 0000000000..a993306a49 --- /dev/null +++ b/controllers/chaosimpl/awsazchaos/subnetloss/loss.go @@ -0,0 +1,120 @@ +package subnetloss + +import ( + "context" + "fmt" + + "github.com/chaos-mesh/chaos-mesh/controllers/chaosimpl/awsazchaos/awsdrclient" + "github.com/chaos-mesh/chaos-mesh/controllers/chaosimpl/awsazchaos/ctxutil" + "github.com/go-logr/logr" +) + +// AWSSubnetsLoss will simulate loss of certain AWS subnets by setting up +// Network ACLs that completely lock down the subnets. It can either affect +// all subnets in the stack (if az == "") or subnets in a single az (if az != "") +type AWSSubnetsLoss struct { + stack string // Which stack to test + az string // Which AZ to affect, empty means all AZs + curb bool + client *awsdrclient.StackScopedDRClient + log logr.Logger +} + +func (a *AWSSubnetsLoss) String() string { + if a.az == "" { + return "AWS Region Loss" + } + return "AWS AZ Loss" +} + +func NewAWSAzLoss(ctx context.Context, stack string, az string, log logr.Logger) (*AWSSubnetsLoss, error) { + client, err := awsdrclient.New(stack, log, awsdrclient.StackScopedDRClientOptions{DryRun: false}) + if err != nil { + return nil, err + } + + curb := ctxutil.GetOptionalBool(ctx, ctxutil.CtxKeyCurbFlag) + + return &AWSSubnetsLoss{ + stack: stack, + az: az, + client: client, + curb: curb, + log: log, + }, nil +} +func (a *AWSSubnetsLoss) GetSubnetToACL(ctx context.Context) (map[string]string, error) { + return a.client.DescribeNetworkAclsForStackSubnets(ctx) +} + +func (a *AWSSubnetsLoss) Start(ctx context.Context, originalSubnetToACL map[string]string) error { + vpc, err := a.client.DescribeMainVPC(ctx) + if err != nil { + return err + } + + emptyAclId, err := a.client.CreateOrGetEmptyNetworkAcl(ctx, vpc.VpcId, a.curb) + if err != nil { + return err + } + a.log.Info(fmt.Sprintf("Created empty NACL with ID: %s", emptyAclId)) + + for sID, _ := range originalSubnetToACL { + // Replace ACL and keep track of old association + if err := a.client.ReplaceNetworkAclForSubnet(ctx, sID, emptyAclId); err != nil { + // Maybe do not clean up here and depend on the next apply run to take care of it + a.attemptCleanUp(ctx, originalSubnetToACL, emptyAclId) + return fmt.Errorf("error replacing Network ACL for subnet (%s): %w", sID, err) + } + } + + return nil +} + +func (a *AWSSubnetsLoss) Stop(ctx context.Context, originalSubnetToACL map[string]string) error { + vpc, err := a.client.DescribeMainVPC(ctx) + if err != nil { + return err + } + emptyAclId, err := a.client.GetEmptyNetworkACL(ctx, vpc.VpcId) + if err != nil { + return err + } + err = a.cleanUp(ctx, originalSubnetToACL, emptyAclId) + if err != nil { + return fmt.Errorf("error cleaning up resources while stopping simulation: %w", err) + } + return nil +} + +func (a *AWSSubnetsLoss) cleanUp(ctx context.Context, associations map[string]string, emptyACLID string) error { + a.log.Info("cleaning up resources") + + if len(associations) > 0 { + a.log.Info("restoring Network ACL associations") + for subnetId, originalACLID := range associations { + a.log.Info(fmt.Sprintf("restoring subnet (%s) to Network ACL (%s)", subnetId, originalACLID)) + if err := a.client.ReplaceNetworkAclForSubnet(ctx, subnetId, originalACLID); err != nil { + return err + } + } + } + + if emptyACLID != "" { + a.log.Info(fmt.Sprintf("deleting empty Network ACL (%s)", emptyACLID)) + err := a.client.DeleteNetworkAcl(ctx, emptyACLID) + if err != nil { + return err + } + } + + a.log.Info("clean-up completed") + return nil +} + +func (a *AWSSubnetsLoss) attemptCleanUp(ctx context.Context, associations map[string]string, emptyACLID string) { + err := a.cleanUp(ctx, associations, emptyACLID) + if err != nil { + a.log.Error(err, "error during clean-up") + } +} diff --git a/controllers/chaosimpl/fx.go b/controllers/chaosimpl/fx.go index 1f0156cbb0..a15d232e7a 100644 --- a/controllers/chaosimpl/fx.go +++ b/controllers/chaosimpl/fx.go @@ -16,6 +16,7 @@ package chaosimpl import ( + "github.com/chaos-mesh/chaos-mesh/controllers/chaosimpl/awsazchaos" "go.uber.org/fx" "github.com/chaos-mesh/chaos-mesh/controllers/chaosimpl/awschaos" @@ -50,5 +51,5 @@ var AllImpl = fx.Options( timechaos.Module, physicalmachinechaos.Module, blockchaos.Module, - + awsazchaos.Module, utils.Module) diff --git a/controllers/types/types.go b/controllers/types/types.go index 6c2c177d5e..588c34890e 100644 --- a/controllers/types/types.go +++ b/controllers/types/types.go @@ -148,6 +148,13 @@ var ChaosObjects = fx.Supply( Object: &v1alpha1.BlockChaos{}, }, }, + fx.Annotated{ + Group: "objs", + Target: Object{ + Name: "awsazchaos", + Object: &v1alpha1.AWSAzChaos{}, + }, + }, ) // WebhookObject only used for registration the diff --git a/pkg/selector/awsaz/selector.go b/pkg/selector/awsaz/selector.go new file mode 100644 index 0000000000..f81eddb5a3 --- /dev/null +++ b/pkg/selector/awsaz/selector.go @@ -0,0 +1,17 @@ +package awsaz + +import ( + "context" + + "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" +) + +type SelectImpl struct{} + +func (impl *SelectImpl) Select(ctx context.Context, azureSelector *v1alpha1.AWSAZSelector) ([]*v1alpha1.AWSAZSelector, error) { + return []*v1alpha1.AWSAZSelector{azureSelector}, nil +} + +func New() *SelectImpl { + return &SelectImpl{} +} diff --git a/pkg/selector/selector.go b/pkg/selector/selector.go index d64ab8aa0e..2bdb8cacb7 100644 --- a/pkg/selector/selector.go +++ b/pkg/selector/selector.go @@ -19,6 +19,7 @@ import ( "context" "reflect" + "github.com/chaos-mesh/chaos-mesh/pkg/selector/awsaz" "github.com/pkg/errors" "go.uber.org/fx" @@ -75,6 +76,7 @@ type SelectorParams struct { GCPSelector *gcp.SelectImpl PhysicalMachineSelector *physicalmachine.SelectImpl NodeVolumePath *nodevolumepath.SelectImpl + AWSAZSelector *awsaz.SelectImpl } func New(p SelectorParams) *Selector { @@ -100,6 +102,7 @@ var Module = fx.Provide( pod.New, container.New, aws.New, + awsaz.New, azure.New, gcp.New, physicalmachine.New, From d9edae1260bb6d13accffceb02a40fdb9d30a6e9 Mon Sep 17 00:00:00 2001 From: Nirmal Vadakke Palangatt Date: Wed, 26 Apr 2023 17:07:09 +0200 Subject: [PATCH 02/27] run make generate Co-authored-by: Georgios Koutsoumpakis --- api/v1alpha1/zz_generated.chaosmesh.go | 149 ++++++++++++++++ api/v1alpha1/zz_generated.chaosmesh_test.go | 63 +++++++ api/v1alpha1/zz_generated.deepcopy.go | 123 ++++++++++++++ .../zz_generated.schedule.chaosmesh.go | 9 + .../zz_generated.workflow.chaosmesh.go | 22 +++ .../zz_generated.workflow.chaosmesh_test.go | 8 + .../crd/bases/chaos-mesh.org_awsazchaos.yaml | 160 ++++++++++++++++++ go.mod | 8 +- go.sum | 14 +- .../crds/chaos-mesh.org_awsazchaos.yaml | 160 ++++++++++++++++++ pkg/ctrl/server/generated/generated.go | 7 +- pkg/ctrl/server/model/models_gen.go | 3 +- pkg/ctrl/server/schema.resolvers.go | 9 +- pkg/dashboard/swaggerdocs/docs.go | 32 ++++ pkg/dashboard/swaggerdocs/swagger.json | 32 ++++ pkg/dashboard/swaggerdocs/swagger.yaml | 25 +++ .../api/zz_generated.frontend.chaos-mesh.ts | 1 + 17 files changed, 810 insertions(+), 15 deletions(-) create mode 100644 config/crd/bases/chaos-mesh.org_awsazchaos.yaml create mode 100644 helm/chaos-mesh/crds/chaos-mesh.org_awsazchaos.yaml diff --git a/api/v1alpha1/zz_generated.chaosmesh.go b/api/v1alpha1/zz_generated.chaosmesh.go index 9a326df036..3bd607b74d 100644 --- a/api/v1alpha1/zz_generated.chaosmesh.go +++ b/api/v1alpha1/zz_generated.chaosmesh.go @@ -35,6 +35,144 @@ import ( // updating spec of a chaos will have no effect, we'd better reject it var ErrCanNotUpdateChaos = errors.New("Cannot update chaos spec") +const KindAWSAzChaos = "AWSAzChaos" + +// IsDeleted returns whether this resource has been deleted +func (in *AWSAzChaos) IsDeleted() bool { + return !in.DeletionTimestamp.IsZero() +} + +// IsPaused returns whether this resource has been paused +func (in *AWSAzChaos) IsPaused() bool { + if in.Annotations == nil || in.Annotations[PauseAnnotationKey] != "true" { + return false + } + return true +} + +// GetObjectMeta would return the ObjectMeta for chaos +func (in *AWSAzChaos) GetObjectMeta() *metav1.ObjectMeta { + return &in.ObjectMeta +} + +// GetDuration would return the duration for chaos +func (in *AWSAzChaosSpec) GetDuration() (*time.Duration, error) { + if in.Duration == nil { + return nil, nil + } + duration, err := time.ParseDuration(string(*in.Duration)) + if err != nil { + return nil, err + } + return &duration, nil +} + +// GetStatus returns the status +func (in *AWSAzChaos) GetStatus() *ChaosStatus { + return &in.Status.ChaosStatus +} + +// GetRemoteCluster returns the remoteCluster +func (in *AWSAzChaos) GetRemoteCluster() string { + return in.Spec.RemoteCluster +} + +// GetSpecAndMetaString returns a string including the meta and spec field of this chaos object. +func (in *AWSAzChaos) GetSpecAndMetaString() (string, error) { + spec, err := json.Marshal(in.Spec) + if err != nil { + return "", err + } + + meta := in.ObjectMeta.DeepCopy() + meta.SetResourceVersion("") + meta.SetGeneration(0) + + return string(spec) + meta.String(), nil +} + +// +kubebuilder:object:root=true + +// AWSAzChaosList contains a list of AWSAzChaos +type AWSAzChaosList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []AWSAzChaos `json:"items"` +} + +func (in *AWSAzChaosList) DeepCopyList() GenericChaosList { + return in.DeepCopy() +} + +// ListChaos returns a list of chaos +func (in *AWSAzChaosList) ListChaos() []GenericChaos { + var result []GenericChaos + for _, item := range in.Items { + item := item + result = append(result, &item) + } + return result +} + +func (in *AWSAzChaos) DurationExceeded(now time.Time) (bool, time.Duration, error) { + duration, err := in.Spec.GetDuration() + if err != nil { + return false, 0, err + } + + if duration != nil { + stopTime := in.GetCreationTimestamp().Add(*duration) + if stopTime.Before(now) { + return true, 0, nil + } + + return false, stopTime.Sub(now), nil + } + + return false, 0, nil +} + +func (in *AWSAzChaos) IsOneShot() bool { + return false +} + +var AWSAzChaosWebhookLog = logf.Log.WithName("AWSAzChaos-resource") + +func (in *AWSAzChaos) ValidateCreate() error { + AWSAzChaosWebhookLog.Info("validate create", "name", in.Name) + return in.Validate() +} + +// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type +func (in *AWSAzChaos) ValidateUpdate(old runtime.Object) error { + AWSAzChaosWebhookLog.Info("validate update", "name", in.Name) + if !reflect.DeepEqual(in.Spec, old.(*AWSAzChaos).Spec) { + return ErrCanNotUpdateChaos + } + return in.Validate() +} + +// ValidateDelete implements webhook.Validator so a webhook will be registered for the type +func (in *AWSAzChaos) ValidateDelete() error { + AWSAzChaosWebhookLog.Info("validate delete", "name", in.Name) + + // Nothing to do? + return nil +} + +var _ webhook.Validator = &AWSAzChaos{} + +func (in *AWSAzChaos) Validate() error { + errs := gw.Validate(in) + return gw.Aggregate(errs) +} + +var _ webhook.Defaulter = &AWSAzChaos{} + +func (in *AWSAzChaos) Default() { + gw.Default(in) +} + const KindAWSChaos = "AWSChaos" // IsDeleted returns whether this resource has been deleted @@ -2210,6 +2348,12 @@ func (in *TimeChaos) Default() { func init() { + SchemeBuilder.Register(&AWSAzChaos{}, &AWSAzChaosList{}) + all.register(KindAWSAzChaos, &ChaosKind{ + chaos: &AWSAzChaos{}, + list: &AWSAzChaosList{}, + }) + SchemeBuilder.Register(&AWSChaos{}, &AWSChaosList{}) all.register(KindAWSChaos, &ChaosKind{ chaos: &AWSChaos{}, @@ -2307,6 +2451,11 @@ func init() { }) + allScheduleItem.register(KindAWSAzChaos, &ChaosKind{ + chaos: &AWSAzChaos{}, + list: &AWSAzChaosList{}, + }) + allScheduleItem.register(KindAWSChaos, &ChaosKind{ chaos: &AWSChaos{}, list: &AWSChaosList{}, diff --git a/api/v1alpha1/zz_generated.chaosmesh_test.go b/api/v1alpha1/zz_generated.chaosmesh_test.go index f02e4631e7..05580755ab 100644 --- a/api/v1alpha1/zz_generated.chaosmesh_test.go +++ b/api/v1alpha1/zz_generated.chaosmesh_test.go @@ -25,6 +25,69 @@ import ( . "github.com/onsi/gomega" ) +func TestAWSAzChaosIsDeleted(t *testing.T) { + g := NewGomegaWithT(t) + + chaos := &AWSAzChaos{} + err := faker.FakeData(chaos) + + g.Expect(err).To(BeNil()) + + chaos.IsDeleted() +} + +func TestAWSAzChaosIsIsPaused(t *testing.T) { + g := NewGomegaWithT(t) + + chaos := &AWSAzChaos{} + err := faker.FakeData(chaos) + + g.Expect(err).To(BeNil()) + + chaos.IsPaused() +} + +func TestAWSAzChaosGetDuration(t *testing.T) { + g := NewGomegaWithT(t) + + chaos := &AWSAzChaos{} + err := faker.FakeData(chaos) + + g.Expect(err).To(BeNil()) + + chaos.Spec.GetDuration() +} + +func TestAWSAzChaosGetStatus(t *testing.T) { + g := NewGomegaWithT(t) + + chaos := &AWSAzChaos{} + err := faker.FakeData(chaos) + + g.Expect(err).To(BeNil()) + + chaos.GetStatus() +} + +func TestAWSAzChaosGetSpecAndMetaString(t *testing.T) { + g := NewGomegaWithT(t) + chaos := &AWSAzChaos{} + err := faker.FakeData(chaos) + g.Expect(err).To(BeNil()) + chaos.GetSpecAndMetaString() +} + +func TestAWSAzChaosListChaos(t *testing.T) { + g := NewGomegaWithT(t) + + chaos := &AWSAzChaosList{} + err := faker.FakeData(chaos) + + g.Expect(err).To(BeNil()) + + chaos.ListChaos() +} + func TestAWSChaosIsDeleted(t *testing.T) { g := NewGomegaWithT(t) diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 83804288d3..e8658238a5 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -27,6 +27,124 @@ import ( "net/http" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSAZSelector) DeepCopyInto(out *AWSAZSelector) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAZSelector. +func (in *AWSAZSelector) DeepCopy() *AWSAZSelector { + if in == nil { + return nil + } + out := new(AWSAZSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSAzChaos) DeepCopyInto(out *AWSAzChaos) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAzChaos. +func (in *AWSAzChaos) DeepCopy() *AWSAzChaos { + if in == nil { + return nil + } + out := new(AWSAzChaos) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AWSAzChaos) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSAzChaosList) DeepCopyInto(out *AWSAzChaosList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]AWSAzChaos, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAzChaosList. +func (in *AWSAzChaosList) DeepCopy() *AWSAzChaosList { + if in == nil { + return nil + } + out := new(AWSAzChaosList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AWSAzChaosList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSAzChaosSpec) DeepCopyInto(out *AWSAzChaosSpec) { + *out = *in + out.AWSAZSelector = in.AWSAZSelector + if in.Duration != nil { + in, out := &in.Duration, &out.Duration + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAzChaosSpec. +func (in *AWSAzChaosSpec) DeepCopy() *AWSAzChaosSpec { + if in == nil { + return nil + } + out := new(AWSAzChaosSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSAzChaosStatus) DeepCopyInto(out *AWSAzChaosStatus) { + *out = *in + in.ChaosStatus.DeepCopyInto(&out.ChaosStatus) + if in.SubnetToACL != nil { + in, out := &in.SubnetToACL, &out.SubnetToACL + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAzChaosStatus. +func (in *AWSAzChaosStatus) DeepCopy() *AWSAzChaosStatus { + if in == nil { + return nil + } + out := new(AWSAzChaosStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AWSChaos) DeepCopyInto(out *AWSChaos) { *out = *in @@ -932,6 +1050,11 @@ func (in *DuplicateSpec) DeepCopy() *DuplicateSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EmbedChaos) DeepCopyInto(out *EmbedChaos) { *out = *in + if in.AWSAzChaos != nil { + in, out := &in.AWSAzChaos, &out.AWSAzChaos + *out = new(AWSAzChaosSpec) + (*in).DeepCopyInto(*out) + } if in.AWSChaos != nil { in, out := &in.AWSChaos, &out.AWSChaos *out = new(AWSChaosSpec) diff --git a/api/v1alpha1/zz_generated.schedule.chaosmesh.go b/api/v1alpha1/zz_generated.schedule.chaosmesh.go index e8ab865c4d..6660604e49 100644 --- a/api/v1alpha1/zz_generated.schedule.chaosmesh.go +++ b/api/v1alpha1/zz_generated.schedule.chaosmesh.go @@ -24,6 +24,7 @@ import ( const ( + ScheduleTypeAWSAzChaos ScheduleTemplateType = "AWSAzChaos" ScheduleTypeAWSChaos ScheduleTemplateType = "AWSChaos" ScheduleTypeAzureChaos ScheduleTemplateType = "AzureChaos" ScheduleTypeBlockChaos ScheduleTemplateType = "BlockChaos" @@ -43,6 +44,7 @@ const ( ) var allScheduleTemplateType = []ScheduleTemplateType{ + ScheduleTypeAWSAzChaos, ScheduleTypeAWSChaos, ScheduleTypeAzureChaos, ScheduleTypeBlockChaos, @@ -63,6 +65,10 @@ var allScheduleTemplateType = []ScheduleTemplateType{ func (it *ScheduleItem) SpawnNewObject(templateType ScheduleTemplateType) (GenericChaos, error) { switch templateType { + case ScheduleTypeAWSAzChaos: + result := AWSAzChaos{} + result.Spec = *it.AWSAzChaos + return &result, nil case ScheduleTypeAWSChaos: result := AWSChaos{} result.Spec = *it.AWSChaos @@ -131,6 +137,9 @@ func (it *ScheduleItem) SpawnNewObject(templateType ScheduleTemplateType) (Gener func (it *ScheduleItem) RestoreChaosSpec(root interface{}) error { switch chaos := root.(type) { + case *AWSAzChaos: + *it.AWSAzChaos = chaos.Spec + return nil case *AWSChaos: *it.AWSChaos = chaos.Spec return nil diff --git a/api/v1alpha1/zz_generated.workflow.chaosmesh.go b/api/v1alpha1/zz_generated.workflow.chaosmesh.go index f9525bdeeb..11d3e34513 100644 --- a/api/v1alpha1/zz_generated.workflow.chaosmesh.go +++ b/api/v1alpha1/zz_generated.workflow.chaosmesh.go @@ -24,6 +24,7 @@ import ( const ( + TypeAWSAzChaos TemplateType = "AWSAzChaos" TypeAWSChaos TemplateType = "AWSChaos" TypeAzureChaos TemplateType = "AzureChaos" TypeBlockChaos TemplateType = "BlockChaos" @@ -43,6 +44,7 @@ const ( var allChaosTemplateType = []TemplateType{ TypeSchedule, + TypeAWSAzChaos, TypeAWSChaos, TypeAzureChaos, TypeBlockChaos, @@ -61,6 +63,8 @@ var allChaosTemplateType = []TemplateType{ } type EmbedChaos struct { + // +optional + AWSAzChaos *AWSAzChaosSpec `json:"awsazChaos,omitempty"` // +optional AWSChaos *AWSChaosSpec `json:"awsChaos,omitempty"` // +optional @@ -94,6 +98,10 @@ type EmbedChaos struct { func (it *EmbedChaos) SpawnNewObject(templateType TemplateType) (GenericChaos, error) { switch templateType { + case TypeAWSAzChaos: + result := AWSAzChaos{} + result.Spec = *it.AWSAzChaos + return &result, nil case TypeAWSChaos: result := AWSChaos{} result.Spec = *it.AWSChaos @@ -158,6 +166,9 @@ func (it *EmbedChaos) SpawnNewObject(templateType TemplateType) (GenericChaos, e func (it *EmbedChaos) RestoreChaosSpec(root interface{}) error { switch chaos := root.(type) { + case *AWSAzChaos: + *it.AWSAzChaos = chaos.Spec + return nil case *AWSChaos: *it.AWSChaos = chaos.Spec return nil @@ -208,6 +219,9 @@ func (it *EmbedChaos) RestoreChaosSpec(root interface{}) error { func (it *EmbedChaos) SpawnNewList(templateType TemplateType) (GenericChaosList, error) { switch templateType { + case TypeAWSAzChaos: + result := AWSAzChaosList{} + return &result, nil case TypeAWSChaos: result := AWSChaosList{} return &result, nil @@ -256,6 +270,14 @@ func (it *EmbedChaos) SpawnNewList(templateType TemplateType) (GenericChaosList, } } +func (in *AWSAzChaosList) GetItems() []GenericChaos { + var result []GenericChaos + for _, item := range in.Items { + item := item + result = append(result, &item) + } + return result +} func (in *AWSChaosList) GetItems() []GenericChaos { var result []GenericChaos for _, item := range in.Items { diff --git a/api/v1alpha1/zz_generated.workflow.chaosmesh_test.go b/api/v1alpha1/zz_generated.workflow.chaosmesh_test.go index b2cc8f488a..2687432636 100644 --- a/api/v1alpha1/zz_generated.workflow.chaosmesh_test.go +++ b/api/v1alpha1/zz_generated.workflow.chaosmesh_test.go @@ -23,6 +23,14 @@ import ( "testing" ) +func TestChaosKindMapShouldContainsAWSAzChaos(t *testing.T) { + g := NewGomegaWithT(t) + var requiredType TemplateType + requiredType = TypeAWSAzChaos + + _, ok := all.kinds[string(requiredType)] + g.Expect(ok).To(Equal(true), "all kinds map should contains this type", requiredType) +} func TestChaosKindMapShouldContainsAWSChaos(t *testing.T) { g := NewGomegaWithT(t) var requiredType TemplateType diff --git a/config/crd/bases/chaos-mesh.org_awsazchaos.yaml b/config/crd/bases/chaos-mesh.org_awsazchaos.yaml new file mode 100644 index 0000000000..635a4cf4c4 --- /dev/null +++ b/config/crd/bases/chaos-mesh.org_awsazchaos.yaml @@ -0,0 +1,160 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: awsazchaos.chaos-mesh.org +spec: + group: chaos-mesh.org + names: + kind: AWSAzChaos + listKind: AWSAzChaosList + plural: awsazchaos + singular: awsazchaos + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.duration + name: duration + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: AWSAzChaos is the Schema for the helloworldchaos API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSAzChaosSpec is the content of the specification for a + HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 instance. + type: string + duration: + description: Duration represents the duration of the chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object + status: + description: AWSAzChaosStatus represents the status of a HelloWorldChaos + properties: + conditions: + description: Conditions represents the current global condition of + the chaos + items: + properties: + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + experiment: + description: Experiment records the last experiment state. + properties: + containerRecords: + description: Records are used to track the running status + items: + properties: + events: + description: Events are the essential details about the + injections and recoveries + items: + properties: + message: + description: Message is the detail message, e.g. the + reason why we failed to inject the chaos + type: string + operation: + description: Operation represents the operation we + are doing, when we crate this event + type: string + timestamp: + description: Timestamp is time when we create this + event + format: date-time + type: string + type: + description: Type means the stage of this event + type: string + required: + - operation + - timestamp + - type + type: object + type: array + id: + type: string + injectedCount: + description: InjectedCount is a counter to record the sum + of successful injections + type: integer + phase: + type: string + recoveredCount: + description: RecoveredCount is a counter to record the sum + of successful recoveries + type: integer + selectorKey: + type: string + required: + - id + - injectedCount + - phase + - recoveredCount + - selectorKey + type: object + type: array + desiredPhase: + enum: + - Run + - Stop + type: string + type: object + subnetToACL: + additionalProperties: + type: string + description: SubnetToACL represents the connection between a subnet + and its Network ACL + type: object + required: + - experiment + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/go.mod b/go.mod index de067eba67..c0ea3e3123 100644 --- a/go.mod +++ b/go.mod @@ -11,9 +11,10 @@ require ( github.com/Azure/go-autorest/autorest/to v0.4.0 github.com/DATA-DOG/go-sqlmock v1.5.0 github.com/antonmedv/expr v1.8.9 - github.com/aws/aws-sdk-go-v2 v1.3.2 + github.com/aws/aws-sdk-go-v2 v1.18.0 github.com/aws/aws-sdk-go-v2/config v1.1.1 github.com/aws/aws-sdk-go-v2/credentials v1.1.1 + github.com/aws/aws-sdk-go-v2/service/autoscaling v1.28.5 github.com/aws/aws-sdk-go-v2/service/ec2 v1.5.0 github.com/bxcodec/faker v2.0.1+incompatible github.com/chaos-mesh/chaos-driver v0.2.1 @@ -113,10 +114,13 @@ require ( github.com/alecthomas/units v0.0.0-20210927113745-59d0afb8317a // indirect github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.0.2 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.0.6 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.1.1 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.1.1 // indirect - github.com/aws/smithy-go v1.3.1 // indirect + github.com/aws/smithy-go v1.13.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bytedance/sonic v1.8.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect diff --git a/go.sum b/go.sum index bcc3c39cdd..59d2a76a90 100644 --- a/go.sum +++ b/go.sum @@ -196,14 +196,23 @@ github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:o github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.25.48/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go-v2 v1.2.0/go.mod h1:zEQs02YRBw1DjK0PoJv3ygDYOFTre1ejlJWl8FwAuQo= -github.com/aws/aws-sdk-go-v2 v1.3.2 h1:RQj8l98yKUm0UV2Wd3w/Ms+TXV9Rs1E6Kr5tRRMfyU4= github.com/aws/aws-sdk-go-v2 v1.3.2/go.mod h1:7OaACgj2SX3XGWnrIjGlJM22h6yD6MEWKvm7levnnM8= +github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY= +github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= github.com/aws/aws-sdk-go-v2/config v1.1.1 h1:ZAoq32boMzcaTW9bcUacBswAmHTbvlvDJICgHFZuECo= github.com/aws/aws-sdk-go-v2/config v1.1.1/go.mod h1:0XsVy9lBI/BCXm+2Tuvt39YmdHwS5unDQmxZOYe8F5Y= github.com/aws/aws-sdk-go-v2/credentials v1.1.1 h1:NbvWIM1Mx6sNPTxowHgS2ewXCRp+NGTzUYb/96FZJbY= github.com/aws/aws-sdk-go-v2/credentials v1.1.1/go.mod h1:mM2iIjwl7LULWtS6JCACyInboHirisUUdkBPoTHMOUo= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.0.2 h1:EtEU7WRaWliitZh2nmuxEXrN0Cb8EgPUFGIoTMeqbzI= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.0.2/go.mod h1:3hGg3PpiEjHnrkrlasTfxFqUsZ2GCk/fMUn4CbKgSkM= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 h1:kG5eQilShqmJbv11XL1VpyDbaEJzWxd4zRiCG30GSn4= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33/go.mod h1:7i0PF1ME/2eUPFcjkVIwq+DOygHEoK92t5cDqNgYbIw= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 h1:vFQlirhuM8lLlpI7imKOMsjdQLuN9CPi+k44F/OFVsk= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 h1:gGLG7yKaXG02/jBlg210R7VgQIotiQntNhsCFejawx8= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34/go.mod h1:Etz2dj6UHYuw+Xw830KfzCfWGMzqvUTCjUj5b76GVDc= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.28.5 h1:qD9NP1wtxcgwLpandFusWK/qscTwNm4aThvqSU5rpGs= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.28.5/go.mod h1:cQ05ETcKMluA1/g1/jMQTD/qv9E1WeYCyHmqErEoHBk= github.com/aws/aws-sdk-go-v2/service/ec2 v1.5.0 h1:LG5ozCp5FRKOodR2NPtbn9c/yrSrodTkzOGjRJY5yV8= github.com/aws/aws-sdk-go-v2/service/ec2 v1.5.0/go.mod h1:3iBezuZtNxZnKX7Zv2JB/lGyGCSYOES8TMq4WSXPBl0= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.0.2/go.mod h1:45MfaXZ0cNbeuT0KQ1XJylq8A6+OpVV2E5kvY/Kq+u8= @@ -215,8 +224,9 @@ github.com/aws/aws-sdk-go-v2/service/sso v1.1.1/go.mod h1:SuZJxklHxLAXgLTc1iFXbE github.com/aws/aws-sdk-go-v2/service/sts v1.1.1 h1:TJoIfnIFubCX0ACVeJ0w46HEH5MwjwYN4iFhuYIhfIY= github.com/aws/aws-sdk-go-v2/service/sts v1.1.1/go.mod h1:Wi0EBZwiz/K44YliU0EKxqTCJGUfYTWXrrBwkq736bM= github.com/aws/smithy-go v1.1.0/go.mod h1:EzMw8dbp/YJL4A5/sbhGddag+NPT7q084agLbB9LgIw= -github.com/aws/smithy-go v1.3.1 h1:xJFO4pK0y9J8fCl34uGsSJX5KNnGbdARDlA5BPhXnwE= github.com/aws/smithy-go v1.3.1/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= +github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8= +github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A= github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_awsazchaos.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_awsazchaos.yaml new file mode 100644 index 0000000000..635a4cf4c4 --- /dev/null +++ b/helm/chaos-mesh/crds/chaos-mesh.org_awsazchaos.yaml @@ -0,0 +1,160 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: awsazchaos.chaos-mesh.org +spec: + group: chaos-mesh.org + names: + kind: AWSAzChaos + listKind: AWSAzChaosList + plural: awsazchaos + singular: awsazchaos + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.duration + name: duration + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: AWSAzChaos is the Schema for the helloworldchaos API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSAzChaosSpec is the content of the specification for a + HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 instance. + type: string + duration: + description: Duration represents the duration of the chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object + status: + description: AWSAzChaosStatus represents the status of a HelloWorldChaos + properties: + conditions: + description: Conditions represents the current global condition of + the chaos + items: + properties: + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + experiment: + description: Experiment records the last experiment state. + properties: + containerRecords: + description: Records are used to track the running status + items: + properties: + events: + description: Events are the essential details about the + injections and recoveries + items: + properties: + message: + description: Message is the detail message, e.g. the + reason why we failed to inject the chaos + type: string + operation: + description: Operation represents the operation we + are doing, when we crate this event + type: string + timestamp: + description: Timestamp is time when we create this + event + format: date-time + type: string + type: + description: Type means the stage of this event + type: string + required: + - operation + - timestamp + - type + type: object + type: array + id: + type: string + injectedCount: + description: InjectedCount is a counter to record the sum + of successful injections + type: integer + phase: + type: string + recoveredCount: + description: RecoveredCount is a counter to record the sum + of successful recoveries + type: integer + selectorKey: + type: string + required: + - id + - injectedCount + - phase + - recoveredCount + - selectorKey + type: object + type: array + desiredPhase: + enum: + - Run + - Stop + type: string + type: object + subnetToACL: + additionalProperties: + type: string + description: SubnetToACL represents the connection between a subnet + and its Network ACL + type: object + required: + - experiment + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/pkg/ctrl/server/generated/generated.go b/pkg/ctrl/server/generated/generated.go index 5c858abc1f..f090020243 100644 --- a/pkg/ctrl/server/generated/generated.go +++ b/pkg/ctrl/server/generated/generated.go @@ -14,13 +14,12 @@ import ( "github.com/99designs/gqlgen/graphql" "github.com/99designs/gqlgen/graphql/introspection" + "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" + "github.com/chaos-mesh/chaos-mesh/pkg/ctrl/server/model" gqlparser "github.com/vektah/gqlparser/v2" "github.com/vektah/gqlparser/v2/ast" - v1 "k8s.io/api/core/v1" + "k8s.io/api/core/v1" v11 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" - "github.com/chaos-mesh/chaos-mesh/pkg/ctrl/server/model" ) // region ************************** generated!.gotpl ************************** diff --git a/pkg/ctrl/server/model/models_gen.go b/pkg/ctrl/server/model/models_gen.go index deeb57aebd..24fbd67f5a 100644 --- a/pkg/ctrl/server/model/models_gen.go +++ b/pkg/ctrl/server/model/models_gen.go @@ -7,9 +7,8 @@ import ( "io" "strconv" - v1 "k8s.io/api/core/v1" - "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" + "k8s.io/api/core/v1" ) type Cgroups struct { diff --git a/pkg/ctrl/server/schema.resolvers.go b/pkg/ctrl/server/schema.resolvers.go index 3bd2f6d4ef..94a35178b3 100644 --- a/pkg/ctrl/server/schema.resolvers.go +++ b/pkg/ctrl/server/schema.resolvers.go @@ -12,15 +12,14 @@ import ( "io" "time" - v1 "k8s.io/api/core/v1" - v11 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" - "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" "github.com/chaos-mesh/chaos-mesh/pkg/ctrl/server/generated" "github.com/chaos-mesh/chaos-mesh/pkg/ctrl/server/model" podSelector "github.com/chaos-mesh/chaos-mesh/pkg/selector/pod" + "k8s.io/api/core/v1" + v11 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/client" ) func (r *attrOverrideSpecResolver) Ino(ctx context.Context, obj *v1alpha1.AttrOverrideSpec) (*int, error) { diff --git a/pkg/dashboard/swaggerdocs/docs.go b/pkg/dashboard/swaggerdocs/docs.go index 3ac4d88c01..0d179d184b 100644 --- a/pkg/dashboard/swaggerdocs/docs.go +++ b/pkg/dashboard/swaggerdocs/docs.go @@ -4860,6 +4860,26 @@ const docTemplate = `{ } } }, + "v1alpha1.AWSAzChaosSpec": { + "type": "object", + "properties": { + "az": { + "description": "Ec2Instance indicates the ID of the ec2 instance.", + "type": "string" + }, + "duration": { + "description": "Duration represents the duration of the chaos action\n+optional", + "type": "string" + }, + "remoteCluster": { + "type": "string" + }, + "stack": { + "description": "AWSRegion defines the region of aws.", + "type": "string" + } + } + }, "v1alpha1.AWSChaosSpec": { "type": "object", "properties": { @@ -5109,6 +5129,10 @@ const docTemplate = `{ "description": "+optional", "$ref": "#/definitions/v1alpha1.AWSChaosSpec" }, + "awsazChaos": { + "description": "+optional", + "$ref": "#/definitions/v1alpha1.AWSAzChaosSpec" + }, "azureChaos": { "description": "+optional", "$ref": "#/definitions/v1alpha1.AzureChaosSpec" @@ -7296,6 +7320,10 @@ const docTemplate = `{ "description": "+optional", "$ref": "#/definitions/v1alpha1.AWSChaosSpec" }, + "awsazChaos": { + "description": "+optional", + "$ref": "#/definitions/v1alpha1.AWSAzChaosSpec" + }, "azureChaos": { "description": "+optional", "$ref": "#/definitions/v1alpha1.AzureChaosSpec" @@ -7587,6 +7615,10 @@ const docTemplate = `{ "description": "+optional", "$ref": "#/definitions/v1alpha1.AWSChaosSpec" }, + "awsazChaos": { + "description": "+optional", + "$ref": "#/definitions/v1alpha1.AWSAzChaosSpec" + }, "azureChaos": { "description": "+optional", "$ref": "#/definitions/v1alpha1.AzureChaosSpec" diff --git a/pkg/dashboard/swaggerdocs/swagger.json b/pkg/dashboard/swaggerdocs/swagger.json index 54ea4c803a..41d98475e7 100644 --- a/pkg/dashboard/swaggerdocs/swagger.json +++ b/pkg/dashboard/swaggerdocs/swagger.json @@ -4852,6 +4852,26 @@ } } }, + "v1alpha1.AWSAzChaosSpec": { + "type": "object", + "properties": { + "az": { + "description": "Ec2Instance indicates the ID of the ec2 instance.", + "type": "string" + }, + "duration": { + "description": "Duration represents the duration of the chaos action\n+optional", + "type": "string" + }, + "remoteCluster": { + "type": "string" + }, + "stack": { + "description": "AWSRegion defines the region of aws.", + "type": "string" + } + } + }, "v1alpha1.AWSChaosSpec": { "type": "object", "properties": { @@ -5101,6 +5121,10 @@ "description": "+optional", "$ref": "#/definitions/v1alpha1.AWSChaosSpec" }, + "awsazChaos": { + "description": "+optional", + "$ref": "#/definitions/v1alpha1.AWSAzChaosSpec" + }, "azureChaos": { "description": "+optional", "$ref": "#/definitions/v1alpha1.AzureChaosSpec" @@ -7288,6 +7312,10 @@ "description": "+optional", "$ref": "#/definitions/v1alpha1.AWSChaosSpec" }, + "awsazChaos": { + "description": "+optional", + "$ref": "#/definitions/v1alpha1.AWSAzChaosSpec" + }, "azureChaos": { "description": "+optional", "$ref": "#/definitions/v1alpha1.AzureChaosSpec" @@ -7579,6 +7607,10 @@ "description": "+optional", "$ref": "#/definitions/v1alpha1.AWSChaosSpec" }, + "awsazChaos": { + "description": "+optional", + "$ref": "#/definitions/v1alpha1.AWSAzChaosSpec" + }, "azureChaos": { "description": "+optional", "$ref": "#/definitions/v1alpha1.AzureChaosSpec" diff --git a/pkg/dashboard/swaggerdocs/swagger.yaml b/pkg/dashboard/swaggerdocs/swagger.yaml index 4cda2cfe9b..a1c0ae8fbb 100644 --- a/pkg/dashboard/swaggerdocs/swagger.yaml +++ b/pkg/dashboard/swaggerdocs/swagger.yaml @@ -3078,6 +3078,22 @@ definitions: +optional type: string type: object + v1alpha1.AWSAzChaosSpec: + properties: + az: + description: Ec2Instance indicates the ID of the ec2 instance. + type: string + duration: + description: |- + Duration represents the duration of the chaos action + +optional + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + type: object v1alpha1.AWSChaosSpec: properties: action: @@ -3344,6 +3360,9 @@ definitions: awsChaos: $ref: '#/definitions/v1alpha1.AWSChaosSpec' description: +optional + awsazChaos: + $ref: '#/definitions/v1alpha1.AWSAzChaosSpec' + description: +optional azureChaos: $ref: '#/definitions/v1alpha1.AzureChaosSpec' description: +optional @@ -5659,6 +5678,9 @@ definitions: awsChaos: $ref: '#/definitions/v1alpha1.AWSChaosSpec' description: +optional + awsazChaos: + $ref: '#/definitions/v1alpha1.AWSAzChaosSpec' + description: +optional azureChaos: $ref: '#/definitions/v1alpha1.AzureChaosSpec' description: +optional @@ -6005,6 +6027,9 @@ definitions: awsChaos: $ref: '#/definitions/v1alpha1.AWSChaosSpec' description: +optional + awsazChaos: + $ref: '#/definitions/v1alpha1.AWSAzChaosSpec' + description: +optional azureChaos: $ref: '#/definitions/v1alpha1.AzureChaosSpec' description: +optional diff --git a/ui/app/src/api/zz_generated.frontend.chaos-mesh.ts b/ui/app/src/api/zz_generated.frontend.chaos-mesh.ts index 5614a5a118..cada8573b2 100644 --- a/ui/app/src/api/zz_generated.frontend.chaos-mesh.ts +++ b/ui/app/src/api/zz_generated.frontend.chaos-mesh.ts @@ -1,6 +1,7 @@ import { ExperimentKind } from 'components/NewExperiment/types' const mapping = new Map([ + ['AWSAzChaos', 'awsazChaos'], ['AWSChaos', 'awsChaos'], ['AzureChaos', 'azureChaos'], ['BlockChaos', 'blockChaos'], From b8893be88d227fcd2937d2a758f76594a89f5aad Mon Sep 17 00:00:00 2001 From: Nirmal Vadakke Palangatt Date: Thu, 27 Apr 2023 08:45:23 +0200 Subject: [PATCH 03/27] chore: temp change to run chaos without actually altering the acl association Co-authored-by: Georgios Koutsoumpakis --- controllers/chaosimpl/awsazchaos/awsdrclient/stack.go | 1 + controllers/chaosimpl/awsazchaos/subnetloss/loss.go | 9 +++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/controllers/chaosimpl/awsazchaos/awsdrclient/stack.go b/controllers/chaosimpl/awsazchaos/awsdrclient/stack.go index c8f14263ad..48c85df0f7 100644 --- a/controllers/chaosimpl/awsazchaos/awsdrclient/stack.go +++ b/controllers/chaosimpl/awsazchaos/awsdrclient/stack.go @@ -234,6 +234,7 @@ func (a *StackScopedDRClient) CreateOrGetEmptyNetworkAcl(ctx context.Context, vp } if exisitngEmptyNetworkACL != "" { + a.log.Info(fmt.Sprintf("using the existing block-all network ACL %s", exisitngEmptyNetworkACL)) return exisitngEmptyNetworkACL, nil } diff --git a/controllers/chaosimpl/awsazchaos/subnetloss/loss.go b/controllers/chaosimpl/awsazchaos/subnetloss/loss.go index a993306a49..a4b70b2398 100644 --- a/controllers/chaosimpl/awsazchaos/subnetloss/loss.go +++ b/controllers/chaosimpl/awsazchaos/subnetloss/loss.go @@ -60,12 +60,13 @@ func (a *AWSSubnetsLoss) Start(ctx context.Context, originalSubnetToACL map[stri a.log.Info(fmt.Sprintf("Created empty NACL with ID: %s", emptyAclId)) for sID, _ := range originalSubnetToACL { + a.log.Info(fmt.Sprintf("replacing Network ACL for subnet %s", sID)) // Replace ACL and keep track of old association - if err := a.client.ReplaceNetworkAclForSubnet(ctx, sID, emptyAclId); err != nil { + /*if err := a.client.ReplaceNetworkAclForSubnet(ctx, sID, emptyAclId); err != nil { // Maybe do not clean up here and depend on the next apply run to take care of it a.attemptCleanUp(ctx, originalSubnetToACL, emptyAclId) return fmt.Errorf("error replacing Network ACL for subnet (%s): %w", sID, err) - } + }*/ } return nil @@ -90,7 +91,7 @@ func (a *AWSSubnetsLoss) Stop(ctx context.Context, originalSubnetToACL map[strin func (a *AWSSubnetsLoss) cleanUp(ctx context.Context, associations map[string]string, emptyACLID string) error { a.log.Info("cleaning up resources") - if len(associations) > 0 { + /*if len(associations) > 0 { a.log.Info("restoring Network ACL associations") for subnetId, originalACLID := range associations { a.log.Info(fmt.Sprintf("restoring subnet (%s) to Network ACL (%s)", subnetId, originalACLID)) @@ -98,7 +99,7 @@ func (a *AWSSubnetsLoss) cleanUp(ctx context.Context, associations map[string]st return err } } - } + }*/ if emptyACLID != "" { a.log.Info(fmt.Sprintf("deleting empty Network ACL (%s)", emptyACLID)) From 172babe3b6c4d07ac6d7b957465d501875876dd4 Mon Sep 17 00:00:00 2001 From: Nirmal Vadakke Palangatt Date: Thu, 27 Apr 2023 09:04:55 +0200 Subject: [PATCH 04/27] add extra logging Co-authored-by: Georgios Koutsoumpakis --- .../chaosimpl/awsazchaos/subnetloss/loss.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/controllers/chaosimpl/awsazchaos/subnetloss/loss.go b/controllers/chaosimpl/awsazchaos/subnetloss/loss.go index a4b70b2398..4429a7f71e 100644 --- a/controllers/chaosimpl/awsazchaos/subnetloss/loss.go +++ b/controllers/chaosimpl/awsazchaos/subnetloss/loss.go @@ -59,8 +59,8 @@ func (a *AWSSubnetsLoss) Start(ctx context.Context, originalSubnetToACL map[stri } a.log.Info(fmt.Sprintf("Created empty NACL with ID: %s", emptyAclId)) - for sID, _ := range originalSubnetToACL { - a.log.Info(fmt.Sprintf("replacing Network ACL for subnet %s", sID)) + for sID, aclID := range originalSubnetToACL { + a.log.Info(fmt.Sprintf("replacing Network ACL %s of subnet %s with block-all ACL %s", aclID, sID, emptyAclId)) // Replace ACL and keep track of old association /*if err := a.client.ReplaceNetworkAclForSubnet(ctx, sID, emptyAclId); err != nil { // Maybe do not clean up here and depend on the next apply run to take care of it @@ -91,15 +91,15 @@ func (a *AWSSubnetsLoss) Stop(ctx context.Context, originalSubnetToACL map[strin func (a *AWSSubnetsLoss) cleanUp(ctx context.Context, associations map[string]string, emptyACLID string) error { a.log.Info("cleaning up resources") - /*if len(associations) > 0 { + if len(associations) > 0 { a.log.Info("restoring Network ACL associations") for subnetId, originalACLID := range associations { - a.log.Info(fmt.Sprintf("restoring subnet (%s) to Network ACL (%s)", subnetId, originalACLID)) - if err := a.client.ReplaceNetworkAclForSubnet(ctx, subnetId, originalACLID); err != nil { + a.log.Info(fmt.Sprintf("restoring subnet (%s) to its original Network ACL (%s)", subnetId, originalACLID)) + /*if err := a.client.ReplaceNetworkAclForSubnet(ctx, subnetId, originalACLID); err != nil { return err - } + }*/ } - }*/ + } if emptyACLID != "" { a.log.Info(fmt.Sprintf("deleting empty Network ACL (%s)", emptyACLID)) From a25054a864e47b909afd8626e9494282730ef0cc Mon Sep 17 00:00:00 2001 From: Nirmal Vadakke Palangatt Date: Thu, 27 Apr 2023 09:06:56 +0200 Subject: [PATCH 05/27] generated after running make all Co-authored-by: Georgios Koutsoumpakis --- .../crd/bases/chaos-mesh.org_schedules.yaml | 61 ++++++ .../bases/chaos-mesh.org_workflownodes.yaml | 82 ++++++++ .../crd/bases/chaos-mesh.org_workflows.yaml | 41 ++++ .../crds/chaos-mesh.org_schedules.yaml | 61 ++++++ .../crds/chaos-mesh.org_workflownodes.yaml | 82 ++++++++ .../crds/chaos-mesh.org_workflows.yaml | 41 ++++ manifests/crd.yaml | 184 ++++++++++++++++++ 7 files changed, 552 insertions(+) diff --git a/config/crd/bases/chaos-mesh.org_schedules.yaml b/config/crd/bases/chaos-mesh.org_schedules.yaml index 4484488d9b..f2ce21d171 100644 --- a/config/crd/bases/chaos-mesh.org_schedules.yaml +++ b/config/crd/bases/chaos-mesh.org_schedules.yaml @@ -82,6 +82,25 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification for + a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 instance. + type: string + duration: + description: Duration represents the duration of the chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -3326,6 +3345,27 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 + instance. + type: string + duration: + description: Duration represents the duration of the + chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -6419,6 +6459,27 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the + ec2 instance. + type: string + duration: + description: Duration represents the duration of + the chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos diff --git a/config/crd/bases/chaos-mesh.org_workflownodes.yaml b/config/crd/bases/chaos-mesh.org_workflownodes.yaml index 78b5f9fdca..31e6249991 100644 --- a/config/crd/bases/chaos-mesh.org_workflownodes.yaml +++ b/config/crd/bases/chaos-mesh.org_workflownodes.yaml @@ -88,6 +88,25 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification for + a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 instance. + type: string + duration: + description: Duration represents the duration of the chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -2980,6 +2999,26 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 instance. + type: string + duration: + description: Duration represents the duration of the chaos + action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -6294,6 +6333,27 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the + ec2 instance. + type: string + duration: + description: Duration represents the duration of + the chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -9482,6 +9542,28 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the + specification for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of + the ec2 instance. + type: string + duration: + description: Duration represents the duration + of the chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of + aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos diff --git a/config/crd/bases/chaos-mesh.org_workflows.yaml b/config/crd/bases/chaos-mesh.org_workflows.yaml index acca343164..3ebe9612d6 100644 --- a/config/crd/bases/chaos-mesh.org_workflows.yaml +++ b/config/crd/bases/chaos-mesh.org_workflows.yaml @@ -94,6 +94,26 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 instance. + type: string + duration: + description: Duration represents the duration of the chaos + action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -3099,6 +3119,27 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 + instance. + type: string + duration: + description: Duration represents the duration of the + chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml index 4484488d9b..f2ce21d171 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml @@ -82,6 +82,25 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification for + a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 instance. + type: string + duration: + description: Duration represents the duration of the chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -3326,6 +3345,27 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 + instance. + type: string + duration: + description: Duration represents the duration of the + chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -6419,6 +6459,27 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the + ec2 instance. + type: string + duration: + description: Duration represents the duration of + the chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml index 78b5f9fdca..31e6249991 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml @@ -88,6 +88,25 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification for + a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 instance. + type: string + duration: + description: Duration represents the duration of the chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -2980,6 +2999,26 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 instance. + type: string + duration: + description: Duration represents the duration of the chaos + action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -6294,6 +6333,27 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the + ec2 instance. + type: string + duration: + description: Duration represents the duration of + the chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -9482,6 +9542,28 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the + specification for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of + the ec2 instance. + type: string + duration: + description: Duration represents the duration + of the chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of + aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml index acca343164..3ebe9612d6 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml @@ -94,6 +94,26 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 instance. + type: string + duration: + description: Duration represents the duration of the chaos + action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -3099,6 +3119,27 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 + instance. + type: string + duration: + description: Duration represents the duration of the + chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos diff --git a/manifests/crd.yaml b/manifests/crd.yaml index 69fbc00875..b00f1abc5b 100644 --- a/manifests/crd.yaml +++ b/manifests/crd.yaml @@ -5443,6 +5443,25 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification for + a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 instance. + type: string + duration: + description: Duration represents the duration of the chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -8687,6 +8706,27 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 + instance. + type: string + duration: + description: Duration represents the duration of the + chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -11780,6 +11820,27 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the + ec2 instance. + type: string + duration: + description: Duration represents the duration of + the chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -19955,6 +20016,25 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification for + a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 instance. + type: string + duration: + description: Duration represents the duration of the chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -22847,6 +22927,26 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 instance. + type: string + duration: + description: Duration represents the duration of the chaos + action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -26161,6 +26261,27 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the + ec2 instance. + type: string + duration: + description: Duration represents the duration of + the chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -29349,6 +29470,28 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the + specification for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of + the ec2 instance. + type: string + duration: + description: Duration represents the duration + of the chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of + aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -40358,6 +40501,26 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 instance. + type: string + duration: + description: Duration represents the duration of the chaos + action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos @@ -43363,6 +43526,27 @@ spec: - awsRegion - ec2Instance type: object + awsazChaos: + description: AWSAzChaosSpec is the content of the specification + for a HelloWorldChaos + properties: + az: + description: Ec2Instance indicates the ID of the ec2 + instance. + type: string + duration: + description: Duration represents the duration of the + chaos action + type: string + remoteCluster: + type: string + stack: + description: AWSRegion defines the region of aws. + type: string + required: + - az + - stack + type: object azureChaos: description: AzureChaosSpec is the content of the specification for an AzureChaos From 5b53a5a978be840a8f7af72a16903e813e3edcf0 Mon Sep 17 00:00:00 2001 From: Nirmal Vadakke Palangatt Date: Thu, 27 Apr 2023 09:12:24 +0200 Subject: [PATCH 06/27] change documentation Co-authored-by: Georgios Koutsoumpakis --- api/v1alpha1/awsazchaos_types.go | 4 +- .../crd/bases/chaos-mesh.org_awsazchaos.yaml | 4 +- .../crd/bases/chaos-mesh.org_schedules.yaml | 16 +++---- .../bases/chaos-mesh.org_workflownodes.yaml | 21 ++++---- .../crd/bases/chaos-mesh.org_workflows.yaml | 11 +++-- .../crds/chaos-mesh.org_awsazchaos.yaml | 4 +- .../crds/chaos-mesh.org_schedules.yaml | 16 +++---- .../crds/chaos-mesh.org_workflownodes.yaml | 21 ++++---- .../crds/chaos-mesh.org_workflows.yaml | 11 +++-- manifests/crd.yaml | 48 ++++++++++--------- 10 files changed, 81 insertions(+), 75 deletions(-) diff --git a/api/v1alpha1/awsazchaos_types.go b/api/v1alpha1/awsazchaos_types.go index 7b6da6da01..68dd9728f4 100644 --- a/api/v1alpha1/awsazchaos_types.go +++ b/api/v1alpha1/awsazchaos_types.go @@ -23,7 +23,7 @@ var _ InnerObjectWithCustomStatus = (*AWSAzChaos)(nil) var _ InnerObjectWithSelector = (*AWSAzChaos)(nil) var _ InnerObject = (*AWSAzChaos)(nil) -// AWSAzChaosSpec is the content of the specification for a HelloWorldChaos +// AWSAzChaosSpec is the content of the specification for a AWSAzChaos type AWSAzChaosSpec struct { // ContainerSelector specifies target AWSAZSelector `json:",inline"` @@ -49,7 +49,7 @@ type AWSAZSelector struct { // AWSRegion defines the region of aws. Stack string `json:"stack"` - // Ec2Instance indicates the ID of the ec2 instance. + // AZ indicates the Availability zone to be taken down AZ string `json:"az"` } diff --git a/config/crd/bases/chaos-mesh.org_awsazchaos.yaml b/config/crd/bases/chaos-mesh.org_awsazchaos.yaml index 635a4cf4c4..1a0f72de69 100644 --- a/config/crd/bases/chaos-mesh.org_awsazchaos.yaml +++ b/config/crd/bases/chaos-mesh.org_awsazchaos.yaml @@ -39,10 +39,10 @@ spec: type: object spec: description: AWSAzChaosSpec is the content of the specification for a - HelloWorldChaos + AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 instance. + description: AZ indicates the Availability zone to be taken down type: string duration: description: Duration represents the duration of the chaos action diff --git a/config/crd/bases/chaos-mesh.org_schedules.yaml b/config/crd/bases/chaos-mesh.org_schedules.yaml index f2ce21d171..9327aac830 100644 --- a/config/crd/bases/chaos-mesh.org_schedules.yaml +++ b/config/crd/bases/chaos-mesh.org_schedules.yaml @@ -84,10 +84,10 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification for - a HelloWorldChaos + a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 instance. + description: AZ indicates the Availability zone to be taken down type: string duration: description: Duration represents the duration of the chaos action @@ -3347,11 +3347,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 - instance. + description: AZ indicates the Availability zone to be + taken down type: string duration: description: Duration represents the duration of the @@ -6461,11 +6461,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the - ec2 instance. + description: AZ indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration of diff --git a/config/crd/bases/chaos-mesh.org_workflownodes.yaml b/config/crd/bases/chaos-mesh.org_workflownodes.yaml index 31e6249991..76c32f149d 100644 --- a/config/crd/bases/chaos-mesh.org_workflownodes.yaml +++ b/config/crd/bases/chaos-mesh.org_workflownodes.yaml @@ -90,10 +90,10 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification for - a HelloWorldChaos + a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 instance. + description: AZ indicates the Availability zone to be taken down type: string duration: description: Duration represents the duration of the chaos action @@ -3001,10 +3001,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 instance. + description: AZ indicates the Availability zone to be taken + down type: string duration: description: Duration represents the duration of the chaos @@ -6335,11 +6336,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the - ec2 instance. + description: AZ indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration of @@ -9544,11 +9545,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the - specification for a HelloWorldChaos + specification for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of - the ec2 instance. + description: AZ indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration diff --git a/config/crd/bases/chaos-mesh.org_workflows.yaml b/config/crd/bases/chaos-mesh.org_workflows.yaml index 3ebe9612d6..a61c811057 100644 --- a/config/crd/bases/chaos-mesh.org_workflows.yaml +++ b/config/crd/bases/chaos-mesh.org_workflows.yaml @@ -96,10 +96,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 instance. + description: AZ indicates the Availability zone to be taken + down type: string duration: description: Duration represents the duration of the chaos @@ -3121,11 +3122,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 - instance. + description: AZ indicates the Availability zone to be + taken down type: string duration: description: Duration represents the duration of the diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_awsazchaos.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_awsazchaos.yaml index 635a4cf4c4..1a0f72de69 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_awsazchaos.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_awsazchaos.yaml @@ -39,10 +39,10 @@ spec: type: object spec: description: AWSAzChaosSpec is the content of the specification for a - HelloWorldChaos + AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 instance. + description: AZ indicates the Availability zone to be taken down type: string duration: description: Duration represents the duration of the chaos action diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml index f2ce21d171..9327aac830 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml @@ -84,10 +84,10 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification for - a HelloWorldChaos + a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 instance. + description: AZ indicates the Availability zone to be taken down type: string duration: description: Duration represents the duration of the chaos action @@ -3347,11 +3347,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 - instance. + description: AZ indicates the Availability zone to be + taken down type: string duration: description: Duration represents the duration of the @@ -6461,11 +6461,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the - ec2 instance. + description: AZ indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration of diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml index 31e6249991..76c32f149d 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml @@ -90,10 +90,10 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification for - a HelloWorldChaos + a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 instance. + description: AZ indicates the Availability zone to be taken down type: string duration: description: Duration represents the duration of the chaos action @@ -3001,10 +3001,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 instance. + description: AZ indicates the Availability zone to be taken + down type: string duration: description: Duration represents the duration of the chaos @@ -6335,11 +6336,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the - ec2 instance. + description: AZ indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration of @@ -9544,11 +9545,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the - specification for a HelloWorldChaos + specification for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of - the ec2 instance. + description: AZ indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml index 3ebe9612d6..a61c811057 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml @@ -96,10 +96,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 instance. + description: AZ indicates the Availability zone to be taken + down type: string duration: description: Duration represents the duration of the chaos @@ -3121,11 +3122,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 - instance. + description: AZ indicates the Availability zone to be + taken down type: string duration: description: Duration represents the duration of the diff --git a/manifests/crd.yaml b/manifests/crd.yaml index b00f1abc5b..03bd2a806a 100644 --- a/manifests/crd.yaml +++ b/manifests/crd.yaml @@ -5445,10 +5445,10 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification for - a HelloWorldChaos + a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 instance. + description: AZ indicates the Availability zone to be taken down type: string duration: description: Duration represents the duration of the chaos action @@ -8708,11 +8708,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 - instance. + description: AZ indicates the Availability zone to be + taken down type: string duration: description: Duration represents the duration of the @@ -11822,11 +11822,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the - ec2 instance. + description: AZ indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration of @@ -20018,10 +20018,10 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification for - a HelloWorldChaos + a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 instance. + description: AZ indicates the Availability zone to be taken down type: string duration: description: Duration represents the duration of the chaos action @@ -22929,10 +22929,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 instance. + description: AZ indicates the Availability zone to be taken + down type: string duration: description: Duration represents the duration of the chaos @@ -26263,11 +26264,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the - ec2 instance. + description: AZ indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration of @@ -29472,11 +29473,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the - specification for a HelloWorldChaos + specification for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of - the ec2 instance. + description: AZ indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration @@ -40503,10 +40504,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 instance. + description: AZ indicates the Availability zone to be taken + down type: string duration: description: Duration represents the duration of the chaos @@ -43528,11 +43530,11 @@ spec: type: object awsazChaos: description: AWSAzChaosSpec is the content of the specification - for a HelloWorldChaos + for a AWSAzChaos properties: az: - description: Ec2Instance indicates the ID of the ec2 - instance. + description: AZ indicates the Availability zone to be + taken down type: string duration: description: Duration represents the duration of the From ea6e402b0e5bceace394ddebf6a23d1024484280 Mon Sep 17 00:00:00 2001 From: Nirmal Vadakke Palangatt Date: Thu, 27 Apr 2023 09:45:53 +0200 Subject: [PATCH 07/27] add maxresults to 10 minimum supported by aws is 5 Co-authored-by: Georgios Koutsoumpakis --- controllers/chaosimpl/awsazchaos/awsdrclient/stack.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/controllers/chaosimpl/awsazchaos/awsdrclient/stack.go b/controllers/chaosimpl/awsazchaos/awsdrclient/stack.go index 48c85df0f7..5475a6250e 100644 --- a/controllers/chaosimpl/awsazchaos/awsdrclient/stack.go +++ b/controllers/chaosimpl/awsazchaos/awsdrclient/stack.go @@ -282,7 +282,7 @@ func (a *StackScopedDRClient) GetEmptyNetworkACL(ctx context.Context, vpcId *str Values: []string{"true"}, }, }, - MaxResults: int32(1), + MaxResults: int32(10), }) if err != nil { return "", err @@ -290,6 +290,9 @@ func (a *StackScopedDRClient) GetEmptyNetworkACL(ctx context.Context, vpcId *str if len(existingEmptyNetworkAcl.NetworkAcls) == 0 { return "", nil } + if len(existingEmptyNetworkAcl.NetworkAcls) > 1 { + return "", fmt.Errorf("expected only one empty network ACL to exist, but got %d", len(existingEmptyNetworkAcl.NetworkAcls)) + } return *existingEmptyNetworkAcl.NetworkAcls[0].NetworkAclId, nil } From b2bf30f83b31836ca110d5641f76f0bd1792f328 Mon Sep 17 00:00:00 2001 From: Nirmal Vadakke Palangatt Date: Thu, 27 Apr 2023 10:06:26 +0200 Subject: [PATCH 08/27] filter for subnets --- controllers/chaosimpl/awsazchaos/awsdrclient/stack.go | 5 ++++- controllers/chaosimpl/awsazchaos/subnetloss/loss.go | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/controllers/chaosimpl/awsazchaos/awsdrclient/stack.go b/controllers/chaosimpl/awsazchaos/awsdrclient/stack.go index 5475a6250e..5dc6a8559b 100644 --- a/controllers/chaosimpl/awsazchaos/awsdrclient/stack.go +++ b/controllers/chaosimpl/awsazchaos/awsdrclient/stack.go @@ -135,7 +135,7 @@ func isSubnetIdInSubnetsAssociations(subnetId string, subnetAssociations []ec2ty return false } -func (a *StackScopedDRClient) DescribeNetworkAclsForStackSubnets(ctx context.Context) (map[string]string, error) { +func (a *StackScopedDRClient) DescribeNetworkAclsForStackSubnets(ctx context.Context, az string) (map[string]string, error) { vpc, err := a.DescribeMainVPC(ctx) if err != nil { return nil, err @@ -164,6 +164,9 @@ func (a *StackScopedDRClient) DescribeNetworkAclsForStackSubnets(ctx context.Con // check if all subnets have a corresponding network Acl for _, subnet := range subnets { + if az != "" && *subnet.AvailabilityZone != az { + continue + } aclID := a.getACLAssociatedToSubnet(subnet, networkAcls.NetworkAcls) if aclID == "" { return nil, fmt.Errorf("subnet %s does not have a corresponding ACL", *subnet.SubnetId) diff --git a/controllers/chaosimpl/awsazchaos/subnetloss/loss.go b/controllers/chaosimpl/awsazchaos/subnetloss/loss.go index 4429a7f71e..82ad0d53b1 100644 --- a/controllers/chaosimpl/awsazchaos/subnetloss/loss.go +++ b/controllers/chaosimpl/awsazchaos/subnetloss/loss.go @@ -44,7 +44,7 @@ func NewAWSAzLoss(ctx context.Context, stack string, az string, log logr.Logger) }, nil } func (a *AWSSubnetsLoss) GetSubnetToACL(ctx context.Context) (map[string]string, error) { - return a.client.DescribeNetworkAclsForStackSubnets(ctx) + return a.client.DescribeNetworkAclsForStackSubnets(ctx, a.az) } func (a *AWSSubnetsLoss) Start(ctx context.Context, originalSubnetToACL map[string]string) error { From 62a7e59f705452ea4773a4ff3069826cec57b149 Mon Sep 17 00:00:00 2001 From: Nirmal Vadakke Palangatt Date: Thu, 27 Apr 2023 10:39:30 +0200 Subject: [PATCH 09/27] add back the logic to replace subnet associations --- controllers/chaosimpl/awsazchaos/subnetloss/loss.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/controllers/chaosimpl/awsazchaos/subnetloss/loss.go b/controllers/chaosimpl/awsazchaos/subnetloss/loss.go index 82ad0d53b1..54d066aaaa 100644 --- a/controllers/chaosimpl/awsazchaos/subnetloss/loss.go +++ b/controllers/chaosimpl/awsazchaos/subnetloss/loss.go @@ -62,11 +62,11 @@ func (a *AWSSubnetsLoss) Start(ctx context.Context, originalSubnetToACL map[stri for sID, aclID := range originalSubnetToACL { a.log.Info(fmt.Sprintf("replacing Network ACL %s of subnet %s with block-all ACL %s", aclID, sID, emptyAclId)) // Replace ACL and keep track of old association - /*if err := a.client.ReplaceNetworkAclForSubnet(ctx, sID, emptyAclId); err != nil { + if err := a.client.ReplaceNetworkAclForSubnet(ctx, sID, emptyAclId); err != nil { // Maybe do not clean up here and depend on the next apply run to take care of it a.attemptCleanUp(ctx, originalSubnetToACL, emptyAclId) return fmt.Errorf("error replacing Network ACL for subnet (%s): %w", sID, err) - }*/ + } } return nil @@ -95,9 +95,9 @@ func (a *AWSSubnetsLoss) cleanUp(ctx context.Context, associations map[string]st a.log.Info("restoring Network ACL associations") for subnetId, originalACLID := range associations { a.log.Info(fmt.Sprintf("restoring subnet (%s) to its original Network ACL (%s)", subnetId, originalACLID)) - /*if err := a.client.ReplaceNetworkAclForSubnet(ctx, subnetId, originalACLID); err != nil { + if err := a.client.ReplaceNetworkAclForSubnet(ctx, subnetId, originalACLID); err != nil { return err - }*/ + } } } From f2056bf9f9e3ed08b461e5154ebeb4925498a8d7 Mon Sep 17 00:00:00 2001 From: nirmal-vadakkepalangatt-form3 <104355070+nirmal-vadakkepalangatt-form3@users.noreply.github.com> Date: Tue, 2 May 2023 14:12:34 +0200 Subject: [PATCH 10/27] Add build info in readme --- README.md | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 54 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b392ca8226..5ce8d46d7b 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,59 @@ See the following demo video for a quick view of Chaos Mesh: [![Watch the video](./static/demo.gif)](https://www.youtube.com/watch?v=ifZEwdJO868) +## Form3-specific instructions + +### Build CRDs + +After changing/adding a go struct that corresponds to a [CRD structure](https://github.com/form3tech/chaos-mesh/blob/nv-gk-az-loss/api/v1alpha1/awsazchaos_types.go) + +Run +```sh +make generate && make yaml +``` +This will create new CRDS for the new custom Chaos, and update existing schedules and workflows accordingly to accomodate the new custom chaos. + +### Build docker images and helm charts + +In order to build new docker images and helm charts containing your custom CRD (and its controller code) + +Run + +```sh +make all +# AWS_ACCOUNT_ID and region which hosts the ECR where you want to push the docker image to +AWS_ACCOUNT_ID="AWS_ACCOUNT_ID_HERE" +AWS_REGION="AWS_REGION_HERE" +TAG="YOUR_BUILD_TAG_HERE" + +# `make all` creates docker images with the latest tag and point to ghcr repo. We need to tag them properly to prepare the push to AMAZON ECR +docker tag ghcr.io/chaos-mesh/chaos-daemon:latest $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/chaos-mesh/chaos-daemon:$TAG +docker tag ghcr.io/chaos-mesh/chaos-dashboard:latest $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/chaos-mesh/chaos-dashboard:$TAG +docker tag ghcr.io/chaos-mesh/chaos-mesh:latest $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/chaos-mesh/chaos-mesh:$TAG + +## Authenticate to the ECR docker repo using https://github.com/form3tech/docker-build-scripts/blob/master/scripts/docker-ecr-login.sh +docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/chaos-mesh/chaos-daemon:$TAG +docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/chaos-mesh/chaos-dashboard:$TAG +docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/chaos-mesh/chaos-mesh:$TAG + + +# package the helm charts +cd helm +helm package chaos-mesh --version $TAG --app-version $TAG + +## Authenticate to the ECR helm repo +ECR_URL= $(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_REGION).amazonaws.com +export HELM_EXPERIMENTAL_OCI=1;aws ecr get-login-password --region $(AWS_REGION) | \ +helm registry login --username AWS --password-stdin $(ECR_URL) + +# Push the chart +helm push chaos-mesh-$TAG.tgz oci://$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/charts.tech.form3/ +``` + + + + + ## Chaos Operator Chaos Operator injects chaos into the applications and Kubernetes infrastructure in a manageable way, which provides easy, custom definitions for chaos experiments and automatic orchestration. There are three components at play: @@ -160,4 +213,4 @@ Chaos Mesh is licensed under the Apache License, Version 2.0. See [LICENSE](./LI ## Trademark -Chaos Mesh is a trademark of The Linux Foundation. All rights reserved. +Chaos Mesh is a trademark of The Linux Foundation. All rights reserved. \ No newline at end of file From d65e3317811463e5a8b660b4b3896357c1024834 Mon Sep 17 00:00:00 2001 From: Mike Tonks Date: Fri, 16 Jun 2023 12:09:15 +0100 Subject: [PATCH 11/27] feat: improve aws chaos, adding filters support Signed-off-by: Mike Tonks --- api/v1alpha1/awschaos_types.go | 27 ++++++- pkg/selector/aws/selector.go | 129 +++++++++++++++++++++++++++++- pkg/selector/aws/selector_test.go | 66 +++++++++++++++ 3 files changed, 217 insertions(+), 5 deletions(-) create mode 100644 pkg/selector/aws/selector_test.go diff --git a/api/v1alpha1/awschaos_types.go b/api/v1alpha1/awschaos_types.go index 09061517cd..b6a2efe5aa 100644 --- a/api/v1alpha1/awschaos_types.go +++ b/api/v1alpha1/awschaos_types.go @@ -105,12 +105,37 @@ type AWSSelector struct { // +ui:form:when=action=='detach-volume' // +optional DeviceName *string `json:"deviceName,omitempty" webhook:"AWSDeviceName,nilable"` + + // Filters defines the filters to pass to the AWS api to query the list of instances. + // Can be specified instead of Ec2Instance, in order to specify instances by tag or other attributes + // Any parameter supported by AWS DescribeInstances method can be used. + // For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filters []*AWSFilter `json:"filters,omitempty"` + + // Mode defines the mode to run chaos action. + // Used only if Filters is specified. + // Supported mode: one / all / fixed / fixed-percent / random-max-percent + // +kubebuilder:validation:Enum=one;all;fixed;fixed-percent;random-max-percent + Mode SelectorMode `json:"mode"` + + // Value is required when the mode is set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`. + // If `FixedMode`, provide an integer of pods to do chaos action. + // If `FixedPercentMode`, provide a number from 0-100 to specify the percent of pods the server can do chaos action. + // IF `RandomMaxPercentMode`, provide a number from 0-100 to specify the max percent of pods to do chaos action + // +optional + Value string `json:"value,omitempty"` +} + +type AWSFilter struct { + Name string `json:"name"` + Values []string `json:"values"` } func (obj *AWSChaos) GetSelectorSpecs() map[string]interface{} { - return map[string]interface{}{ + selectors := map[string]interface{}{ ".": &obj.Spec.AWSSelector, } + return selectors } func (selector *AWSSelector) Id() string { diff --git a/pkg/selector/aws/selector.go b/pkg/selector/aws/selector.go index aff7749540..c219994af9 100644 --- a/pkg/selector/aws/selector.go +++ b/pkg/selector/aws/selector.go @@ -17,16 +17,137 @@ package aws import ( "context" + "fmt" + "github.com/aws/aws-sdk-go-v2/aws" + awscfg "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/ec2" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" + "github.com/chaos-mesh/chaos-mesh/pkg/selector/generic" ) -type SelectImpl struct{} +// EC2Client defines the minimum client interface required for this package +type EC2Client interface { + DescribeInstances(context.Context, *ec2.DescribeInstancesInput, ...func(*ec2.Options)) (*ec2.DescribeInstancesOutput, error) +} + +type SelectImpl struct { + e EC2Client +} func (impl *SelectImpl) Select(ctx context.Context, awsSelector *v1alpha1.AWSSelector) ([]*v1alpha1.AWSSelector, error) { - return []*v1alpha1.AWSSelector{awsSelector}, nil + if len(awsSelector.Filters) == 0 { + return []*v1alpha1.AWSSelector{awsSelector}, nil + } + + instances := []*v1alpha1.AWSSelector{} + + // we have filters, so we should lookup the cloud resources + + // TODO: for now, lazy load the client if not set - I'm unsure how to pass it in the main application + if impl.e == nil { + ec2client, err := newEc2Client(ctx, awsSelector) + if err != nil { + return nil, fmt.Errorf("failed to create client: %w", err) + } + impl.e = ec2client + } + + result, err := impl.e.DescribeInstances(ctx, &ec2.DescribeInstancesInput{ + Filters: buildEc2Filters(awsSelector.Filters), + }) + if err != nil { + return instances, err + } + for _, r := range result.Reservations { + // Set the Ec2Instance, and copy over the other attributes, except the filter + instances = append(instances, &v1alpha1.AWSSelector{ + Ec2Instance: *r.Instances[0].InstanceId, + Endpoint: awsSelector.Endpoint, + AWSRegion: awsSelector.AWSRegion, + EbsVolume: awsSelector.EbsVolume, + DeviceName: awsSelector.DeviceName, + }) + } + mode := awsSelector.Mode + value := awsSelector.Value + + filteredInstances, err := filterInstancesByMode(instances, mode, value) + if err != nil { + return nil, err + } + + return filteredInstances, nil +} + +func New(e EC2Client) *SelectImpl { + return &SelectImpl{ + e: e, + } } -func New() *SelectImpl { - return &SelectImpl{} +func buildEc2Filters(filters []*v1alpha1.AWSFilter) []ec2types.Filter { + + ec2Filters := []ec2types.Filter{} + for _, filter := range filters { + ec2Filters = append(ec2Filters, ec2types.Filter{ + Name: aws.String(filter.Name), + Values: filter.Values, + }) + } + return ec2Filters +} + +func newEc2Client(ctx context.Context, awsSelector *v1alpha1.AWSSelector) (*ec2.Client, error) { + + opts := []func(*awscfg.LoadOptions) error{ + awscfg.WithRegion(awsSelector.AWSRegion), + } + + if awsSelector.Endpoint != nil { + opts = append(opts, awscfg.WithEndpointResolver(aws.EndpointResolverFunc(func(service, region string) (aws.Endpoint, error) { + return aws.Endpoint{URL: *awsSelector.Endpoint, SigningRegion: region}, nil + }))) + } + + // TODO: no access to secret here, need to solve this + // if awschaos.Spec.SecretName != nil { + // secret := &v1.Secret{} + // err := impl.Client.Get(ctx, types.NamespacedName{ + // Name: *awschaos.Spec.SecretName, + // Namespace: awschaos.Namespace, + // }, secret) + // if err != nil { + // impl.Log.Error(err, "fail to get cloud secret") + // return v1alpha1.NotInjected, err + // } + // opts = append(opts, awscfg.WithCredentialsProvider(credentials.NewStaticCredentialsProvider( + // string(secret.Data["aws_access_key_id"]), + // string(secret.Data["aws_secret_access_key"]), + // "", + // ))) + // } + + cfg, err := awscfg.LoadDefaultConfig(ctx, opts...) + if err != nil { + return nil, err + } + return ec2.NewFromConfig(cfg), nil +} + +// filterPodsByMode filters pods by mode from pod list +func filterInstancesByMode(instances []*v1alpha1.AWSSelector, mode v1alpha1.SelectorMode, value string) ([]*v1alpha1.AWSSelector, error) { + indexes, err := generic.FilterObjectsByMode(mode, value, len(instances)) + if err != nil { + return nil, err + } + + var filtered []*v1alpha1.AWSSelector + + for _, index := range indexes { + index := index + filtered = append(filtered, instances[index]) + } + return filtered, nil } diff --git a/pkg/selector/aws/selector_test.go b/pkg/selector/aws/selector_test.go new file mode 100644 index 0000000000..67f05be354 --- /dev/null +++ b/pkg/selector/aws/selector_test.go @@ -0,0 +1,66 @@ +package aws_test + +import ( + "context" + "testing" + + "github.com/aws/aws-sdk-go-v2/service/ec2" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" + "github.com/aws/smithy-go/ptr" + "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" + "github.com/chaos-mesh/chaos-mesh/pkg/selector" + "github.com/chaos-mesh/chaos-mesh/pkg/selector/aws" + "github.com/stretchr/testify/require" +) + +type StubClient struct { + Input *ec2.DescribeInstancesInput + Output *ec2.DescribeInstancesOutput +} + +func (s StubClient) DescribeInstances(ctx context.Context, in *ec2.DescribeInstancesInput, opt ...func(*ec2.Options)) (*ec2.DescribeInstancesOutput, error) { + s.Input = in + return s.Output, nil +} +func TestSelect(t *testing.T) { + ctx := context.Background() + + sel := &v1alpha1.AWSSelector{ + Filters: []*v1alpha1.AWSFilter{{ + Name: "tag:Stack", + Values: []string{"staging"}, + }}, + Mode: v1alpha1.OneMode, + } + + ec2Client := StubClient{ + Output: &ec2.DescribeInstancesOutput{ + Reservations: []ec2types.Reservation{{ + Instances: []ec2types.Instance{{ + InstanceId: ptr.String("1111"), + }}}, { + Instances: []ec2types.Instance{{ + InstanceId: ptr.String("2222"), + }}}, { + Instances: []ec2types.Instance{{ + InstanceId: ptr.String("3333"), + }}, + }}, + }, + } + s := selector.New( + selector.SelectorParams{ + AWSSelector: aws.New(ec2Client), + }) + + result, err := s.Select(ctx, sel) + + require.NoError(t, err) + require.NotNil(t, result) + + require.Len(t, result, 1) + require.Subset(t, + []string{"1111", "2222", "3333"}, + []string{result[0].(*v1alpha1.AWSSelector).Ec2Instance}, + ) +} From 115f9a21205e78e34562ddcf9f5de42ff67453df Mon Sep 17 00:00:00 2001 From: Mike Tonks Date: Fri, 16 Jun 2023 17:40:03 +0100 Subject: [PATCH 12/27] chore: adding generated files Signed-off-by: Mike Tonks --- api/v1alpha1/zz_generated.deepcopy.go | 31 ++ config/crd/bases/chaos-mesh.org_awschaos.yaml | 39 ++ .../crd/bases/chaos-mesh.org_schedules.yaml | 124 ++++++ .../bases/chaos-mesh.org_workflownodes.yaml | 167 +++++++ .../crd/bases/chaos-mesh.org_workflows.yaml | 83 ++++ go.mod | 2 +- .../crds/chaos-mesh.org_awschaos.yaml | 39 ++ .../crds/chaos-mesh.org_schedules.yaml | 124 ++++++ .../crds/chaos-mesh.org_workflownodes.yaml | 167 +++++++ .../crds/chaos-mesh.org_workflows.yaml | 83 ++++ manifests/crd.yaml | 413 ++++++++++++++++++ pkg/ctrl/server/generated/generated.go | 7 +- pkg/ctrl/server/model/models_gen.go | 3 +- pkg/ctrl/server/schema.resolvers.go | 9 +- pkg/dashboard/swaggerdocs/docs.go | 29 ++ pkg/dashboard/swaggerdocs/swagger.json | 29 ++ pkg/dashboard/swaggerdocs/swagger.yaml | 33 ++ pkg/mock/mock.go | 4 +- pkg/selector/aws/selector.go | 2 +- pkg/selector/aws/selector_test.go | 16 + 20 files changed, 1389 insertions(+), 15 deletions(-) diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 83804288d3..4a78bcde63 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -128,6 +128,26 @@ func (in *AWSChaosStatus) DeepCopy() *AWSChaosStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSFilter) DeepCopyInto(out *AWSFilter) { + *out = *in + if in.Values != nil { + in, out := &in.Values, &out.Values + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSFilter. +func (in *AWSFilter) DeepCopy() *AWSFilter { + if in == nil { + return nil + } + out := new(AWSFilter) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AWSSelector) DeepCopyInto(out *AWSSelector) { *out = *in @@ -146,6 +166,17 @@ func (in *AWSSelector) DeepCopyInto(out *AWSSelector) { *out = new(string) **out = **in } + if in.Filters != nil { + in, out := &in.Filters, &out.Filters + *out = make([]*AWSFilter, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(AWSFilter) + (*in).DeepCopyInto(*out) + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSSelector. diff --git a/config/crd/bases/chaos-mesh.org_awschaos.yaml b/config/crd/bases/chaos-mesh.org_awschaos.yaml index bd2647363d..4ec8d929c6 100644 --- a/config/crd/bases/chaos-mesh.org_awschaos.yaml +++ b/config/crd/bases/chaos-mesh.org_awschaos.yaml @@ -68,6 +68,36 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to the AWS api to + query the list of instances. Can be specified instead of Ec2Instance, + in order to specify instances by tag or other attributes Any parameter + supported by AWS DescribeInstances method can be used. For details + see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. Used only + if Filters is specified. Supported mode: one / all / fixed / fixed-percent + / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -75,6 +105,14 @@ spec: secretName: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, provide + an integer of pods to do chaos action. If `FixedPercentMode`, provide + a number from 0-100 to specify the percent of pods the server can + do chaos action. IF `RandomMaxPercentMode`, provide a number from + 0-100 to specify the max percent of pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -83,6 +121,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object status: description: AWSChaosStatus represents the status of an AWSChaos diff --git a/config/crd/bases/chaos-mesh.org_schedules.yaml b/config/crd/bases/chaos-mesh.org_schedules.yaml index 4484488d9b..8888f32950 100644 --- a/config/crd/bases/chaos-mesh.org_schedules.yaml +++ b/config/crd/bases/chaos-mesh.org_schedules.yaml @@ -66,6 +66,36 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to the AWS api + to query the list of instances. Can be specified instead of + Ec2Instance, in order to specify instances by tag or other attributes + Any parameter supported by AWS DescribeInstances method can + be used. For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. Used + only if Filters is specified. Supported mode: one / all / fixed + / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -73,6 +103,15 @@ spec: secretName: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. If `FixedPercentMode`, + provide a number from 0-100 to specify the percent of pods the + server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of pods to do + chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -81,6 +120,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification for @@ -3309,6 +3349,37 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to + the AWS api to query the list of instances. Can be + specified instead of Ec2Instance, in order to specify + instances by tag or other attributes Any parameter + supported by AWS DescribeInstances method can be used. + For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. + Used only if Filters is specified. Supported mode: + one / all / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -3317,6 +3388,16 @@ spec: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set + to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`. + If `FixedMode`, provide an integer of pods to do chaos + action. If `FixedPercentMode`, provide a number from + 0-100 to specify the percent of pods the server can + do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of + pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -3325,6 +3406,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification @@ -6402,6 +6484,37 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass + to the AWS api to query the list of instances. + Can be specified instead of Ec2Instance, in order + to specify instances by tag or other attributes + Any parameter supported by AWS DescribeInstances + method can be used. For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos + action. Used only if Filters is specified. Supported + mode: one / all / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -6410,6 +6523,16 @@ spec: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is + set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`. + If `FixedMode`, provide an integer of pods to + do chaos action. If `FixedPercentMode`, provide + a number from 0-100 to specify the percent of + pods the server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent + of pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -6418,6 +6541,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification diff --git a/config/crd/bases/chaos-mesh.org_workflownodes.yaml b/config/crd/bases/chaos-mesh.org_workflownodes.yaml index 78b5f9fdca..a1f631af19 100644 --- a/config/crd/bases/chaos-mesh.org_workflownodes.yaml +++ b/config/crd/bases/chaos-mesh.org_workflownodes.yaml @@ -72,6 +72,36 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to the AWS api + to query the list of instances. Can be specified instead of + Ec2Instance, in order to specify instances by tag or other attributes + Any parameter supported by AWS DescribeInstances method can + be used. For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. Used + only if Filters is specified. Supported mode: one / all / fixed + / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -79,6 +109,15 @@ spec: secretName: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. If `FixedPercentMode`, + provide a number from 0-100 to specify the percent of pods the + server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of pods to do + chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -87,6 +126,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification for @@ -2964,6 +3004,36 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to the AWS + api to query the list of instances. Can be specified instead + of Ec2Instance, in order to specify instances by tag or + other attributes Any parameter supported by AWS DescribeInstances + method can be used. For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. Used + only if Filters is specified. Supported mode: one / all + / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -2971,6 +3041,15 @@ spec: secretName: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. If `FixedPercentMode`, + provide a number from 0-100 to specify the percent of pods + the server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of pods to + do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -2979,6 +3058,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification @@ -6277,6 +6357,37 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass + to the AWS api to query the list of instances. + Can be specified instead of Ec2Instance, in order + to specify instances by tag or other attributes + Any parameter supported by AWS DescribeInstances + method can be used. For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos + action. Used only if Filters is specified. Supported + mode: one / all / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -6285,6 +6396,16 @@ spec: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is + set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`. + If `FixedMode`, provide an integer of pods to + do chaos action. If `FixedPercentMode`, provide + a number from 0-100 to specify the percent of + pods the server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent + of pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -6293,6 +6414,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification @@ -9465,6 +9587,39 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to + pass to the AWS api to query the list of instances. + Can be specified instead of Ec2Instance, in + order to specify instances by tag or other + attributes Any parameter supported by AWS + DescribeInstances method can be used. For + details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos + action. Used only if Filters is specified. + Supported mode: one / all / fixed / fixed-percent + / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -9473,6 +9628,17 @@ spec: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode + is set to `FixedMode` / `FixedPercentMode` + / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. + If `FixedPercentMode`, provide a number from + 0-100 to specify the percent of pods the server + can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent + of pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -9481,6 +9647,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the diff --git a/config/crd/bases/chaos-mesh.org_workflows.yaml b/config/crd/bases/chaos-mesh.org_workflows.yaml index acca343164..bc0c13e953 100644 --- a/config/crd/bases/chaos-mesh.org_workflows.yaml +++ b/config/crd/bases/chaos-mesh.org_workflows.yaml @@ -78,6 +78,37 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to the + AWS api to query the list of instances. Can be specified + instead of Ec2Instance, in order to specify instances + by tag or other attributes Any parameter supported by + AWS DescribeInstances method can be used. For details + see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. + Used only if Filters is specified. Supported mode: one + / all / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -85,6 +116,15 @@ spec: secretName: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. If `FixedPercentMode`, + provide a number from 0-100 to specify the percent of + pods the server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of pods + to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -93,6 +133,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification @@ -3082,6 +3123,37 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to + the AWS api to query the list of instances. Can be + specified instead of Ec2Instance, in order to specify + instances by tag or other attributes Any parameter + supported by AWS DescribeInstances method can be used. + For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. + Used only if Filters is specified. Supported mode: + one / all / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -3090,6 +3162,16 @@ spec: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set + to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`. + If `FixedMode`, provide an integer of pods to do chaos + action. If `FixedPercentMode`, provide a number from + 0-100 to specify the percent of pods the server can + do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of + pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -3098,6 +3180,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification diff --git a/go.mod b/go.mod index f583732b10..b62b78da52 100644 --- a/go.mod +++ b/go.mod @@ -15,6 +15,7 @@ require ( github.com/aws/aws-sdk-go-v2/config v1.1.1 github.com/aws/aws-sdk-go-v2/credentials v1.1.1 github.com/aws/aws-sdk-go-v2/service/ec2 v1.5.0 + github.com/aws/smithy-go v1.3.1 github.com/bxcodec/faker v2.0.1+incompatible github.com/chaos-mesh/chaos-driver v0.2.1 github.com/chaos-mesh/chaos-mesh/api v0.0.0 @@ -116,7 +117,6 @@ require ( github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.0.6 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.1.1 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.1.1 // indirect - github.com/aws/smithy-go v1.3.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bytedance/sonic v1.9.1 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_awschaos.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_awschaos.yaml index bd2647363d..4ec8d929c6 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_awschaos.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_awschaos.yaml @@ -68,6 +68,36 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to the AWS api to + query the list of instances. Can be specified instead of Ec2Instance, + in order to specify instances by tag or other attributes Any parameter + supported by AWS DescribeInstances method can be used. For details + see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. Used only + if Filters is specified. Supported mode: one / all / fixed / fixed-percent + / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -75,6 +105,14 @@ spec: secretName: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, provide + an integer of pods to do chaos action. If `FixedPercentMode`, provide + a number from 0-100 to specify the percent of pods the server can + do chaos action. IF `RandomMaxPercentMode`, provide a number from + 0-100 to specify the max percent of pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -83,6 +121,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object status: description: AWSChaosStatus represents the status of an AWSChaos diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml index 4484488d9b..8888f32950 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml @@ -66,6 +66,36 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to the AWS api + to query the list of instances. Can be specified instead of + Ec2Instance, in order to specify instances by tag or other attributes + Any parameter supported by AWS DescribeInstances method can + be used. For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. Used + only if Filters is specified. Supported mode: one / all / fixed + / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -73,6 +103,15 @@ spec: secretName: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. If `FixedPercentMode`, + provide a number from 0-100 to specify the percent of pods the + server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of pods to do + chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -81,6 +120,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification for @@ -3309,6 +3349,37 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to + the AWS api to query the list of instances. Can be + specified instead of Ec2Instance, in order to specify + instances by tag or other attributes Any parameter + supported by AWS DescribeInstances method can be used. + For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. + Used only if Filters is specified. Supported mode: + one / all / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -3317,6 +3388,16 @@ spec: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set + to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`. + If `FixedMode`, provide an integer of pods to do chaos + action. If `FixedPercentMode`, provide a number from + 0-100 to specify the percent of pods the server can + do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of + pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -3325,6 +3406,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification @@ -6402,6 +6484,37 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass + to the AWS api to query the list of instances. + Can be specified instead of Ec2Instance, in order + to specify instances by tag or other attributes + Any parameter supported by AWS DescribeInstances + method can be used. For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos + action. Used only if Filters is specified. Supported + mode: one / all / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -6410,6 +6523,16 @@ spec: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is + set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`. + If `FixedMode`, provide an integer of pods to + do chaos action. If `FixedPercentMode`, provide + a number from 0-100 to specify the percent of + pods the server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent + of pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -6418,6 +6541,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml index 78b5f9fdca..a1f631af19 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml @@ -72,6 +72,36 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to the AWS api + to query the list of instances. Can be specified instead of + Ec2Instance, in order to specify instances by tag or other attributes + Any parameter supported by AWS DescribeInstances method can + be used. For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. Used + only if Filters is specified. Supported mode: one / all / fixed + / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -79,6 +109,15 @@ spec: secretName: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. If `FixedPercentMode`, + provide a number from 0-100 to specify the percent of pods the + server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of pods to do + chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -87,6 +126,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification for @@ -2964,6 +3004,36 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to the AWS + api to query the list of instances. Can be specified instead + of Ec2Instance, in order to specify instances by tag or + other attributes Any parameter supported by AWS DescribeInstances + method can be used. For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. Used + only if Filters is specified. Supported mode: one / all + / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -2971,6 +3041,15 @@ spec: secretName: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. If `FixedPercentMode`, + provide a number from 0-100 to specify the percent of pods + the server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of pods to + do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -2979,6 +3058,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification @@ -6277,6 +6357,37 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass + to the AWS api to query the list of instances. + Can be specified instead of Ec2Instance, in order + to specify instances by tag or other attributes + Any parameter supported by AWS DescribeInstances + method can be used. For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos + action. Used only if Filters is specified. Supported + mode: one / all / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -6285,6 +6396,16 @@ spec: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is + set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`. + If `FixedMode`, provide an integer of pods to + do chaos action. If `FixedPercentMode`, provide + a number from 0-100 to specify the percent of + pods the server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent + of pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -6293,6 +6414,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification @@ -9465,6 +9587,39 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to + pass to the AWS api to query the list of instances. + Can be specified instead of Ec2Instance, in + order to specify instances by tag or other + attributes Any parameter supported by AWS + DescribeInstances method can be used. For + details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos + action. Used only if Filters is specified. + Supported mode: one / all / fixed / fixed-percent + / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -9473,6 +9628,17 @@ spec: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode + is set to `FixedMode` / `FixedPercentMode` + / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. + If `FixedPercentMode`, provide a number from + 0-100 to specify the percent of pods the server + can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent + of pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -9481,6 +9647,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml index acca343164..bc0c13e953 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml @@ -78,6 +78,37 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to the + AWS api to query the list of instances. Can be specified + instead of Ec2Instance, in order to specify instances + by tag or other attributes Any parameter supported by + AWS DescribeInstances method can be used. For details + see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. + Used only if Filters is specified. Supported mode: one + / all / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -85,6 +116,15 @@ spec: secretName: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. If `FixedPercentMode`, + provide a number from 0-100 to specify the percent of + pods the server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of pods + to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -93,6 +133,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification @@ -3082,6 +3123,37 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to + the AWS api to query the list of instances. Can be + specified instead of Ec2Instance, in order to specify + instances by tag or other attributes Any parameter + supported by AWS DescribeInstances method can be used. + For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. + Used only if Filters is specified. Supported mode: + one / all / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -3090,6 +3162,16 @@ spec: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set + to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`. + If `FixedMode`, provide an integer of pods to do chaos + action. If `FixedPercentMode`, provide a number from + 0-100 to specify the percent of pods the server can + do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of + pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -3098,6 +3180,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification diff --git a/manifests/crd.yaml b/manifests/crd.yaml index 5ed11c5be3..88296aea38 100644 --- a/manifests/crd.yaml +++ b/manifests/crd.yaml @@ -66,6 +66,36 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to the AWS api to + query the list of instances. Can be specified instead of Ec2Instance, + in order to specify instances by tag or other attributes Any parameter + supported by AWS DescribeInstances method can be used. For details + see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. Used only + if Filters is specified. Supported mode: one / all / fixed / fixed-percent + / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -73,6 +103,14 @@ spec: secretName: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, provide + an integer of pods to do chaos action. If `FixedPercentMode`, provide + a number from 0-100 to specify the percent of pods the server can + do chaos action. IF `RandomMaxPercentMode`, provide a number from + 0-100 to specify the max percent of pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -81,6 +119,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object status: description: AWSChaosStatus represents the status of an AWSChaos @@ -5430,6 +5469,36 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to the AWS api + to query the list of instances. Can be specified instead of + Ec2Instance, in order to specify instances by tag or other attributes + Any parameter supported by AWS DescribeInstances method can + be used. For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. Used + only if Filters is specified. Supported mode: one / all / fixed + / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -5437,6 +5506,15 @@ spec: secretName: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. If `FixedPercentMode`, + provide a number from 0-100 to specify the percent of pods the + server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of pods to do + chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -5445,6 +5523,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification for @@ -8673,6 +8752,37 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to + the AWS api to query the list of instances. Can be + specified instead of Ec2Instance, in order to specify + instances by tag or other attributes Any parameter + supported by AWS DescribeInstances method can be used. + For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. + Used only if Filters is specified. Supported mode: + one / all / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -8681,6 +8791,16 @@ spec: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set + to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`. + If `FixedMode`, provide an integer of pods to do chaos + action. If `FixedPercentMode`, provide a number from + 0-100 to specify the percent of pods the server can + do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of + pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -8689,6 +8809,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification @@ -11766,6 +11887,37 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass + to the AWS api to query the list of instances. + Can be specified instead of Ec2Instance, in order + to specify instances by tag or other attributes + Any parameter supported by AWS DescribeInstances + method can be used. For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos + action. Used only if Filters is specified. Supported + mode: one / all / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -11774,6 +11926,16 @@ spec: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is + set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`. + If `FixedMode`, provide an integer of pods to + do chaos action. If `FixedPercentMode`, provide + a number from 0-100 to specify the percent of + pods the server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent + of pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -11782,6 +11944,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification @@ -19942,6 +20105,36 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to the AWS api + to query the list of instances. Can be specified instead of + Ec2Instance, in order to specify instances by tag or other attributes + Any parameter supported by AWS DescribeInstances method can + be used. For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. Used + only if Filters is specified. Supported mode: one / all / fixed + / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -19949,6 +20142,15 @@ spec: secretName: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. If `FixedPercentMode`, + provide a number from 0-100 to specify the percent of pods the + server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of pods to do + chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -19957,6 +20159,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification for @@ -22834,6 +23037,36 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to the AWS + api to query the list of instances. Can be specified instead + of Ec2Instance, in order to specify instances by tag or + other attributes Any parameter supported by AWS DescribeInstances + method can be used. For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. Used + only if Filters is specified. Supported mode: one / all + / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -22841,6 +23074,15 @@ spec: secretName: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. If `FixedPercentMode`, + provide a number from 0-100 to specify the percent of pods + the server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of pods to + do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -22849,6 +23091,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification @@ -26147,6 +26390,37 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass + to the AWS api to query the list of instances. + Can be specified instead of Ec2Instance, in order + to specify instances by tag or other attributes + Any parameter supported by AWS DescribeInstances + method can be used. For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos + action. Used only if Filters is specified. Supported + mode: one / all / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -26155,6 +26429,16 @@ spec: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is + set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`. + If `FixedMode`, provide an integer of pods to + do chaos action. If `FixedPercentMode`, provide + a number from 0-100 to specify the percent of + pods the server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent + of pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -26163,6 +26447,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification @@ -29335,6 +29620,39 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to + pass to the AWS api to query the list of instances. + Can be specified instead of Ec2Instance, in + order to specify instances by tag or other + attributes Any parameter supported by AWS + DescribeInstances method can be used. For + details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos + action. Used only if Filters is specified. + Supported mode: one / all / fixed / fixed-percent + / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -29343,6 +29661,17 @@ spec: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode + is set to `FixedMode` / `FixedPercentMode` + / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. + If `FixedPercentMode`, provide a number from + 0-100 to specify the percent of pods the server + can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent + of pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -29351,6 +29680,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the @@ -40345,6 +40675,37 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to the + AWS api to query the list of instances. Can be specified + instead of Ec2Instance, in order to specify instances + by tag or other attributes Any parameter supported by + AWS DescribeInstances method can be used. For details + see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. + Used only if Filters is specified. Supported mode: one + / all / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -40352,6 +40713,15 @@ spec: secretName: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. If `FixedPercentMode`, + provide a number from 0-100 to specify the percent of + pods the server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of pods + to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -40360,6 +40730,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification @@ -43349,6 +43720,37 @@ spec: description: Endpoint indicates the endpoint of the aws server. Just used it in test now. type: string + filters: + description: 'Filters defines the filters to pass to + the AWS api to query the list of instances. Can be + specified instead of Ec2Instance, in order to specify + instances by tag or other attributes Any parameter + supported by AWS DescribeInstances method can be used. + For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html' + items: + properties: + name: + type: string + values: + items: + type: string + type: array + required: + - name + - values + type: object + type: array + mode: + description: 'Mode defines the mode to run chaos action. + Used only if Filters is specified. Supported mode: + one / all / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string remoteCluster: description: RemoteCluster represents the remote cluster where the chaos will be deployed @@ -43357,6 +43759,16 @@ spec: description: SecretName defines the name of kubernetes secret. type: string + value: + description: Value is required when the mode is set + to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`. + If `FixedMode`, provide an integer of pods to do chaos + action. If `FixedPercentMode`, provide a number from + 0-100 to specify the percent of pods the server can + do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of + pods to do chaos action + type: string volumeID: description: EbsVolume indicates the ID of the EBS volume. Needed in detach-volume. @@ -43365,6 +43777,7 @@ spec: - action - awsRegion - ec2Instance + - mode type: object azureChaos: description: AzureChaosSpec is the content of the specification diff --git a/pkg/ctrl/server/generated/generated.go b/pkg/ctrl/server/generated/generated.go index 5c858abc1f..f090020243 100644 --- a/pkg/ctrl/server/generated/generated.go +++ b/pkg/ctrl/server/generated/generated.go @@ -14,13 +14,12 @@ import ( "github.com/99designs/gqlgen/graphql" "github.com/99designs/gqlgen/graphql/introspection" + "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" + "github.com/chaos-mesh/chaos-mesh/pkg/ctrl/server/model" gqlparser "github.com/vektah/gqlparser/v2" "github.com/vektah/gqlparser/v2/ast" - v1 "k8s.io/api/core/v1" + "k8s.io/api/core/v1" v11 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" - "github.com/chaos-mesh/chaos-mesh/pkg/ctrl/server/model" ) // region ************************** generated!.gotpl ************************** diff --git a/pkg/ctrl/server/model/models_gen.go b/pkg/ctrl/server/model/models_gen.go index deeb57aebd..24fbd67f5a 100644 --- a/pkg/ctrl/server/model/models_gen.go +++ b/pkg/ctrl/server/model/models_gen.go @@ -7,9 +7,8 @@ import ( "io" "strconv" - v1 "k8s.io/api/core/v1" - "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" + "k8s.io/api/core/v1" ) type Cgroups struct { diff --git a/pkg/ctrl/server/schema.resolvers.go b/pkg/ctrl/server/schema.resolvers.go index 3bd2f6d4ef..94a35178b3 100644 --- a/pkg/ctrl/server/schema.resolvers.go +++ b/pkg/ctrl/server/schema.resolvers.go @@ -12,15 +12,14 @@ import ( "io" "time" - v1 "k8s.io/api/core/v1" - v11 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" - "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" "github.com/chaos-mesh/chaos-mesh/pkg/ctrl/server/generated" "github.com/chaos-mesh/chaos-mesh/pkg/ctrl/server/model" podSelector "github.com/chaos-mesh/chaos-mesh/pkg/selector/pod" + "k8s.io/api/core/v1" + v11 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/client" ) func (r *attrOverrideSpecResolver) Ino(ctx context.Context, obj *v1alpha1.AttrOverrideSpec) (*int, error) { diff --git a/pkg/dashboard/swaggerdocs/docs.go b/pkg/dashboard/swaggerdocs/docs.go index 3ac4d88c01..6aa6bf7676 100644 --- a/pkg/dashboard/swaggerdocs/docs.go +++ b/pkg/dashboard/swaggerdocs/docs.go @@ -4887,6 +4887,17 @@ const docTemplate = `{ "description": "Endpoint indicates the endpoint of the aws server. Just used it in test now.\n+ui:form:ignore\n+optional", "type": "string" }, + "filters": { + "description": "Filters defines the filters to pass to the AWS api to query the list of instances.\nCan be specified instead of Ec2Instance, in order to specify instances by tag or other attributes\nAny parameter supported by AWS DescribeInstances method can be used.\nFor details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html", + "type": "array", + "items": { + "$ref": "#/definitions/v1alpha1.AWSFilter" + } + }, + "mode": { + "description": "Mode defines the mode to run chaos action.\nUsed only if Filters is specified.\nSupported mode: one / all / fixed / fixed-percent / random-max-percent\n+kubebuilder:validation:Enum=one;all;fixed;fixed-percent;random-max-percent", + "type": "string" + }, "remoteCluster": { "description": "RemoteCluster represents the remote cluster where the chaos will be deployed\n+optional", "type": "string" @@ -4895,12 +4906,30 @@ const docTemplate = `{ "description": "SecretName defines the name of kubernetes secret.\n+optional", "type": "string" }, + "value": { + "description": "Value is required when the mode is set to ` + "`" + `FixedMode` + "`" + ` / ` + "`" + `FixedPercentMode` + "`" + ` / ` + "`" + `RandomMaxPercentMode` + "`" + `.\nIf ` + "`" + `FixedMode` + "`" + `, provide an integer of pods to do chaos action.\nIf ` + "`" + `FixedPercentMode` + "`" + `, provide a number from 0-100 to specify the percent of pods the server can do chaos action.\nIF ` + "`" + `RandomMaxPercentMode` + "`" + `, provide a number from 0-100 to specify the max percent of pods to do chaos action\n+optional", + "type": "string" + }, "volumeID": { "description": "EbsVolume indicates the ID of the EBS volume.\nNeeded in detach-volume.\n+ui:form:when=action=='detach-volume'\n+optional", "type": "string" } } }, + "v1alpha1.AWSFilter": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, "v1alpha1.AttrOverrideSpec": { "type": "object", "properties": { diff --git a/pkg/dashboard/swaggerdocs/swagger.json b/pkg/dashboard/swaggerdocs/swagger.json index 54ea4c803a..9ae74675dc 100644 --- a/pkg/dashboard/swaggerdocs/swagger.json +++ b/pkg/dashboard/swaggerdocs/swagger.json @@ -4879,6 +4879,17 @@ "description": "Endpoint indicates the endpoint of the aws server. Just used it in test now.\n+ui:form:ignore\n+optional", "type": "string" }, + "filters": { + "description": "Filters defines the filters to pass to the AWS api to query the list of instances.\nCan be specified instead of Ec2Instance, in order to specify instances by tag or other attributes\nAny parameter supported by AWS DescribeInstances method can be used.\nFor details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html", + "type": "array", + "items": { + "$ref": "#/definitions/v1alpha1.AWSFilter" + } + }, + "mode": { + "description": "Mode defines the mode to run chaos action.\nUsed only if Filters is specified.\nSupported mode: one / all / fixed / fixed-percent / random-max-percent\n+kubebuilder:validation:Enum=one;all;fixed;fixed-percent;random-max-percent", + "type": "string" + }, "remoteCluster": { "description": "RemoteCluster represents the remote cluster where the chaos will be deployed\n+optional", "type": "string" @@ -4887,12 +4898,30 @@ "description": "SecretName defines the name of kubernetes secret.\n+optional", "type": "string" }, + "value": { + "description": "Value is required when the mode is set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.\nIf `FixedMode`, provide an integer of pods to do chaos action.\nIf `FixedPercentMode`, provide a number from 0-100 to specify the percent of pods the server can do chaos action.\nIF `RandomMaxPercentMode`, provide a number from 0-100 to specify the max percent of pods to do chaos action\n+optional", + "type": "string" + }, "volumeID": { "description": "EbsVolume indicates the ID of the EBS volume.\nNeeded in detach-volume.\n+ui:form:when=action=='detach-volume'\n+optional", "type": "string" } } }, + "v1alpha1.AWSFilter": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, "v1alpha1.AttrOverrideSpec": { "type": "object", "properties": { diff --git a/pkg/dashboard/swaggerdocs/swagger.yaml b/pkg/dashboard/swaggerdocs/swagger.yaml index 4cda2cfe9b..7c9d392d58 100644 --- a/pkg/dashboard/swaggerdocs/swagger.yaml +++ b/pkg/dashboard/swaggerdocs/swagger.yaml @@ -3111,6 +3111,22 @@ definitions: +ui:form:ignore +optional type: string + filters: + description: |- + Filters defines the filters to pass to the AWS api to query the list of instances. + Can be specified instead of Ec2Instance, in order to specify instances by tag or other attributes + Any parameter supported by AWS DescribeInstances method can be used. + For details see: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + items: + $ref: '#/definitions/v1alpha1.AWSFilter' + type: array + mode: + description: |- + Mode defines the mode to run chaos action. + Used only if Filters is specified. + Supported mode: one / all / fixed / fixed-percent / random-max-percent + +kubebuilder:validation:Enum=one;all;fixed;fixed-percent;random-max-percent + type: string remoteCluster: description: |- RemoteCluster represents the remote cluster where the chaos will be deployed @@ -3121,6 +3137,14 @@ definitions: SecretName defines the name of kubernetes secret. +optional type: string + value: + description: |- + Value is required when the mode is set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`. + If `FixedMode`, provide an integer of pods to do chaos action. + If `FixedPercentMode`, provide a number from 0-100 to specify the percent of pods the server can do chaos action. + IF `RandomMaxPercentMode`, provide a number from 0-100 to specify the max percent of pods to do chaos action + +optional + type: string volumeID: description: |- EbsVolume indicates the ID of the EBS volume. @@ -3129,6 +3153,15 @@ definitions: +optional type: string type: object + v1alpha1.AWSFilter: + properties: + name: + type: string + values: + items: + type: string + type: array + type: object v1alpha1.AttrOverrideSpec: properties: atime: diff --git a/pkg/mock/mock.go b/pkg/mock/mock.go index 5721dbd3b3..c0d97cb5e0 100755 --- a/pkg/mock/mock.go +++ b/pkg/mock/mock.go @@ -57,9 +57,9 @@ var points = mockPoints{m: make(map[string]interface{})} // On inject a failpoint func On(fpname string) interface{} { var ret interface{} - failpoint.Inject(fpname, func() { + if _, ok := failpoint.Eval(_curpkg_(fpname)); ok { ret = points.get(fpname) - }) + } return ret } diff --git a/pkg/selector/aws/selector.go b/pkg/selector/aws/selector.go index c219994af9..33c3f17c31 100644 --- a/pkg/selector/aws/selector.go +++ b/pkg/selector/aws/selector.go @@ -136,7 +136,7 @@ func newEc2Client(ctx context.Context, awsSelector *v1alpha1.AWSSelector) (*ec2. return ec2.NewFromConfig(cfg), nil } -// filterPodsByMode filters pods by mode from pod list +// filterInstancesByMode filters instances by mode from a list func filterInstancesByMode(instances []*v1alpha1.AWSSelector, mode v1alpha1.SelectorMode, value string) ([]*v1alpha1.AWSSelector, error) { indexes, err := generic.FilterObjectsByMode(mode, value, len(instances)) if err != nil { diff --git a/pkg/selector/aws/selector_test.go b/pkg/selector/aws/selector_test.go index 67f05be354..af38f0566e 100644 --- a/pkg/selector/aws/selector_test.go +++ b/pkg/selector/aws/selector_test.go @@ -1,3 +1,18 @@ +// Copyright 2021 Chaos Mesh Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + package aws_test import ( @@ -13,6 +28,7 @@ import ( "github.com/stretchr/testify/require" ) +// StubClient implements the interface type StubClient struct { Input *ec2.DescribeInstancesInput Output *ec2.DescribeInstancesOutput From 147057d441227b8e7327236154be3fb0334345c1 Mon Sep 17 00:00:00 2001 From: Mike Tonks Date: Sat, 17 Jun 2023 12:15:12 +0100 Subject: [PATCH 13/27] fix: test fail. tidy up. Signed-off-by: Mike Tonks --- api/v1alpha1/awschaos_types.go | 3 +- api/v1alpha1/awschaos_types_test.go | 1 + pkg/selector/aws/selector.go | 14 ++++----- pkg/selector/aws/selector_test.go | 44 +++++++++++++++++++---------- 4 files changed, 37 insertions(+), 25 deletions(-) diff --git a/api/v1alpha1/awschaos_types.go b/api/v1alpha1/awschaos_types.go index b6a2efe5aa..f963a35bf0 100644 --- a/api/v1alpha1/awschaos_types.go +++ b/api/v1alpha1/awschaos_types.go @@ -132,10 +132,9 @@ type AWSFilter struct { } func (obj *AWSChaos) GetSelectorSpecs() map[string]interface{} { - selectors := map[string]interface{}{ + return map[string]interface{}{ ".": &obj.Spec.AWSSelector, } - return selectors } func (selector *AWSSelector) Id() string { diff --git a/api/v1alpha1/awschaos_types_test.go b/api/v1alpha1/awschaos_types_test.go index 3188cdaf90..ad99d8aa94 100644 --- a/api/v1alpha1/awschaos_types_test.go +++ b/api/v1alpha1/awschaos_types_test.go @@ -59,6 +59,7 @@ var _ = Describe("AWSChaos", func() { Action: Ec2Stop, AWSSelector: AWSSelector{ Ec2Instance: testInstance, + Mode: OneMode, }, SecretName: &testSecretName, }, diff --git a/pkg/selector/aws/selector.go b/pkg/selector/aws/selector.go index 33c3f17c31..b741d60457 100644 --- a/pkg/selector/aws/selector.go +++ b/pkg/selector/aws/selector.go @@ -33,7 +33,7 @@ type EC2Client interface { } type SelectImpl struct { - e EC2Client + EC2Client EC2Client } func (impl *SelectImpl) Select(ctx context.Context, awsSelector *v1alpha1.AWSSelector) ([]*v1alpha1.AWSSelector, error) { @@ -46,15 +46,15 @@ func (impl *SelectImpl) Select(ctx context.Context, awsSelector *v1alpha1.AWSSel // we have filters, so we should lookup the cloud resources // TODO: for now, lazy load the client if not set - I'm unsure how to pass it in the main application - if impl.e == nil { + if impl.EC2Client == nil { ec2client, err := newEc2Client(ctx, awsSelector) if err != nil { return nil, fmt.Errorf("failed to create client: %w", err) } - impl.e = ec2client + impl.EC2Client = ec2client } - result, err := impl.e.DescribeInstances(ctx, &ec2.DescribeInstancesInput{ + result, err := impl.EC2Client.DescribeInstances(ctx, &ec2.DescribeInstancesInput{ Filters: buildEc2Filters(awsSelector.Filters), }) if err != nil { @@ -81,10 +81,8 @@ func (impl *SelectImpl) Select(ctx context.Context, awsSelector *v1alpha1.AWSSel return filteredInstances, nil } -func New(e EC2Client) *SelectImpl { - return &SelectImpl{ - e: e, - } +func New() *SelectImpl { + return &SelectImpl{} } func buildEc2Filters(filters []*v1alpha1.AWSFilter) []ec2types.Filter { diff --git a/pkg/selector/aws/selector_test.go b/pkg/selector/aws/selector_test.go index af38f0566e..b91a389be0 100644 --- a/pkg/selector/aws/selector_test.go +++ b/pkg/selector/aws/selector_test.go @@ -35,9 +35,12 @@ type StubClient struct { } func (s StubClient) DescribeInstances(ctx context.Context, in *ec2.DescribeInstancesInput, opt ...func(*ec2.Options)) (*ec2.DescribeInstancesOutput, error) { - s.Input = in + if s.Input != nil { + *s.Input = *in + } return s.Output, nil } + func TestSelect(t *testing.T) { ctx := context.Background() @@ -50,23 +53,14 @@ func TestSelect(t *testing.T) { } ec2Client := StubClient{ - Output: &ec2.DescribeInstancesOutput{ - Reservations: []ec2types.Reservation{{ - Instances: []ec2types.Instance{{ - InstanceId: ptr.String("1111"), - }}}, { - Instances: []ec2types.Instance{{ - InstanceId: ptr.String("2222"), - }}}, { - Instances: []ec2types.Instance{{ - InstanceId: ptr.String("3333"), - }}, - }}, - }, + Input: &ec2.DescribeInstancesInput{}, + Output: buildInstancesOutput("1111", "2222", "3333"), } s := selector.New( selector.SelectorParams{ - AWSSelector: aws.New(ec2Client), + AWSSelector: &aws.SelectImpl{ + EC2Client: ec2Client, + }, }) result, err := s.Select(ctx, sel) @@ -79,4 +73,24 @@ func TestSelect(t *testing.T) { []string{"1111", "2222", "3333"}, []string{result[0].(*v1alpha1.AWSSelector).Ec2Instance}, ) + require.Equal(t, &ec2.DescribeInstancesInput{ + Filters: []ec2types.Filter{{ + Name: ptr.String("tag:Stack"), + Values: []string{"staging"}, + }}, + }, ec2Client.Input) +} + +func buildInstancesOutput(instanceIDs ...string) *ec2.DescribeInstancesOutput { + reservations := []ec2types.Reservation{} + + for _, instanceID := range instanceIDs { + reservations = append(reservations, ec2types.Reservation{ + Instances: []ec2types.Instance{{ + InstanceId: &instanceID, + }}, + }) + } + + return &ec2.DescribeInstancesOutput{Reservations: reservations} } From 8945d8308188c90f4e0ec56847775ab7aa3d3296 Mon Sep 17 00:00:00 2001 From: Mike Tonks Date: Mon, 19 Jun 2023 11:31:01 +0100 Subject: [PATCH 14/27] chore: use mock package for test client. Move secret into selector Signed-off-by: Mike Tonks --- api/v1alpha1/awschaos_types.go | 8 ++-- api/v1alpha1/awschaos_types_test.go | 2 +- api/v1alpha1/zz_generated.deepcopy.go | 10 ++--- pkg/selector/aws/selector.go | 56 +++++++++++++++++---------- pkg/selector/aws/selector_test.go | 11 +++--- 5 files changed, 51 insertions(+), 36 deletions(-) diff --git a/api/v1alpha1/awschaos_types.go b/api/v1alpha1/awschaos_types.go index f963a35bf0..5be450cdd8 100644 --- a/api/v1alpha1/awschaos_types.go +++ b/api/v1alpha1/awschaos_types.go @@ -63,10 +63,6 @@ type AWSChaosSpec struct { // +optional Duration *string `json:"duration,omitempty" webhook:"Duration"` - // SecretName defines the name of kubernetes secret. - // +optional - SecretName *string `json:"secretName,omitempty" webhook:",nilable"` - AWSSelector `json:",inline"` // RemoteCluster represents the remote cluster where the chaos will be deployed @@ -91,6 +87,10 @@ type AWSSelector struct { // AWSRegion defines the region of aws. AWSRegion string `json:"awsRegion"` + // SecretName defines the name of kubernetes secret. + // +optional + SecretName *string `json:"secretName,omitempty" webhook:",nilable"` + // Ec2Instance indicates the ID of the ec2 instance. Ec2Instance string `json:"ec2Instance"` diff --git a/api/v1alpha1/awschaos_types_test.go b/api/v1alpha1/awschaos_types_test.go index ad99d8aa94..d382b55802 100644 --- a/api/v1alpha1/awschaos_types_test.go +++ b/api/v1alpha1/awschaos_types_test.go @@ -58,10 +58,10 @@ var _ = Describe("AWSChaos", func() { Spec: AWSChaosSpec{ Action: Ec2Stop, AWSSelector: AWSSelector{ + SecretName: &testSecretName, Ec2Instance: testInstance, Mode: OneMode, }, - SecretName: &testSecretName, }, } diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 4a78bcde63..27f72d2faf 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -94,11 +94,6 @@ func (in *AWSChaosSpec) DeepCopyInto(out *AWSChaosSpec) { *out = new(string) **out = **in } - if in.SecretName != nil { - in, out := &in.SecretName, &out.SecretName - *out = new(string) - **out = **in - } in.AWSSelector.DeepCopyInto(&out.AWSSelector) } @@ -156,6 +151,11 @@ func (in *AWSSelector) DeepCopyInto(out *AWSSelector) { *out = new(string) **out = **in } + if in.SecretName != nil { + in, out := &in.SecretName, &out.SecretName + *out = new(string) + **out = **in + } if in.EbsVolume != nil { in, out := &in.EbsVolume, &out.EbsVolume *out = new(string) diff --git a/pkg/selector/aws/selector.go b/pkg/selector/aws/selector.go index b741d60457..d07c2e38c8 100644 --- a/pkg/selector/aws/selector.go +++ b/pkg/selector/aws/selector.go @@ -24,7 +24,11 @@ import ( "github.com/aws/aws-sdk-go-v2/service/ec2" ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" + "github.com/chaos-mesh/chaos-mesh/controllers/config" + "github.com/chaos-mesh/chaos-mesh/pkg/mock" "github.com/chaos-mesh/chaos-mesh/pkg/selector/generic" + "go.uber.org/fx" + "sigs.k8s.io/controller-runtime/pkg/client" ) // EC2Client defines the minimum client interface required for this package @@ -33,7 +37,8 @@ type EC2Client interface { } type SelectImpl struct { - EC2Client EC2Client + c client.Client + generic.Option } func (impl *SelectImpl) Select(ctx context.Context, awsSelector *v1alpha1.AWSSelector) ([]*v1alpha1.AWSSelector, error) { @@ -41,20 +46,15 @@ func (impl *SelectImpl) Select(ctx context.Context, awsSelector *v1alpha1.AWSSel return []*v1alpha1.AWSSelector{awsSelector}, nil } - instances := []*v1alpha1.AWSSelector{} - // we have filters, so we should lookup the cloud resources + instances := []*v1alpha1.AWSSelector{} - // TODO: for now, lazy load the client if not set - I'm unsure how to pass it in the main application - if impl.EC2Client == nil { - ec2client, err := newEc2Client(ctx, awsSelector) - if err != nil { - return nil, fmt.Errorf("failed to create client: %w", err) - } - impl.EC2Client = ec2client + ec2client, err := impl.newEc2Client(ctx, awsSelector) + if err != nil { + return nil, fmt.Errorf("failed to create client: %w", err) } - result, err := impl.EC2Client.DescribeInstances(ctx, &ec2.DescribeInstancesInput{ + result, err := ec2client.DescribeInstances(ctx, &ec2.DescribeInstancesInput{ Filters: buildEc2Filters(awsSelector.Filters), }) if err != nil { @@ -66,6 +66,7 @@ func (impl *SelectImpl) Select(ctx context.Context, awsSelector *v1alpha1.AWSSel Ec2Instance: *r.Instances[0].InstanceId, Endpoint: awsSelector.Endpoint, AWSRegion: awsSelector.AWSRegion, + SecretName: awsSelector.SecretName, EbsVolume: awsSelector.EbsVolume, DeviceName: awsSelector.DeviceName, }) @@ -81,8 +82,19 @@ func (impl *SelectImpl) Select(ctx context.Context, awsSelector *v1alpha1.AWSSel return filteredInstances, nil } -func New() *SelectImpl { - return &SelectImpl{} +type Params struct { + fx.In + + Client client.Client +} + +func New(params Params) *SelectImpl { + return &SelectImpl{ + params.Client, + generic.Option{ + TargetNamespace: config.ControllerCfg.TargetNamespace, + }, + } } func buildEc2Filters(filters []*v1alpha1.AWSFilter) []ec2types.Filter { @@ -97,8 +109,11 @@ func buildEc2Filters(filters []*v1alpha1.AWSFilter) []ec2types.Filter { return ec2Filters } -func newEc2Client(ctx context.Context, awsSelector *v1alpha1.AWSSelector) (*ec2.Client, error) { +func (impl *SelectImpl) newEc2Client(ctx context.Context, awsSelector *v1alpha1.AWSSelector) (EC2Client, error) { + if ec2client := mock.On("MockCreateEc2Client"); ec2client != nil { + return ec2client.(EC2Client), nil + } opts := []func(*awscfg.LoadOptions) error{ awscfg.WithRegion(awsSelector.AWSRegion), } @@ -109,16 +124,15 @@ func newEc2Client(ctx context.Context, awsSelector *v1alpha1.AWSSelector) (*ec2. }))) } - // TODO: no access to secret here, need to solve this - // if awschaos.Spec.SecretName != nil { + // TODO How to get namespace for secret?? + // if awsSelector.SecretName != nil { // secret := &v1.Secret{} - // err := impl.Client.Get(ctx, types.NamespacedName{ - // Name: *awschaos.Spec.SecretName, - // Namespace: awschaos.Namespace, + // err := impl.c.Get(ctx, types.NamespacedName{ + // Name: *awsSelector.SecretName, + // Namespace: impl.TargetNamespace, // }, secret) // if err != nil { - // impl.Log.Error(err, "fail to get cloud secret") - // return v1alpha1.NotInjected, err + // return nil, fmt.Errorf("fail to get cloud secret: %w", err) // } // opts = append(opts, awscfg.WithCredentialsProvider(credentials.NewStaticCredentialsProvider( // string(secret.Data["aws_access_key_id"]), diff --git a/pkg/selector/aws/selector_test.go b/pkg/selector/aws/selector_test.go index b91a389be0..966e50ef7e 100644 --- a/pkg/selector/aws/selector_test.go +++ b/pkg/selector/aws/selector_test.go @@ -23,6 +23,7 @@ import ( ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" "github.com/aws/smithy-go/ptr" "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" + "github.com/chaos-mesh/chaos-mesh/pkg/mock" "github.com/chaos-mesh/chaos-mesh/pkg/selector" "github.com/chaos-mesh/chaos-mesh/pkg/selector/aws" "github.com/stretchr/testify/require" @@ -52,15 +53,15 @@ func TestSelect(t *testing.T) { Mode: v1alpha1.OneMode, } - ec2Client := StubClient{ + ec2client := StubClient{ Input: &ec2.DescribeInstancesInput{}, Output: buildInstancesOutput("1111", "2222", "3333"), } + defer mock.With("MockCreateEc2Client", ec2client)() + s := selector.New( selector.SelectorParams{ - AWSSelector: &aws.SelectImpl{ - EC2Client: ec2Client, - }, + AWSSelector: &aws.SelectImpl{}, }) result, err := s.Select(ctx, sel) @@ -78,7 +79,7 @@ func TestSelect(t *testing.T) { Name: ptr.String("tag:Stack"), Values: []string{"staging"}, }}, - }, ec2Client.Input) + }, ec2client.Input) } func buildInstancesOutput(instanceIDs ...string) *ec2.DescribeInstancesOutput { From be85be8f2ecbe8c5fedd5eedcea568bb323a824b Mon Sep 17 00:00:00 2001 From: Andrius Navasaitis Date: Fri, 30 Jun 2023 12:34:20 +0100 Subject: [PATCH 15/27] feat: rework CI pipeline Changes the upstream pipeline to something that's more fitting of our use. All the necessary tests and checks from the upstream were mostly left as are. An addition was made to create a release on both merge and a PR so it's easier for us to sync dev images. --- .github/.licenserc.yaml | 1 + .github/workflows/build_targets.yaml | 182 +++++++++++++ .github/workflows/calculate_tag.yaml | 56 ++++ .github/workflows/changed_files.yaml | 34 +++ ...license_checker.yml => check_license.yaml} | 8 +- .github/workflows/check_md_links.yaml | 39 +++ .github/workflows/checklink.yaml | 21 -- .github/workflows/ci.yaml | 87 ++++++ .github/workflows/ci_skip.yml | 56 ---- .github/workflows/codecov_unittest.yaml | 60 ----- .github/workflows/e2e_test.yaml | 126 +++++++++ .github/workflows/e2e_test.yml | 247 ------------------ .github/workflows/e2e_test_upload_cache.yml | 69 ----- .github/workflows/integration_test.yaml | 92 +++++++ .github/workflows/integration_test.yml | 128 --------- .github/workflows/merge_conflict_finder.yaml | 24 -- .github/workflows/must_update_changelog.yml | 53 ---- .github/workflows/release_helm_chart.yml | 50 ---- .github/workflows/stale.yml | 23 -- .github/workflows/{ci.yml => unit_test.yaml} | 62 +---- .github/workflows/upload_env_image.yml | 116 -------- .github/workflows/upload_image.yml | 192 -------------- .github/workflows/upload_image_pr.yml | 94 ------- .github/workflows/upload_latest_files.yml | 52 ---- .github/workflows/upload_release_files.yml | 66 ----- 25 files changed, 634 insertions(+), 1304 deletions(-) create mode 100644 .github/workflows/build_targets.yaml create mode 100644 .github/workflows/calculate_tag.yaml create mode 100644 .github/workflows/changed_files.yaml rename .github/workflows/{license_checker.yml => check_license.yaml} (79%) create mode 100644 .github/workflows/check_md_links.yaml delete mode 100644 .github/workflows/checklink.yaml create mode 100644 .github/workflows/ci.yaml delete mode 100644 .github/workflows/ci_skip.yml delete mode 100644 .github/workflows/codecov_unittest.yaml create mode 100644 .github/workflows/e2e_test.yaml delete mode 100644 .github/workflows/e2e_test.yml delete mode 100644 .github/workflows/e2e_test_upload_cache.yml create mode 100644 .github/workflows/integration_test.yaml delete mode 100644 .github/workflows/integration_test.yml delete mode 100644 .github/workflows/merge_conflict_finder.yaml delete mode 100644 .github/workflows/must_update_changelog.yml delete mode 100644 .github/workflows/release_helm_chart.yml delete mode 100644 .github/workflows/stale.yml rename .github/workflows/{ci.yml => unit_test.yaml} (53%) delete mode 100644 .github/workflows/upload_env_image.yml delete mode 100644 .github/workflows/upload_image.yml delete mode 100644 .github/workflows/upload_image_pr.yml delete mode 100644 .github/workflows/upload_latest_files.yml delete mode 100644 .github/workflows/upload_release_files.yml diff --git a/.github/.licenserc.yaml b/.github/.licenserc.yaml index cdaadcdb05..d02b432401 100644 --- a/.github/.licenserc.yaml +++ b/.github/.licenserc.yaml @@ -19,6 +19,7 @@ header: - '**/*.key' - '**/*.ext' - '**/*.csr' + - '.github/CODEOWNERS' - '.github/workflows/*' - '.github/ISSUE_TEMPLATE/config.yml' - '.github/.licenserc.yaml' diff --git a/.github/workflows/build_targets.yaml b/.github/workflows/build_targets.yaml new file mode 100644 index 0000000000..bcf4af3125 --- /dev/null +++ b/.github/workflows/build_targets.yaml @@ -0,0 +1,182 @@ +name: Build images and chart + +on: + workflow_call: + outputs: + images-artifact-name: + description: "The name of the image build artifact" + value: ${{ inputs.images-artifact-name }} + + images-cache-key: + description: "The name of the image cache" + value: ${{ inputs.images-cache-key }} + + e2e-binary-artifact-name: + description: "The name of the e2e binary build artifact" + value: ${{ inputs.e2e-binary-name }} + + e2e-binary-cache-key: + description: "The name of the e2e binary cache key" + value: ${{ inputs.e2e-binary-cache-key }} + + chart-name: + description: "Chart name with a version" + value: ${{ jobs.build-chart.outputs.chart-name }} + + chart-artifact-name: + description: "The name of the chart artifact" + value: ${{ inputs.chart-artifact-name }} + + inputs: + images-artifact-name: + description: "Name of the images artifact" + type: string + default: saved-images + + images-cache-key: + description: "Key used to upload e2e-image build cache" + type: string + default: e2e-images-build-cache + + e2e-binary-name: + description: "Name of the e2e-binary artifact" + type: string + default: e2e-binary + + e2e-binary-cache-key: + description: "Key used to upload e2e-binary build cache" + type: string + default: e2e-binary-build-cache + + tag: + description: "Tag" + type: string + required: true + + chart-artifact-name: + description: "The name of the chart artifact" + type: string + default: chart + +permissions: read-all + +jobs: + build-images: + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Restore build cache + id: cache + uses: martijnhols/actions-cache/restore@main + with: + path: cache + key: ${{ inputs.images-cache-key }} + + - name: Build e2e images + env: + DOCKER_CACHE: 1 + DOCKER_CACHE_DIR: ${{github.workspace}}/cache + GO_BUILD_CACHE: ${{github.workspace}}/cache + DOCKER_CLI_EXPERIMENTAL: enabled + run: | + docker buildx create --use --name chaos-mesh-builder + make -j4 image e2e-image + + - name: Save docker images + run: | + mkdir -p ./output/saved-images + docker image save ghcr.io/chaos-mesh/chaos-dashboard:latest > ./output/saved-images/chaos-dashboard.tgz + docker image save ghcr.io/chaos-mesh/chaos-daemon:latest > ./output/saved-images/chaos-daemon.tgz + docker image save ghcr.io/chaos-mesh/chaos-mesh:latest > ./output/saved-images/chaos-mesh.tgz + docker image save ghcr.io/chaos-mesh/e2e-helper:latest > ./output/saved-images/e2e-helper.tgz + + - name: Upload build cache + uses: martijnhols/actions-cache/save@main + with: + path: cache + key: ${{ inputs.images-cache-key }} + + - name: Upload saved images + uses: actions/upload-artifact@v2 + with: + name: ${{ inputs.images-artifact-name }} + path: ./output/saved-images + retention-days: 7 + + build-e2e-binary: + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Restore build cache + id: cache + uses: martijnhols/actions-cache/restore@main + with: + path: cache + key: ${{ inputs.e2e-binary-cache-key }} + + - name: Build e2e binary + env: + DOCKER_CACHE: 1 + DOCKER_CACHE_DIR: ${{github.workspace}}/cache + GO_BUILD_CACHE: ${{github.workspace}}/cache + run: | + make e2e-build + + - name: Upload build cache + uses: martijnhols/actions-cache/save@main + with: + path: cache + key: ${{ inputs.e2e-binary-cache-key }} + + - name: Upload e2e binary + uses: actions/upload-artifact@v2 + with: + name: ${{ inputs.e2e-binary-name }} + path: ./e2e-test/image/e2e/bin + retention-days: 7 + + build-chart: + runs-on: ubuntu-20.04 + outputs: + chart-name: ${{ steps.build-chart.outputs.chart-name }} + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Setup Helm + uses: azure/setup-helm@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Build helm chart + id: build-chart + run: | + output_dir="./output/${{ inputs.chart-artifact-name }}" + helm package ./helm/chaos-mesh \ + --version ${{ inputs.tag }} --app-version ${{ inputs.tag }} \ + --destination "$output_dir" + + chart_name="chaos-mesh-chart.tgz" + mv "$output_dir/chaos-mesh-${{ inputs.tag }}.tgz" "$output_dir/$chart_name" + + echo "chart-path=$output_dir/$chart_name" >> $GITHUB_OUTPUT + echo "chart-name=$chart_name" >> $GITHUB_OUTPUT + + - name: Upload chart + uses: actions/upload-artifact@v2 + with: + name: ${{ inputs.chart-artifact-name }} + path: ${{ steps.build-chart.outputs.chart-path }} + retention-days: 7 + + pass: + needs: [build-images, build-e2e-binary, build-chart] + name: Build passed + runs-on: ubuntu-20.04 + steps: + - run: echo "🎉 Build Passed!" diff --git a/.github/workflows/calculate_tag.yaml b/.github/workflows/calculate_tag.yaml new file mode 100644 index 0000000000..ec05814deb --- /dev/null +++ b/.github/workflows/calculate_tag.yaml @@ -0,0 +1,56 @@ +name: Calculate new tag + +on: + workflow_call: + outputs: + tag: + description: "The the next semantic version tag based on commit messages." + value: ${{ jobs.calculate-tag.outputs.tag }} + inputs: + append_prerelease_suffix: + description: | + When set to true, a prerelease suffix will be added to the suffix of the tag. + required: false + type: boolean + default: "${{ github.event_name == 'pull_request' }}" + head_ref: + description: "Head ref to be used as pre-release suffix" + type: string + default: "${{ github.head_ref }}" + f3_tag: + description: "Additional tag to be prefixed to the latest upstream release tag" + type: string + default: "${{ github.event.after }}" + +jobs: + calculate-tag: + runs-on: ubuntu-20.04 + permissions: read-all + outputs: + tag: "${{ steps.tag.outputs.tag }}" + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Determine latest upstream release tag + id: latest_tag + run: | + latest_tag=$(git tag -l | grep -E "v[0-9]+\.[0-9]+\.[0-9]+$" | tail -n 1) + echo "latest_tag=$latest_tag" >> $GITHUB_OUTPUT + + - name: Calculate pre-release suffix + id: tag-suffix + if: ${{ inputs.append_prerelease_suffix }} + run: | + PRERELEASE="${{ inputs.head_ref }}" + underscores_and_slashes_to_dashes_suffix="${PRERELEASE//[\/_]/-}" + echo "tag-suffix=-${underscores_and_slashes_to_dashes_suffix}" >> $GITHUB_OUTPUT + + - name: Compute next tag + id: tag + run: | + latest_tag="${{ steps.latest_tag.outputs.latest_tag }}" + sha5=$(echo "${{ inputs.f3_tag }}" | cut -c1-5) + tag="${latest_tag}-f3-${sha5}${{steps.tag-suffix.outputs.tag-suffix}}" + echo "tag=$tag" >> $GITHUB_OUTPUT diff --git a/.github/workflows/changed_files.yaml b/.github/workflows/changed_files.yaml new file mode 100644 index 0000000000..df6314eeed --- /dev/null +++ b/.github/workflows/changed_files.yaml @@ -0,0 +1,34 @@ +name: Detect changes files + +on: + workflow_call: + outputs: + only_changed: + description: "Whether only the specified files have changed." + value: ${{ jobs.changed-files.outputs.only_changed }} + +permissions: read-all + +jobs: + changed-files: + runs-on: ubuntu-20.04 + outputs: + only_changed: ${{ steps.filter.outputs.only_changed }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + fetch-depth: 2 + + - name: Get changed files + uses: tj-actions/changed-files@v34 + id: filter + with: + files: | + .gitignore + **.md + ui/** + .github/** + + - name: Echo changed files + run: echo "${{ toJSON(steps.filter.outputs) }}" diff --git a/.github/workflows/license_checker.yml b/.github/workflows/check_license.yaml similarity index 79% rename from .github/workflows/license_checker.yml rename to .github/workflows/check_license.yaml index 22e2c16afd..5b40c67723 100644 --- a/.github/workflows/license_checker.yml +++ b/.github/workflows/check_license.yaml @@ -1,9 +1,7 @@ name: License checker on: - pull_request: - branches: - - master + workflow_call: {} permissions: read-all @@ -11,7 +9,9 @@ jobs: check-license: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 + - name: Checkout code + uses: actions/checkout@v2 + - name: Check License Header uses: apache/skywalking-eyes@v0.4.0 env: diff --git a/.github/workflows/check_md_links.yaml b/.github/workflows/check_md_links.yaml new file mode 100644 index 0000000000..be08dbf41a --- /dev/null +++ b/.github/workflows/check_md_links.yaml @@ -0,0 +1,39 @@ +name: Check markdown links + +on: + workflow_call: {} + +permissions: read-all + +jobs: + changed-files: + runs-on: ubuntu-20.04 + outputs: + any-changed: ${{ steps.filter.outputs.any_changed }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + fetch-depth: 2 + + - name: Get changed files + uses: tj-actions/changed-files@v34 + id: filter + with: + files: | + **.md + .github/checklink_config.json + + markdown-link-check: + needs: changed-files + if: needs.changed-files.outputs.any-changed == 'false' + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Check markdown links + uses: gaurav-nelson/github-action-markdown-link-check@v1 + with: + use-quiet-mode: "yes" + config-file: ".github/checklink_config.json" diff --git a/.github/workflows/checklink.yaml b/.github/workflows/checklink.yaml deleted file mode 100644 index 77e212c702..0000000000 --- a/.github/workflows/checklink.yaml +++ /dev/null @@ -1,21 +0,0 @@ -name: Check Markdown links - -on: - pull_request: - branches: - - master - paths: - - "**.md" - - ".github/checklink_config.json" - -permissions: read-all - -jobs: - markdown-link-check: - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v3 - - uses: gaurav-nelson/github-action-markdown-link-check@v1 - with: - use-quiet-mode: "yes" - config-file: ".github/checklink_config.json" diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000000..2a8b83e3a5 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,87 @@ +name: CI + +on: + pull_request: + branches: + - builder + +jobs: + calculate-tag: + uses: ./.github/workflows/calculate_tag.yaml + + check-md-links: + uses: ./.github/workflows/check_md_links.yaml + + check-license: + uses: ./.github/workflows/check_license.yaml + + unit-test: + uses: ./.github/workflows/unit_test.yaml + + changed-files: + uses: ./.github/workflows/changed_files.yaml + + build-targets: + needs: [changed-files, calculate-tag] + if: needs.changed-files.outputs.only_changed == 'false' + uses: ./.github/workflows/build_targets.yaml + with: + tag: ${{needs.calculate-tag.outputs.tag }} + + e2e-test: + needs: build-targets + uses: ./.github/workflows/e2e_test.yaml + with: + images-artifact-name: ${{ needs.build-targets.outputs.images-artifact-name }} + e2e-binary-name: ${{ needs.build-targets.outputs.e2e-binary-artifact-name }} + + integration-test: + needs: build-targets + uses: ./.github/workflows/integration_test.yaml + with: + images-artifact-name: ${{ needs.build-targets.outputs.images-artifact-name }} + + release: + runs-on: ubuntu-20.04 + needs: [calculate-tag, build-targets] + permissions: write-all + steps: + - name: Download saved images + id: download-images + uses: actions/download-artifact@v2 + with: + name: ${{ needs.build-targets.outputs.images-artifact-name }} + path: ./output/${{ needs.build-targets.outputs.images-artifact-name }} + + - name: Download chart + id: download-chart + uses: actions/download-artifact@v2 + with: + name: ${{ needs.build-targets.outputs.chart-artifact-name }} + path: ./output/${{ needs.build-targets.outputs.chart-artifact-name }} + + - name: Create GH release + uses: softprops/action-gh-release@v1 + id: release + with: + generate_release_notes: true + target_commitish: "${{ github.base_ref }}" + tag_name: ${{ needs.calculate-tag.outputs.tag }} + prerelease: "${{ github.event_name == 'pull_request' }}" + files: | + ./output/${{ needs.build-targets.outputs.images-artifact-name }}/* + ./output/${{ needs.build-targets.outputs.chart-artifact-name }}/* + + - uses: actions/github-script@v6 + with: + script: | + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: `### Created new release based on commit https://github.com/${{ github.repository }}/pull/${{ github.event.number }}/commits/${{github.sha}} + + **Release tag**: v2.6.1-f3-c64ec-builder + + [**Link to release**](https://github.com/${{ github.repository }}/releases/tag/${{ needs.calculate-tag.outputs.tag }})` + }) diff --git a/.github/workflows/ci_skip.yml b/.github/workflows/ci_skip.yml deleted file mode 100644 index 308983081e..0000000000 --- a/.github/workflows/ci_skip.yml +++ /dev/null @@ -1,56 +0,0 @@ -# Please refer to the file comments in `ci.yml` for more information. -name: ci - -on: - pull_request: - branches: - - master - - release-* - -permissions: read-all - -jobs: - skip-changes: - runs-on: ubuntu-20.04 - outputs: - go: ${{ steps.filter.outputs.go }} - ui: ${{ steps.filter.outputs.ui }} - steps: - - uses: dorny/paths-filter@v2 - id: filter - with: - filters: | - go: - - Makefile - - go.* - - '**.go' - - 'helm/**' - ui: - - 'ui/pnpm-lock.yaml' - - '**.js' - - '**.ts?(x)' - go: - needs: skip-changes - if: ${{ needs.skip-changes.outputs.go != 'true' }} - strategy: - matrix: - arch: [amd64, arm64] - job: - - verify - - build - - test - runs-on: ubuntu-20.04 - steps: - - run: echo "Not required to run go jobs." - ui: - needs: skip-changes - if: ${{ needs.skip-changes.outputs.ui != 'true' }} - strategy: - matrix: - job: - - verify - - build - - test - runs-on: ubuntu-20.04 - steps: - - run: echo "Not required to run ui jobs." diff --git a/.github/workflows/codecov_unittest.yaml b/.github/workflows/codecov_unittest.yaml deleted file mode 100644 index 04333a4380..0000000000 --- a/.github/workflows/codecov_unittest.yaml +++ /dev/null @@ -1,60 +0,0 @@ -name: Unit Test And Code Coverage - -# this workflow would work on all the prs -on: - pull_request: - paths: - - Makefile - - go.* - - "**.go" - push: - paths: - - Makefile - - go.* - - "**.go" - -permissions: read-all - -jobs: - unitTestAndCodeCoverage: - name: "Unit Test And Code Coverage" - runs-on: ubuntu-20.04 - steps: - - name: Check out code into the Go module directory - uses: actions/checkout@v3 - - - name: Build Chaos Mesh Build Env - if: ${{ github.event.pull_request }} - env: - IMAGE_BUILD_ENV_BUILD: ${{ contains(github.event.pull_request.labels.*.name, 'rebuild-build-env-image') }} - run: | - if [ "${IMAGE_BUILD_ENV_BUILD}" = "true" ] ; then - export IMAGE_BUILD_ENV_BUILD=1; - else - export IMAGE_BUILD_ENV_BUILD=0; - fi - - make image-build-env - - - name: Build Chaos Mesh Dev Env - if: ${{ github.event.pull_request }} - env: - IMAGE_DEV_ENV_BUILD: ${{ contains(github.event.pull_request.labels.*.name, 'rebuild-dev-env-image') }} - run: | - if [ "${IMAGE_DEV_ENV_BUILD}" = "true" ] ; then - export IMAGE_DEV_ENV_BUILD=1; - else - export IMAGE_DEV_ENV_BUILD=0; - fi - - make image-dev-env - - - name: Unit Test - run: | - make test - - name: Upload Code Coverage - uses: codecov/codecov-action@v2 - with: - files: ./cover.out - verbose: true - fail_ci_if_error: true diff --git a/.github/workflows/e2e_test.yaml b/.github/workflows/e2e_test.yaml new file mode 100644 index 0000000000..53c3a6418b --- /dev/null +++ b/.github/workflows/e2e_test.yaml @@ -0,0 +1,126 @@ +name: E2E test + +on: + workflow_call: + inputs: + images-artifact-name: + description: "Name of the images artifact" + type: string + required: true + e2e-binary-name: + description: "Name of the e2e-binary artifact" + type: string + required: true + +permissions: read-all + +jobs: + e2e-test-matrix: + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: + kubernetes-version: + - v1.20.15 + - v1.23.4 + - v1.25.1 + focus: + - "[Graceful-Shutdown] [IOChaos]" + - "[Graceful-Shutdown] [HTTPChaos]" + - "[Basic] [PodChaos]" + - "[Basic] [TimeChaos]" + - "[Basic] [IOChaos]" + - "[Basic] [HTTPChaos]" + - "[Basic] [Sidecar Config]" + - "[Basic] [NetworkChaos]" + - "[Basic] [DNSChaos]" + - "[Basic] [StressChaos]" + steps: + - name: checkout codes + uses: actions/checkout@v2 + + - name: download saved images + uses: actions/download-artifact@v2 + with: + name: ${{ inputs.images-artifact-name }} + path: ./output/saved-images + + - name: download e2e binary + uses: actions/download-artifact@v2 + with: + name: ${{ inputs.e2e-binary-name }} + path: ./output/e2e-binary + + - name: move e2e binary + run: | + mkdir -p ./e2e-test/image/e2e/bin + mv ./output/e2e-binary/ginkgo ./e2e-test/image/e2e/bin/ginkgo + mv ./output/e2e-binary/e2e.test ./e2e-test/image/e2e/bin/e2e.test + chmod +x ./e2e-test/image/e2e/bin/ginkgo + chmod +x ./e2e-test/image/e2e/bin/e2e.test + + - name: Setup minikube + uses: manusa/actions-setup-minikube@v2.4.3 + with: + driver: docker + minikube version: v1.27.0 + kubernetes version: ${{ matrix.kubernetes-version }} + start args: --cni calico + github token: ${{ secrets.GITHUB_TOKEN }} + + - name: load image into minikube + run: | + minikube image load ./output/saved-images/chaos-dashboard.tgz + minikube image load ./output/saved-images/chaos-daemon.tgz + minikube image load ./output/saved-images/chaos-mesh.tgz + minikube image load ./output/saved-images/e2e-helper.tgz + + - name: Restrict access to kubeconfig # https://github.com/helm/helm/issues/9115 + run: chmod 600 ~/.kube/config + + - name: Setup Helm + uses: azure/setup-helm@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Install Chaos Mesh + run: | + helm install --wait --create-namespace chaos-mesh helm/chaos-mesh --namespace=chaos-mesh --set images.tag=latest + - name: e2e tests + env: + FOCUS: ${{ matrix.focus }} + run: | + # because ginkgo -focus accepts the regex expression, we should use escape to represent the squared brackets and dash + export ESCAPED_FOCUS=$(echo $FOCUS | sed -e 's/\[/\\\[/g' | sed -e 's/\]/\\\]/g' | sed -e 's/\-/\\\-/g') + KUBECONFIG=~/.kube/config ./e2e-test/image/e2e/bin/ginkgo -focus="${ESCAPED_FOCUS}" ./e2e-test/image/e2e/bin/e2e.test -- --e2e-image ghcr.io/chaos-mesh/e2e-helper:latest + - name: post run - extract profile info from kubernetes + if: always() + env: + PROFILE_DIRECTORY: ./output/chaos-mesh-profile + run: | + kubectl cluster-info dump --all-namespaces --output-directory $PROFILE_DIRECTORY/manifests -o yaml + kubectl get endpoints -A -o yaml > $PROFILE_DIRECTORY/manifests/endpoints.yaml + kubectl get secrets -A -o yaml > $PROFILE_DIRECTORY/manifests/secrets.yaml + kubectl get configmaps -A -o yaml > $PROFILE_DIRECTORY/manifests/configmaps.yaml + - name: post run - upload Chaos Mesh profile info + if: always() + uses: actions/upload-artifact@v2 + with: + name: profiling-${{ matrix.focus }}-k8s-${{ matrix.kubernetes-version }} + path: ./output/chaos-mesh-profile + retention-days: 7 + - name: post run - upload junit test reports + if: always() + uses: actions/upload-artifact@v2 + with: + name: test-junit-reports-${{ matrix.focus }}-k8s-${{ matrix.kubernetes-version }} + path: "**/*.xml" + retention-days: 7 + + pass: + needs: + - e2e-test-matrix + name: E2E Test Passed + runs-on: ubuntu-20.04 + steps: + - run: echo "🎉 E2E Test Passed!" diff --git a/.github/workflows/e2e_test.yml b/.github/workflows/e2e_test.yml deleted file mode 100644 index 00b94ca1de..0000000000 --- a/.github/workflows/e2e_test.yml +++ /dev/null @@ -1,247 +0,0 @@ -# This workflow defines the e2e test related jobs. -name: E2E Test - -on: - workflow_dispatch: {} - pull_request: - branches: - - master - - release-* - -permissions: read-all - -jobs: - changed-files: - runs-on: ubuntu-20.04 - outputs: - only_changed: ${{ steps.filter.outputs.only_changed }} - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 2 - - name: Get changed files - uses: tj-actions/changed-files@v34 - id: filter - with: - # Not available for frontend code for now. - files: | - .gitignore - **.md - ui/** - .github/workflows/checklink.yaml - .github/checklink_config.json - .github/workflows/ci.yml - .github/workflows/ci_skip.yml - .github/workflows/codecov_unittest.yaml - .github/workflows/integration_test.yml - .github/workflows/license_checker.yml - .github/workflows/must_update_changelog.yml - .github/workflows/release_helm_chart.yml - .github/workflows/stale.yml - .github/workflows/upload_env_image.yml - .github/workflows/upload_image.yml - .github/workflows/upload_image_pr.yml - .github/workflows/upload_latest_files.yml - .github/workflows/upload_release_files.yml - - name: Echo changed files - run: echo "${{ toJSON(steps.filter.outputs) }}" - - build-image: - needs: changed-files - if: needs.changed-files.outputs.only_changed == 'false' - runs-on: ubuntu-20.04 - steps: - - name: checkout codes - uses: actions/checkout@v2 - - name: Build Chaos Mesh Build Env - if: ${{ github.event.pull_request }} - env: - IMAGE_BUILD_ENV_BUILD: ${{ contains(github.event.pull_request.labels.*.name, 'rebuild-build-env-image') }} - run: | - if [ "${IMAGE_BUILD_ENV_BUILD}" = "true" ] ; then - export IMAGE_BUILD_ENV_BUILD=1; - else - export IMAGE_BUILD_ENV_BUILD=0; - fi - make image-build-env - - name: Build Chaos Mesh Dev Env - if: ${{ github.event.pull_request }} - env: - IMAGE_DEV_ENV_BUILD: ${{ contains(github.event.pull_request.labels.*.name, 'rebuild-dev-env-image') }} - run: | - if [ "${IMAGE_DEV_ENV_BUILD}" = "true" ] ; then - export IMAGE_DEV_ENV_BUILD=1; - else - export IMAGE_DEV_ENV_BUILD=0; - fi - make image-dev-env - # once the https://github.com/actions/cache/pull/498 gets merged, - # we can switch to the official cache action - - name: Restore build cache - id: cache - uses: martijnhols/actions-cache/restore@main - with: - path: cache - # don't worry about the branch, the github cache - # is only accessible in the same branch (or a pull_request - # whose target is the branch) - key: e2e-image-build-cache-${{ runner.os }} - - - name: build e2e images - env: - DOCKER_CACHE: 1 - DOCKER_CACHE_DIR: ${{ github.workspace }}/cache - GO_BUILD_CACHE: ${{ github.workspace }}/cache - DOCKER_CLI_EXPERIMENTAL: enabled - run: | - docker buildx create --use --name chaos-mesh-builder - make -j4 image e2e-image - - - name: save docker images - run: | - mkdir -p ./output/saved-images - docker image save ghcr.io/chaos-mesh/chaos-dashboard:latest > ./output/saved-images/chaos-dashboard.tgz - docker image save ghcr.io/chaos-mesh/chaos-daemon:latest > ./output/saved-images/chaos-daemon.tgz - docker image save ghcr.io/chaos-mesh/chaos-mesh:latest > ./output/saved-images/chaos-mesh.tgz - docker image save ghcr.io/chaos-mesh/e2e-helper:latest > ./output/saved-images/e2e-helper.tgz - - - name: upload saved images - uses: actions/upload-artifact@v2 - with: - name: saved-images - path: ./output/saved-images - retention-days: 7 - - build-e2e-binary: - needs: changed-files - if: needs.changed-files.outputs.only_changed == 'false' - runs-on: ubuntu-20.04 - steps: - - name: checkout codes - uses: actions/checkout@v2 - - name: Restore build cache - id: cache - uses: martijnhols/actions-cache/restore@main - with: - path: cache - key: e2e-binary-build-cache-${{ runner.os }} - - name: build e2e binary - env: - DOCKER_CACHE: 1 - DOCKER_CACHE_DIR: ${{ github.workspace }}/cache - GO_BUILD_CACHE: ${{ github.workspace }}/cache - run: | - make e2e-build - - name: upload e2e binary - uses: actions/upload-artifact@v2 - with: - name: e2e-binary - path: ./e2e-test/image/e2e/bin - retention-days: 7 - - e2e-test-matrix: - needs: - - build-image - - build-e2e-binary - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: - kubernetes-version: - - v1.20.15 - - v1.23.4 - - v1.25.1 - focus: - - "[Graceful-Shutdown] [IOChaos]" - - "[Graceful-Shutdown] [HTTPChaos]" - - "[Basic] [PodChaos]" - - "[Basic] [TimeChaos]" - - "[Basic] [IOChaos]" - - "[Basic] [HTTPChaos]" - - "[Basic] [Sidecar Config]" - - "[Basic] [NetworkChaos]" - - "[Basic] [DNSChaos]" - - "[Basic] [StressChaos]" - steps: - - name: checkout codes - uses: actions/checkout@v2 - - name: download saved images - uses: actions/download-artifact@v2 - with: - name: saved-images - path: ./output/saved-images - - name: download e2e binary - uses: actions/download-artifact@v2 - with: - name: e2e-binary - path: ./output/e2e-binary - - name: move e2e binary - run: | - mkdir -p ./e2e-test/image/e2e/bin - mv ./output/e2e-binary/ginkgo ./e2e-test/image/e2e/bin/ginkgo - mv ./output/e2e-binary/e2e.test ./e2e-test/image/e2e/bin/e2e.test - chmod +x ./e2e-test/image/e2e/bin/ginkgo - chmod +x ./e2e-test/image/e2e/bin/e2e.test - - name: Setup minikube - uses: manusa/actions-setup-minikube@v2.4.3 - with: - driver: docker - minikube version: v1.27.0 - kubernetes version: ${{ matrix.kubernetes-version }} - start args: --cni calico - github token: ${{ secrets.GITHUB_TOKEN }} - - - name: load image into minikube - run: | - minikube image load ./output/saved-images/chaos-dashboard.tgz - minikube image load ./output/saved-images/chaos-daemon.tgz - minikube image load ./output/saved-images/chaos-mesh.tgz - minikube image load ./output/saved-images/e2e-helper.tgz - - - name: Restrict access to kubeconfig # https://github.com/helm/helm/issues/9115 - run: chmod 600 ~/.kube/config - - - name: Setup Helm - uses: azure/setup-helm@v3 - - - name: Install Chaos Mesh - run: | - helm install --wait --create-namespace chaos-mesh helm/chaos-mesh --namespace=chaos-mesh --set images.tag=latest - - name: e2e tests - env: - FOCUS: ${{ matrix.focus }} - run: | - # because ginkgo -focus accepts the regex expression, we should use escape to represent the squared brackets and dash - export ESCAPED_FOCUS=$(echo $FOCUS | sed -e 's/\[/\\\[/g' | sed -e 's/\]/\\\]/g' | sed -e 's/\-/\\\-/g') - KUBECONFIG=~/.kube/config ./e2e-test/image/e2e/bin/ginkgo -focus="${ESCAPED_FOCUS}" ./e2e-test/image/e2e/bin/e2e.test -- --e2e-image ghcr.io/chaos-mesh/e2e-helper:latest - - name: post run - extract profile info from kubernetes - if: always() - env: - PROFILE_DIRECTORY: ./output/chaos-mesh-profile - run: | - kubectl cluster-info dump --all-namespaces --output-directory $PROFILE_DIRECTORY/manifests -o yaml - kubectl get endpoints -A -o yaml > $PROFILE_DIRECTORY/manifests/endpoints.yaml - kubectl get secrets -A -o yaml > $PROFILE_DIRECTORY/manifests/secrets.yaml - kubectl get configmaps -A -o yaml > $PROFILE_DIRECTORY/manifests/configmaps.yaml - - name: post run - upload Chaos Mesh profile info - if: always() - uses: actions/upload-artifact@v2 - with: - name: profiling-${{ matrix.focus }}-k8s-${{ matrix.kubernetes-version }} - path: ./output/chaos-mesh-profile - retention-days: 7 - - name: post run - upload junit test reports - if: always() - uses: actions/upload-artifact@v2 - with: - name: test-junit-reports-${{ matrix.focus }}-k8s-${{ matrix.kubernetes-version }} - path: "**/*.xml" - retention-days: 7 - - pass: - needs: - - e2e-test-matrix - name: E2E Test Passed - runs-on: ubuntu-20.04 - steps: - - run: echo "🎉 E2E Test Passed!" diff --git a/.github/workflows/e2e_test_upload_cache.yml b/.github/workflows/e2e_test_upload_cache.yml deleted file mode 100644 index 66ba0fb6ca..0000000000 --- a/.github/workflows/e2e_test_upload_cache.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: E2E Test Upload Cache - -on: - workflow_dispatch: {} - push: - branches: - - master - - release-* - paths-ignore: - - .gitignore - - "**.md" - # Not available for frontend code for now. - - "ui/**" - - .github/workflows/checklink.yaml - - .github/checklink_config.json - - .github/workflows/ci.yml - - .github/workflows/ci_skip.yml - - .github/workflows/codecov_unittest.yaml - - .github/workflows/integration_test.yml - - .github/workflows/license_checker.yml - - .github/workflows/must_update_changelog.yml - - .github/workflows/release_helm_chart.yml - - .github/workflows/stale.yml - - .github/workflows/upload_env_image.yml - - .github/workflows/upload_image.yml - - .github/workflows/upload_image_pr.yml - - .github/workflows/upload_latest_files.yml - - .github/workflows/upload_release_files.yml - -permissions: read-all - -jobs: - build-image: - runs-on: ubuntu-20.04 - steps: - - name: checkout codes - uses: actions/checkout@v2 - - name: build e2e images - env: - DOCKER_CACHE: 1 - DOCKER_CACHE_DIR: ${{github.workspace}}/cache - GO_BUILD_CACHE: ${{github.workspace}}/cache - DOCKER_CLI_EXPERIMENTAL: enabled - run: | - docker buildx create --use --name chaos-mesh-builder - make -j4 image e2e-image - - name: upload build cache - uses: martijnhols/actions-cache/save@main - with: - path: cache - key: e2e-image-build-cache-${{ runner.os }} - - build-e2e-binary: - runs-on: ubuntu-20.04 - steps: - - name: checkout codes - uses: actions/checkout@v2 - - name: build e2e binary - env: - DOCKER_CACHE: 1 - DOCKER_CACHE_DIR: ${{github.workspace}}/cache - GO_BUILD_CACHE: ${{github.workspace}}/cache - run: | - make e2e-build - - name: upload build cache - uses: martijnhols/actions-cache/save@main - with: - path: cache - key: e2e-binary-build-cache-${{ runner.os }} diff --git a/.github/workflows/integration_test.yaml b/.github/workflows/integration_test.yaml new file mode 100644 index 0000000000..9c9fa9b00c --- /dev/null +++ b/.github/workflows/integration_test.yaml @@ -0,0 +1,92 @@ +name: Integration test + +on: + workflow_call: + inputs: + images-artifact-name: + description: "Name of the images artifact" + type: string + required: true + +permissions: read-all + +jobs: + run: + name: Integration Test + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3 + with: + # Must use at least depth 2! + fetch-depth: 2 + + - name: Download saved images + id: download-images + uses: actions/download-artifact@v2 + with: + name: ${{ inputs.images-artifact-name }} + path: ./output/${{ inputs.images-artifact-name }} + + - name: Load images into docker + run: | + docker load --input ./output/${{ inputs.images-artifact-name }}/chaos-dashboard.tgz + docker load --input ./output/${{ inputs.images-artifact-name }}/chaos-daemon.tgz + docker load --input ./output/${{ inputs.images-artifact-name }}/chaos-mesh.tgz + + - name: Create kind cluster + # released version of kind-action doesn't support arm64 + uses: helm/kind-action@4c7909140acfc81a05fc96fed8fea6673ba8ce80 + with: + kubectl_version: v1.23.1 + + - name: Restrict access to kubeconfig # https://github.com/helm/helm/issues/9115 + run: chmod 600 ~/.kube/config + + - name: Setup Helm + uses: azure/setup-helm@v3 + + - name: Setup Python + uses: actions/setup-python@v2 + + - name: Setup Go + uses: actions/setup-go@v2 + with: + go-version: "1.19.7" + + - name: Install Chaos Mesh + run: | + export CLUSTER="chart-testing" + export SKIP_IMAGE_BUILD=true + hack/local-up-chaos-mesh.sh + kubectl set env deployment/chaos-dashboard SECURITY_MODE=true -n chaos-mesh + kubectl set env deployment/chaos-controller-manager SECURITY_MODE=true -n chaos-mesh + sleep 5 + kubectl port-forward -n chaos-mesh svc/chaos-dashboard 2333:2333 & + + - name: Build chaosctl + run: | + make chaosctl + + - name: Install localstack && aws client + run: | + helm repo add localstack-repo http://helm.localstack.cloud + helm upgrade --install localstack localstack-repo/localstack --version 0.1.2 + pip install awscli + kubectl wait --timeout=60s --for=condition=ready --all pod + + - name: Run integration test + run: | + bash test/integration_test/run.sh + + - name: Post run - dump kubernetes cluster info + if: always() + run: | + kubectl cluster-info dump --all-namespaces --output-directory cluster-info-dump + + - name: Post run - upload kubernetes cluster info dump + if: always() + uses: actions/upload-artifact@v2 + with: + name: integration-test-kubernetes-cluster-info-dump + path: cluster-info-dump + retention-days: 7 diff --git a/.github/workflows/integration_test.yml b/.github/workflows/integration_test.yml deleted file mode 100644 index 86bb2201f2..0000000000 --- a/.github/workflows/integration_test.yml +++ /dev/null @@ -1,128 +0,0 @@ -name: Integration Test - -on: - pull_request: - branches: - - master - paths-ignore: - - "**.md" - # Not available for frontend code for now. - - "ui/**" - - .github/workflows/checklink.yaml - - .github/checklink_config.json - - .github/workflows/ci.yml - - .github/workflows/ci_skip.yml - - .github/workflows/codecov_unittest.yaml - - .github/workflows/e2e_test.yml - - .github/workflows/e2e_test_upload_cache.yml - - .github/workflows/license_checker.yml - - .github/workflows/must_update_changelog.yml - - .github/workflows/release_helm_chart.yml - - .github/workflows/stale.yml - - .github/workflows/upload_env_image.yml - - .github/workflows/upload_image.yml - - .github/workflows/upload_image_pr.yml - - .github/workflows/upload_latest_files.yml - - .github/workflows/upload_release_files.yml - -permissions: read-all - -jobs: - run: - name: Integration Test - strategy: - fail-fast: false - matrix: - arch: [amd64, arm64] - runs-on: ${{ fromJson('{"amd64":"ubuntu-20.04", "arm64":["self-hosted", "Linux", "ARM64"]}')[matrix.arch] }} - steps: - - uses: actions/checkout@v3 - with: - # Must use at least depth 2! - fetch-depth: 2 - - - name: Create kind cluster - # released version of kind-action doesn't support arm64 - uses: helm/kind-action@4c7909140acfc81a05fc96fed8fea6673ba8ce80 - with: - kubectl_version: v1.23.1 - - - name: Restrict access to kubeconfig # https://github.com/helm/helm/issues/9115 - run: chmod 600 ~/.kube/config - - - name: Setup Helm - uses: azure/setup-helm@v3 - - - name: Magic Kind DNS Fix - if: ${{ matrix.arch == 'arm64' }} - run: | - docker exec chart-testing-control-plane /bin/bash -c "sed -e 's/nameserver \(.*\)/nameserver 8.8.8.8/g' /etc/resolv.conf > /etc/resolv.conf.sed" - docker exec chart-testing-control-plane /bin/bash -c "cp /etc/resolv.conf.sed /etc/resolv.conf" - - kubectl rollout restart deployment -n kube-system coredns - - - uses: actions/setup-python@v2 - if: ${{ matrix.arch != 'arm64' }} # We can assume the self-hosted arm64 has a functional python - - - uses: actions/setup-go@v2 - with: - go-version: "1.19.7" - - name: Build Chaos Mesh Build Env - if: ${{ github.event.pull_request }} - env: - IMAGE_BUILD_ENV_BUILD: ${{ contains(github.event.pull_request.labels.*.name, 'rebuild-build-env-image') }} - run: | - if [ "${IMAGE_BUILD_ENV_BUILD}" = "true" ] ; then - export IMAGE_BUILD_ENV_BUILD=1; - else - export IMAGE_BUILD_ENV_BUILD=0; - fi - - make image-build-env - - - name: Build Chaos Mesh Dev Env - if: ${{ github.event.pull_request }} - env: - IMAGE_DEV_ENV_BUILD: ${{ contains(github.event.pull_request.labels.*.name, 'rebuild-dev-env-image') }} - run: | - if [ "${IMAGE_DEV_ENV_BUILD}" = "true" ] ; then - export IMAGE_DEV_ENV_BUILD=1; - else - export IMAGE_DEV_ENV_BUILD=0; - fi - - make image-dev-env - - - name: Install Chaos Mesh - run: | - export CLUSTER="chart-testing" - hack/local-up-chaos-mesh.sh - kubectl set env deployment/chaos-dashboard SECURITY_MODE=true -n chaos-mesh - kubectl set env deployment/chaos-controller-manager SECURITY_MODE=true -n chaos-mesh - sleep 5 - kubectl port-forward -n chaos-mesh svc/chaos-dashboard 2333:2333 & - - name: Build chaosctl - run: | - make chaosctl - - name: Install localstack && aws client - run: | - helm repo add localstack-repo http://helm.localstack.cloud - helm upgrade --install localstack localstack-repo/localstack --version 0.1.2 - pip install awscli - kubectl wait --timeout=60s --for=condition=ready --all pod - - - name: Run integration test - run: | - bash test/integration_test/run.sh - - - name: post run - dump kubernetes cluster info - if: always() - run: | - kubectl cluster-info dump --all-namespaces --output-directory cluster-info-dump - - name: post run - upload kubernetes cluster info dump - if: always() - uses: actions/upload-artifact@v2 - with: - name: integration-test-kubernetes-cluster-info-dump-${{ matrix.arch }} - path: cluster-info-dump - retention-days: 7 diff --git a/.github/workflows/merge_conflict_finder.yaml b/.github/workflows/merge_conflict_finder.yaml deleted file mode 100644 index ca16122925..0000000000 --- a/.github/workflows/merge_conflict_finder.yaml +++ /dev/null @@ -1,24 +0,0 @@ -name: Merge Conflict Finder - -on: - push: - branches: - - master - - release-* - pull_request: - branches: - - master - - release-* - -permissions: read-all - -jobs: - merge_conflict_job: - runs-on: ubuntu-latest - name: Find merge conflicts - steps: - # Checkout the source code so there are some files to look at. - - uses: actions/checkout@v2 - # Run the actual merge conflict finder - - name: Merge Conflict finder - uses: olivernybroe/action-conflict-finder@v4.0 diff --git a/.github/workflows/must_update_changelog.yml b/.github/workflows/must_update_changelog.yml deleted file mode 100644 index 6e8cf073ac..0000000000 --- a/.github/workflows/must_update_changelog.yml +++ /dev/null @@ -1,53 +0,0 @@ -# This workflow would make sure that there are some changes on CHANGELOG.md or -# the label "no-need-update-changelog" is tagged on the PR. - -name: "Must Update CHANGELOG" - -on: - pull_request: - types: - - opened - - synchronize - - reopened - - labeled - - unlabeled - branches: - - master - - release-* - -permissions: read-all - -jobs: - must-update-changelog: - name: "Must Update CHANGELOG" - runs-on: "ubuntu-20.04" - env: - LABEL_EXISTS: ${{ contains(github.event.pull_request.labels.*.name, 'no-need-update-changelog') }} - steps: - - name: "Skip if label exists" - id: "skip-if-label-exists" - run: | - if [ "${LABEL_EXISTS}" = "true" ] ; then - echo "no-need-update-changelog exists, skipping this check" - exit 0 - fi - - name: "Collect changes" - id: "collect-changes" - if: ${{ ! fromJSON(env.LABEL_EXISTS) }} - uses: dorny/paths-filter@v2 - with: - filters: | - changelog: - - CHANGELOG.md - - name: "Make sure CHANGELOG.md is updated" - id: "check-changelog" - if: ${{ ! fromJSON(env.LABEL_EXISTS) }} - env: - CHANGELOG_UPDATED: ${{ steps.collect-changes.outputs.changelog }} - run: | - if [ "${CHANGELOG_UPDATED}" = "true" ] ; then - echo "CHANGELOG.md is updated" - else - echo "CHANGELOG.md is not updated" - exit 1 - fi diff --git a/.github/workflows/release_helm_chart.yml b/.github/workflows/release_helm_chart.yml deleted file mode 100644 index 65d001e4fa..0000000000 --- a/.github/workflows/release_helm_chart.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Release helm chart files - -on: - push: - tags: - - "chart-*" - -permissions: read-all - -jobs: - release-chart: - runs-on: ubuntu-20.04 - steps: - - name: "Must Triggered by Tag chart-" - run: | - # GITHUB_REF_TYPE MUST equals to "tag" - if [ "${GITHUB_REF_TYPE}" != "tag" ]; then - echo "This workflow must be triggered by tag" - echo "GITHUB_REF_TYPE: ${GITHUB_REF_TYPE}" - echo "GITHUB_REF: ${GITHUB_REF}" - exit 1 - fi - - # The tag MUST start with "chart-" - GIT_TAG=${GITHUB_REF##*/} - if [[ "${GIT_TAG}" == "chart-"* ]]; then - exit 0 - fi - - echo "The tag must start with 'chart-'" - echo "GITHUB_REF: ${GITHUB_REF}" - exit 1 - - uses: actions/checkout@v2 - - name: "Extract Version" - id: extract_version - run: | - GIT_TAG=${GITHUB_REF##*/} - VERSION=${GIT_TAG##chart-} - echo "::set-output name=version::$(echo $VERSION)" - - name: Publish Helm chart - uses: stefanprodan/helm-gh-pages@master - with: - token: ${{ secrets.CR_TOKEN }} - charts_dir: helm - charts_url: https://charts.chaos-mesh.org - owner: chaos-mesh - repository: charts - branch: gh-pages - app_version: ${{ steps.extract_version.outputs.version }} - chart_version: ${{ steps.extract_version.outputs.version }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml deleted file mode 100644 index c9fe66ab1e..0000000000 --- a/.github/workflows/stale.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Mark stale issues and pull requests - -on: - schedule: - - cron: "0 0 * * *" - -permissions: read-all - -jobs: - stale: - runs-on: ubuntu-20.04 - steps: - - uses: actions/stale@v3 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - stale-issue-message: "This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 21 days" - stale-pr-message: "This pr is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 21 days" - days-before-stale: 90 - days-before-close: 21 - stale-issue-label: "lifecycle/stale" - stale-pr-label: "lifecycle/stale" - exempt-issue-labels: "lifecycle/frozen,type/enhancement,type/suggestion,type/bug" - exempt-pr-labels: "lifecycle/frozen,type/enhancement,type/bug-fix" diff --git a/.github/workflows/ci.yml b/.github/workflows/unit_test.yaml similarity index 53% rename from .github/workflows/ci.yml rename to .github/workflows/unit_test.yaml index c8b34ab5e1..cd09cecefc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/unit_test.yaml @@ -1,30 +1,13 @@ -# This workflow defines the go and ui related jobs. -# -# First, we use [dorny/paths-filter@v2](https://github.com/dorny/paths-filter) to -# detect changes in go and ui related files, and then run the corresponding sub-jobs -# based on the changes. -# -# Please note that due to the GitHub required checks, the `go` and `ui` jobs -# also need to run to report the status. So here we need to define an additional -# "skip" file to ensure that the status is reported. For details, please refer to: -# -# - `ci_skip.yml` -# - https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks -name: ci +name: Units test on: - pull_request: - branches: - - master - - release-* + workflow_call: {} permissions: read-all jobs: - # JOB to run change detection changes: runs-on: ubuntu-20.04 - # Set job outputs to values from filter step outputs: go: ${{ steps.filter.outputs.go }} ui: ${{ steps.filter.outputs.ui }} @@ -49,38 +32,13 @@ jobs: strategy: fail-fast: false matrix: - arch: [amd64, arm64] job: - verify - - build - test - runs-on: ${{ fromJson('{"amd64":"ubuntu-20.04", "arm64":["self-hosted", "Linux", "ARM64"]}')[matrix.arch] }} + runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 - - - name: Build Chaos Mesh Build Env - env: - IMAGE_BUILD_ENV_BUILD: ${{ contains(github.event.pull_request.labels.*.name, 'rebuild-build-env-image') }} - run: | - if [ "${IMAGE_BUILD_ENV_BUILD}" = "true" ] ; then - export IMAGE_BUILD_ENV_BUILD=1; - else - export IMAGE_BUILD_ENV_BUILD=0; - fi - - make image-build-env - - - name: Build Chaos Mesh Dev Env - env: - IMAGE_DEV_ENV_BUILD: ${{ contains(github.event.pull_request.labels.*.name, 'rebuild-dev-env-image') }} - run: | - if [ "${IMAGE_DEV_ENV_BUILD}" = "true" ] ; then - export IMAGE_DEV_ENV_BUILD=1; - else - export IMAGE_DEV_ENV_BUILD=0; - fi - - make image-dev-env + - name: Checkout code + uses: actions/checkout@v2 - name: ${{ matrix.job }} env: @@ -90,14 +48,20 @@ jobs: make check echo "Please make check before creating a PR" git diff --quiet -- . || (git diff | cat && false) - elif [[ "$job" == "build" ]]; then - make image elif [[ "$job" == "test" ]]; then ROOT=$(pwd) KUBEBUILDER_ASSETS=${ROOT}/output/bin/kubebuilder/bin make test else make $job fi + + - name: Check coverage + if: ${{ matrix.job == 'test' }} + uses: codecov/codecov-action@v2 + with: + files: ./cover.out + verbose: true + ui: needs: changes if: ${{ needs.changes.outputs.ui == 'true' }} diff --git a/.github/workflows/upload_env_image.yml b/.github/workflows/upload_env_image.yml deleted file mode 100644 index 78ab6e876b..0000000000 --- a/.github/workflows/upload_env_image.yml +++ /dev/null @@ -1,116 +0,0 @@ -name: Upload Env Images - -on: - workflow_dispatch: {} - push: - paths: - - "images/build-env/Dockerfile" - - "images/dev-env/Dockerfile" - branches: - - master - - release-* - -permissions: read-all - -jobs: - build-specific-architecture: - permissions: - # https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#authenticating-to-package-registries-on-github - packages: write - runs-on: ubuntu-20.04 - strategy: - matrix: - arch: [amd64, arm64] - image: [dev, build] - outputs: - image_tag: ${{ steps.image_tag.outputs.image_tag }} - steps: - - uses: actions/checkout@v3 - - - name: Extract Image Tag - shell: bash - run: | - # we assume that both image tags of build-env and dev-env are same during this workflow - IMAGE_TAG=$(./hack/env-image-tag.sh build-env) - - echo "::set-output name=image_tag::$(echo $IMAGE_TAG)" - id: image_tag - - - name: Log in to GitHub Docker Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build Chaos Mesh Env - env: - IMAGE_TAG: ${{ steps.image_tag.outputs.image_tag }} - ARCH: ${{ matrix.arch }} - IMAGE: ${{ matrix.image }} - GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} - run: | - export IMAGE_${IMAGE^^}_ENV_BUILD=1 - export IMAGE_${IMAGE^^}_ENV_TAG=$IMAGE_TAG-$ARCH - - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - - # ${VAR,,} convert VAR to lower case - make -B \ - TARGET_PLATFORM=$ARCH \ - IMAGE_TAG=$IMAGE_TAG-$ARCH \ - image-$IMAGE-env - - - name: Upload Chaos Mesh Env - env: - IMAGE_TAG: ${{ steps.image_tag.outputs.image_tag }} - ARCH: ${{ matrix.arch }} - IMAGE: ${{ matrix.image }} - GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} - run: | - # ${VAR,,} convert VAR to lower case - docker push ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE-env:$IMAGE_TAG-$ARCH - - upload-manifest: - permissions: - # https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#authenticating-to-package-registries-on-github - packages: write - runs-on: ubuntu-20.04 - strategy: - matrix: - image: [dev, build] - needs: build-specific-architecture - steps: - - name: Build Chaos Mesh manifest - env: - IMAGE: ${{ matrix.image }} - IMAGE_TAG: ${{ needs.build-specific-architecture.outputs.image_tag }} - GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} - run: | - # ${VAR,,} convert VAR to lower case - docker manifest create ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE-env:$IMAGE_TAG \ - ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE-env:$IMAGE_TAG-amd64 \ - ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE-env:$IMAGE_TAG-arm64 - - docker manifest annotate ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE-env:$IMAGE_TAG \ - ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE-env:$IMAGE_TAG-amd64 \ - --os linux --arch amd64 - docker manifest annotate ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE-env:$IMAGE_TAG \ - ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE-env:$IMAGE_TAG-arm64 \ - --os linux --arch arm64 - - - name: Log in to GitHub Docker Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Upload Chaos Mesh Env - env: - IMAGE: ${{ matrix.image }} - IMAGE_TAG: ${{ needs.build-specific-architecture.outputs.image_tag }} - GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} - run: | - # ${VAR,,} convert VAR to lower case - docker manifest push ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE-env:$IMAGE_TAG diff --git a/.github/workflows/upload_image.yml b/.github/workflows/upload_image.yml deleted file mode 100644 index 0489b59ec4..0000000000 --- a/.github/workflows/upload_image.yml +++ /dev/null @@ -1,192 +0,0 @@ -name: Upload Image - -on: - workflow_dispatch: {} - schedule: - - cron: "0 0 * * 0" - release: - types: [published] - -permissions: read-all - -jobs: - build-specific-architecture: - permissions: - # https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#authenticating-to-package-registries-on-github - packages: write - strategy: - matrix: - arch: [amd64, arm64] - image: - [chaos-daemon, chaos-mesh, chaos-dashboard, chaos-kernel, chaos-dlv] - outputs: - image_tag: ${{ steps.image_tag.outputs.image_tag }} - runs-on: ${{ fromJson('{"amd64":"ubuntu-20.04", "arm64":["self-hosted", "Linux", "ARM64"]}')[matrix.arch] }} - steps: - - uses: actions/checkout@v3 - with: - # It requires all the tags and branches to generate the correct GitVersion with `hack/version.sh`. - fetch-depth: 0 - - - name: Extract Image Tag - id: image_tag - shell: bash - run: | - IMAGE_TAG=${GITHUB_REF##*/} - if [ "${IMAGE_TAG}" = "master" ] ; then - IMAGE_TAG=latest; - fi - - echo "::set-output name=image_tag::$(echo $IMAGE_TAG)" - - - name: Login to GitHub Container registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build Chaos Mesh - env: - IMAGE_TAG: ${{ steps.image_tag.outputs.image_tag }} - ARCH: ${{ matrix.arch }} - IMAGE: ${{ matrix.image }} - GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} - run: | - if [ "${IMAGE}" = "chaos-dashboard" ]; then - UI=1 - else - UI=0 - fi - # ${VAR,,} convert VAR to lower case - make -B \ - TARGET_PLATFORM=$ARCH \ - IMAGE_TAG=$IMAGE_TAG-$ARCH \ - IMAGE_DEV_ENV_BUILD=1 \ - IMAGE_BUILD_ENV_BUILD=1 \ - UI=$UI \ - image-$IMAGE - - - name: Upload Chaos Mesh - env: - IMAGE_TAG: ${{ steps.image_tag.outputs.image_tag }} - ARCH: ${{ matrix.arch }} - IMAGE: ${{ matrix.image }} - GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} - run: | - # ${VAR,,} convert VAR to lower case - docker push ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE:$IMAGE_TAG-$ARCH - - upload-manifest: - needs: build-specific-architecture - runs-on: ubuntu-20.04 - permissions: - # https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#authenticating-to-package-registries-on-github - packages: write - strategy: - matrix: - image: - [chaos-daemon, chaos-mesh, chaos-dashboard, chaos-kernel, chaos-dlv] - env: - IMAGE_TAG: ${{ needs.build-specific-architecture.outputs.image_tag }} - GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} - steps: - - name: Create the manifest list - env: - IMAGE: ${{ matrix.image }} - run: | - # ${VAR,,} convert VAR to lower case - docker manifest create ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE:$IMAGE_TAG \ - ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE:$IMAGE_TAG-amd64 \ - ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE:$IMAGE_TAG-arm64 - - docker manifest annotate ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE:$IMAGE_TAG \ - ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE:$IMAGE_TAG-amd64 \ - --os linux --arch amd64 - docker manifest annotate ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE:$IMAGE_TAG \ - ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE:$IMAGE_TAG-arm64 \ - --os linux --arch arm64 - - - name: Login to GitHub Container registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Push the manifest list - env: - IMAGE: ${{ matrix.image }} - run: | - # ${VAR,,} convert VAR to lower case - docker manifest push ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/$IMAGE:$IMAGE_TAG - - sign: - needs: - - build-specific-architecture - - upload-manifest - if: needs.build-specific-architecture.outputs.image_tag != 'latest' - runs-on: ubuntu-20.04 - permissions: - contents: write # Need to upload files to the related release. - # https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#authenticating-to-package-registries-on-github - packages: write - env: - IMAGE_TAG: ${{ needs.build-specific-architecture.outputs.image_tag }} - steps: - - name: Install cosign - uses: sigstore/cosign-installer@main - with: - cosign-release: "v1.13.1" - - name: Login to GitHub Container registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Sign Chaos Mesh Container images - env: - COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} - COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} - run: | - cosign sign --key env://COSIGN_PRIVATE_KEY ghcr.io/chaos-mesh/chaos-mesh:$IMAGE_TAG --output-signature ghcr.io-chaos-mesh-chaos-mesh-$IMAGE_TAG.sig - cosign sign --key env://COSIGN_PRIVATE_KEY ghcr.io/chaos-mesh/chaos-daemon:$IMAGE_TAG --output-signature ghcr.io-chaos-mesh-chaos-daemon-$IMAGE_TAG.sig - cosign sign --key env://COSIGN_PRIVATE_KEY ghcr.io/chaos-mesh/chaos-dashboard:$IMAGE_TAG --output-signature ghcr.io-chaos-mesh-chaos-dashboard-$IMAGE_TAG.sig - cosign sign --key env://COSIGN_PRIVATE_KEY ghcr.io/chaos-mesh/chaos-kernel:$IMAGE_TAG --output-signature ghcr.io-chaos-mesh-chaos-kernel-$IMAGE_TAG.sig - cosign public-key --key env://COSIGN_PRIVATE_KEY > cosign.pub - - name: Upload cosign.pub and sigs - uses: softprops/action-gh-release@v1 - with: - files: | - cosign.pub - ghcr.io-chaos-mesh-chaos-mesh-${{ needs.build-specific-architecture.outputs.image_tag }}.sig - ghcr.io-chaos-mesh-chaos-daemon-${{ needs.build-specific-architecture.outputs.image_tag }}.sig - ghcr.io-chaos-mesh-chaos-dashboard-${{ needs.build-specific-architecture.outputs.image_tag }}.sig - ghcr.io-chaos-mesh-chaos-kernel-${{ needs.build-specific-architecture.outputs.image_tag }}.sig - - sbom: - needs: build-specific-architecture - if: needs.build-specific-architecture.outputs.image_tag != 'latest' - runs-on: ubuntu-20.04 - permissions: - contents: write # Need to upload files to the related release. - env: - IMAGE_TAG: ${{ needs.build-specific-architecture.outputs.image_tag }} - steps: - - uses: actions/checkout@v3 - - - name: Set up Go - uses: actions/setup-go@v3 - with: - go-version: "1.19.7" - - - name: Install bom - run: go install sigs.k8s.io/bom/cmd/bom@latest - - - name: Generate SBOM - run: bom generate -n https://chaos-mesh.org/chaos-mesh.spdx -o chaos-mesh-$IMAGE_TAG-sbom.spdx . - - - name: Upload SBOM - uses: softprops/action-gh-release@v1 - with: - files: chaos-mesh-${{ needs.build-specific-architecture.outputs.image_tag }}-sbom.spdx diff --git a/.github/workflows/upload_image_pr.yml b/.github/workflows/upload_image_pr.yml deleted file mode 100644 index 938b602b66..0000000000 --- a/.github/workflows/upload_image_pr.yml +++ /dev/null @@ -1,94 +0,0 @@ -name: Upload Image for PR - -on: - issue_comment: - types: [created] - -permissions: read-all - -jobs: - build-for-pr: - runs-on: ubuntu-20.04 - if: ${{ github.event.issue.pull_request && startsWith( github.event.comment.body, '/build-image') }} - steps: - - uses: actions/checkout@v3 - - - name: Install jq - run: | - sudo apt-get install jq -y - - - name: Cache docker image and go - uses: actions/cache@v2 - with: - path: | - cache - key: chaos-mesh-build-${{ github.event.issue.number }} - - - name: Enable docker builder - run: | - DOCKER_CLI_EXPERIMENTAL=enabled docker buildx create --use --name chaos-mesh-builder - - - name: Build Chaos Mesh Build Env - env: - IMAGE_BUILD_ENV_BUILD: ${{ contains(github.event.pull_request.labels.*.name, 'rebuild-build-env-image') }} - run: | - if [ "${IMAGE_BUILD_ENV_BUILD}" = "true" ] ; then - export IMAGE_BUILD_ENV_BUILD=1; - else - export IMAGE_BUILD_ENV_BUILD=0; - fi - - make \ - DOCKER_CACHE=1 \ - DOCKER_CACHE_DIR=$GITHUB_WORKSPACE/cache \ - GO_BUILD_CACHE=$GITHUB_WORKSPACE/cache \ - image-build-env - - - name: Build Chaos Mesh Dev Env - env: - IMAGE_DEV_ENV_BUILD: ${{ contains(github.event.pull_request.labels.*.name, 'rebuild-dev-env-image') }} - run: | - if [ "${IMAGE_DEV_ENV_BUILD}" = "true" ] ; then - export IMAGE_DEV_ENV_BUILD=1; - else - export IMAGE_DEV_ENV_BUILD=0; - fi - - make \ - DOCKER_CACHE=1 \ - DOCKER_CACHE_DIR=$GITHUB_WORKSPACE/cache \ - GO_BUILD_CACHE=$GITHUB_WORKSPACE/cache \ - image-dev-env - - - name: Build Chaos Mesh - run: | - make \ - IMAGE_TAG=latest \ - UI=1 \ - DOCKER_CACHE=1 \ - DOCKER_CACHE_DIR=$GITHUB_WORKSPACE/cache \ - GO_BUILD_CACHE=$GITHUB_WORKSPACE/cache \ - image - - for IMAGE in "chaos-mesh" "chaos-daemon" "chaos-dashboard" - do - docker image save ghcr.io/chaos-mesh/$IMAGE > $IMAGE.tar - done - - - name: Upload Chaos Mesh Image to Artifacts - uses: actions/upload-artifact@v2 - with: - name: chaos-mesh-images - path: | - *.tar - - - name: Create comment - uses: peter-evans/create-or-update-comment@v1 - with: - issue-number: ${{ github.event.issue.number }} - body: | - You can download and import the image with following commands: - - ```bash - ./hack/download-image.sh -r ${{ github.repository }} -i ${{ github.run_id }} - ``` diff --git a/.github/workflows/upload_latest_files.yml b/.github/workflows/upload_latest_files.yml deleted file mode 100644 index 1e2fb3934a..0000000000 --- a/.github/workflows/upload_latest_files.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: Upload latest install related files to CDN - -on: - push: - branches: - - master - paths: - - install.sh - - manifests/crd.yaml - - examples/web-show/deploy.sh - - pkg/chaosctl/** - - cmd/chaosctl/** - - tools/schedule-migration/** - -permissions: read-all - -jobs: - run: - if: github.repository_owner == 'chaos-mesh' - name: Upload - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v3 - with: - # Must use at least depth 2! - fetch-depth: 2 - - - uses: actions/setup-python@v2 - - uses: actions/setup-go@v2 - with: - go-version: "1.19.7" - - name: Configure awscli - run: | - pip3 install awscli - printf "%s\n" ${{ secrets.AWS_ACCESS_KEY }} ${{ secrets.AWS_SECRET_KEY }} ${{ secrets.AWS_REGION }} "json" | aws configure - - - name: Build binary - run: | - make chaosctl - make schedule-migration - - - name: Upload files - run: | - GIT_TAG=${GITHUB_REF##*/} - if [[ "$GIT_TAG" == "master" ]]; then - GIT_TAG="latest" - fi - aws s3 cp install.sh ${{ secrets.AWS_BUCKET_NAME }}/${GIT_TAG}/install.sh - aws s3 cp manifests/crd.yaml ${{ secrets.AWS_BUCKET_NAME }}/${GIT_TAG}/crd.yaml - aws s3 cp examples/web-show/deploy.sh ${{ secrets.AWS_BUCKET_NAME }}/${GIT_TAG}/web-show/deploy.sh - aws s3 cp bin/chaosctl ${{ secrets.AWS_BUCKET_NAME }}/${GIT_TAG}/chaosctl - aws s3 cp bin/schedule-migration ${{ secrets.AWS_BUCKET_NAME }}/${GIT_TAG}/schedule-migration diff --git a/.github/workflows/upload_release_files.yml b/.github/workflows/upload_release_files.yml deleted file mode 100644 index 101994af9d..0000000000 --- a/.github/workflows/upload_release_files.yml +++ /dev/null @@ -1,66 +0,0 @@ -name: Upload tagged install related files to CDN - -on: - push: - tags: - - v* - -permissions: read-all - -jobs: - run: - name: Upload - runs-on: ubuntu-20.04 - steps: - - name: "Must Triggered by Tag v" - run: | - # GITHUB_REF_TYPE MUST equals to "tag" - if [ "${GITHUB_REF_TYPE}" != "tag" ]; then - echo "This workflow must be triggered by tag" - echo "GITHUB_REF_TYPE: ${GITHUB_REF_TYPE}" - echo "GITHUB_REF: ${GITHUB_REF}" - exit 1 - fi - - # The tag MUST start with "v" - GIT_TAG=${GITHUB_REF##*/} - if [[ "${GIT_TAG}" == "v"* ]]; then - exit 0 - fi - - echo "The tag must start with 'v'" - echo "GITHUB_REF: ${GITHUB_REF}" - exit 1 - - uses: actions/checkout@v3 - with: - # Must use at least depth 2! - fetch-depth: 2 - - - uses: actions/setup-python@v2 - - uses: actions/setup-go@v2 - with: - go-version: "1.19.7" - - name: Configure awscli - run: | - pip3 install awscli - printf "%s\n" ${{ secrets.AWS_ACCESS_KEY }} ${{ secrets.AWS_SECRET_KEY }} ${{ secrets.AWS_REGION }} "json" | aws configure - - - name: Build binary - run: | - make chaosctl - make schedule-migration.tar.gz - - - name: Update install.sh with Certain Version - run: | - GIT_TAG=${GITHUB_REF##*/} - VERSION=${GIT_TAG##chart-} - sed install.sh -i -e "s/^VERSION=.*/VERSION=${VERSION}/" - - - name: Upload files - run: | - GIT_TAG=${GITHUB_REF##*/} - aws s3 cp install.sh ${{ secrets.AWS_BUCKET_NAME }}/${GIT_TAG}/install.sh - aws s3 cp manifests/crd.yaml ${{ secrets.AWS_BUCKET_NAME }}/${GIT_TAG}/crd.yaml - aws s3 cp examples/web-show/deploy.sh ${{ secrets.AWS_BUCKET_NAME }}/${GIT_TAG}/web-show/deploy.sh - aws s3 cp bin/chaosctl ${{ secrets.AWS_BUCKET_NAME }}/${GIT_TAG}/chaosctl - aws s3 cp schedule-migration.tar.gz ${{ secrets.AWS_BUCKET_NAME }}/${GIT_TAG}/schedule-migration.tar.gz From 82df9b3f404ac677fc858933402d125b9bbaf295 Mon Sep 17 00:00:00 2001 From: Mike Tonks Date: Thu, 29 Jun 2023 09:17:12 +0100 Subject: [PATCH 16/27] chore: Add new Instance type to avoid overloading the AWSSelector Signed-off-by: Mike Tonks --- .../chaosimpl/awschaos/detachvolume/impl.go | 9 ++- .../chaosimpl/awschaos/ec2restart/impl.go | 5 +- .../chaosimpl/awschaos/ec2stop/impl.go | 9 ++- pkg/selector/aws/selector.go | 78 ++++++++++++------- pkg/selector/aws/selector_test.go | 2 +- 5 files changed, 64 insertions(+), 39 deletions(-) diff --git a/controllers/chaosimpl/awschaos/detachvolume/impl.go b/controllers/chaosimpl/awschaos/detachvolume/impl.go index e5f94e34d4..03dbfa585b 100644 --- a/controllers/chaosimpl/awschaos/detachvolume/impl.go +++ b/controllers/chaosimpl/awschaos/detachvolume/impl.go @@ -29,6 +29,7 @@ import ( "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" impltypes "github.com/chaos-mesh/chaos-mesh/controllers/chaosimpl/types" + selector "github.com/chaos-mesh/chaos-mesh/pkg/selector/aws" ) var _ impltypes.ChaosImpl = (*Impl)(nil) @@ -68,7 +69,7 @@ func (impl *Impl) Apply(ctx context.Context, index int, records []*v1alpha1.Reco } ec2client := ec2.NewFromConfig(cfg) - var selected v1alpha1.AWSSelector + var selected selector.Instance err = json.Unmarshal([]byte(records[index].Id), &selected) if err != nil { impl.Log.Error(err, "fail to unmarshal the selector") @@ -79,7 +80,7 @@ func (impl *Impl) Apply(ctx context.Context, index int, records []*v1alpha1.Reco VolumeId: selected.EbsVolume, Device: selected.DeviceName, Force: true, - InstanceId: &selected.Ec2Instance, + InstanceId: &selected.InstanceID, }) if err != nil { @@ -119,7 +120,7 @@ func (impl *Impl) Recover(ctx context.Context, index int, records []*v1alpha1.Re } ec2client := ec2.NewFromConfig(cfg) - var selected v1alpha1.AWSSelector + var selected selector.Instance err = json.Unmarshal([]byte(records[index].Id), &selected) if err != nil { impl.Log.Error(err, "fail to unmarshal the selector") @@ -128,7 +129,7 @@ func (impl *Impl) Recover(ctx context.Context, index int, records []*v1alpha1.Re _, err = ec2client.AttachVolume(context.TODO(), &ec2.AttachVolumeInput{ Device: selected.DeviceName, - InstanceId: &selected.Ec2Instance, + InstanceId: &selected.InstanceID, VolumeId: selected.EbsVolume, }) diff --git a/controllers/chaosimpl/awschaos/ec2restart/impl.go b/controllers/chaosimpl/awschaos/ec2restart/impl.go index 5f4a7ea99b..e2bf5d6a83 100644 --- a/controllers/chaosimpl/awschaos/ec2restart/impl.go +++ b/controllers/chaosimpl/awschaos/ec2restart/impl.go @@ -29,6 +29,7 @@ import ( "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" impltypes "github.com/chaos-mesh/chaos-mesh/controllers/chaosimpl/types" + selector "github.com/chaos-mesh/chaos-mesh/pkg/selector/aws" ) var _ impltypes.ChaosImpl = (*Impl)(nil) @@ -42,7 +43,7 @@ type Impl struct { func (impl *Impl) Apply(ctx context.Context, index int, records []*v1alpha1.Record, obj v1alpha1.InnerObject) (v1alpha1.Phase, error) { awschaos := obj.(*v1alpha1.AWSChaos) - var selected v1alpha1.AWSSelector + var selected selector.Instance err := json.Unmarshal([]byte(records[index].Id), &selected) if err != nil { impl.Log.Error(err, "fail to unmarshal the selector") @@ -77,7 +78,7 @@ func (impl *Impl) Apply(ctx context.Context, index int, records []*v1alpha1.Reco ec2client := ec2.NewFromConfig(cfg) _, err = ec2client.RebootInstances(context.TODO(), &ec2.RebootInstancesInput{ - InstanceIds: []string{selected.Ec2Instance}, + InstanceIds: []string{selected.InstanceID}, }) if err != nil { diff --git a/controllers/chaosimpl/awschaos/ec2stop/impl.go b/controllers/chaosimpl/awschaos/ec2stop/impl.go index 67df34c579..6bfc4c6e90 100644 --- a/controllers/chaosimpl/awschaos/ec2stop/impl.go +++ b/controllers/chaosimpl/awschaos/ec2stop/impl.go @@ -30,6 +30,7 @@ import ( "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" impltypes "github.com/chaos-mesh/chaos-mesh/controllers/chaosimpl/types" + selector "github.com/chaos-mesh/chaos-mesh/pkg/selector/aws" ) var _ impltypes.ChaosImpl = (*Impl)(nil) @@ -43,7 +44,7 @@ type Impl struct { func (impl *Impl) Apply(ctx context.Context, index int, records []*v1alpha1.Record, obj v1alpha1.InnerObject) (v1alpha1.Phase, error) { awschaos := obj.(*v1alpha1.AWSChaos) - var selected v1alpha1.AWSSelector + var selected selector.Instance err := json.Unmarshal([]byte(records[index].Id), &selected) if err != nil { impl.Log.Error(err, "fail to unmarshal the selector") @@ -84,7 +85,7 @@ func (impl *Impl) Apply(ctx context.Context, index int, records []*v1alpha1.Reco ec2client := ec2.NewFromConfig(cfg) _, err = ec2client.StopInstances(context.TODO(), &ec2.StopInstancesInput{ - InstanceIds: []string{selected.Ec2Instance}, + InstanceIds: []string{selected.InstanceID}, }) if err != nil { @@ -97,7 +98,7 @@ func (impl *Impl) Apply(ctx context.Context, index int, records []*v1alpha1.Reco func (impl *Impl) Recover(ctx context.Context, index int, records []*v1alpha1.Record, obj v1alpha1.InnerObject) (v1alpha1.Phase, error) { awschaos := obj.(*v1alpha1.AWSChaos) - var selected v1alpha1.AWSSelector + var selected selector.Instance err := json.Unmarshal([]byte(records[index].Id), &selected) if err != nil { impl.Log.Error(err, "fail to unmarshal the selector") @@ -137,7 +138,7 @@ func (impl *Impl) Recover(ctx context.Context, index int, records []*v1alpha1.Re ec2client := ec2.NewFromConfig(cfg) _, err = ec2client.StartInstances(context.TODO(), &ec2.StartInstancesInput{ - InstanceIds: []string{selected.Ec2Instance}, + InstanceIds: []string{selected.InstanceID}, }) if err != nil { diff --git a/pkg/selector/aws/selector.go b/pkg/selector/aws/selector.go index d07c2e38c8..f292bbaf6e 100644 --- a/pkg/selector/aws/selector.go +++ b/pkg/selector/aws/selector.go @@ -21,6 +21,7 @@ import ( "github.com/aws/aws-sdk-go-v2/aws" awscfg "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/credentials" "github.com/aws/aws-sdk-go-v2/service/ec2" ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" "github.com/chaos-mesh/chaos-mesh/api/v1alpha1" @@ -28,6 +29,8 @@ import ( "github.com/chaos-mesh/chaos-mesh/pkg/mock" "github.com/chaos-mesh/chaos-mesh/pkg/selector/generic" "go.uber.org/fx" + v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -41,13 +44,33 @@ type SelectImpl struct { generic.Option } -func (impl *SelectImpl) Select(ctx context.Context, awsSelector *v1alpha1.AWSSelector) ([]*v1alpha1.AWSSelector, error) { +type Instance struct { + InstanceID string + AWSRegion string + Endpoint *string + SecretName *string + EbsVolume *string + DeviceName *string +} + +func (instance *Instance) Id() string { + return instance.InstanceID +} + +func (impl *SelectImpl) Select(ctx context.Context, awsSelector *v1alpha1.AWSSelector) ([]*Instance, error) { if len(awsSelector.Filters) == 0 { - return []*v1alpha1.AWSSelector{awsSelector}, nil + return []*Instance{{ + InstanceID: awsSelector.Ec2Instance, + Endpoint: awsSelector.Endpoint, + AWSRegion: awsSelector.AWSRegion, + SecretName: awsSelector.SecretName, + EbsVolume: awsSelector.EbsVolume, + DeviceName: awsSelector.DeviceName, + }}, nil } // we have filters, so we should lookup the cloud resources - instances := []*v1alpha1.AWSSelector{} + instances := []*Instance{} ec2client, err := impl.newEc2Client(ctx, awsSelector) if err != nil { @@ -62,13 +85,13 @@ func (impl *SelectImpl) Select(ctx context.Context, awsSelector *v1alpha1.AWSSel } for _, r := range result.Reservations { // Set the Ec2Instance, and copy over the other attributes, except the filter - instances = append(instances, &v1alpha1.AWSSelector{ - Ec2Instance: *r.Instances[0].InstanceId, - Endpoint: awsSelector.Endpoint, - AWSRegion: awsSelector.AWSRegion, - SecretName: awsSelector.SecretName, - EbsVolume: awsSelector.EbsVolume, - DeviceName: awsSelector.DeviceName, + instances = append(instances, &Instance{ + InstanceID: *r.Instances[0].InstanceId, + Endpoint: awsSelector.Endpoint, + AWSRegion: awsSelector.AWSRegion, + SecretName: awsSelector.SecretName, + EbsVolume: awsSelector.EbsVolume, + DeviceName: awsSelector.DeviceName, }) } mode := awsSelector.Mode @@ -124,22 +147,21 @@ func (impl *SelectImpl) newEc2Client(ctx context.Context, awsSelector *v1alpha1. }))) } - // TODO How to get namespace for secret?? - // if awsSelector.SecretName != nil { - // secret := &v1.Secret{} - // err := impl.c.Get(ctx, types.NamespacedName{ - // Name: *awsSelector.SecretName, - // Namespace: impl.TargetNamespace, - // }, secret) - // if err != nil { - // return nil, fmt.Errorf("fail to get cloud secret: %w", err) - // } - // opts = append(opts, awscfg.WithCredentialsProvider(credentials.NewStaticCredentialsProvider( - // string(secret.Data["aws_access_key_id"]), - // string(secret.Data["aws_secret_access_key"]), - // "", - // ))) - // } + if awsSelector.SecretName != nil { + secret := &v1.Secret{} + err := impl.c.Get(ctx, types.NamespacedName{ + Name: *awsSelector.SecretName, + Namespace: impl.TargetNamespace, + }, secret) + if err != nil { + return nil, fmt.Errorf("fail to get cloud secret: %w", err) + } + opts = append(opts, awscfg.WithCredentialsProvider(credentials.NewStaticCredentialsProvider( + string(secret.Data["aws_access_key_id"]), + string(secret.Data["aws_secret_access_key"]), + "", + ))) + } cfg, err := awscfg.LoadDefaultConfig(ctx, opts...) if err != nil { @@ -149,13 +171,13 @@ func (impl *SelectImpl) newEc2Client(ctx context.Context, awsSelector *v1alpha1. } // filterInstancesByMode filters instances by mode from a list -func filterInstancesByMode(instances []*v1alpha1.AWSSelector, mode v1alpha1.SelectorMode, value string) ([]*v1alpha1.AWSSelector, error) { +func filterInstancesByMode(instances []*Instance, mode v1alpha1.SelectorMode, value string) ([]*Instance, error) { indexes, err := generic.FilterObjectsByMode(mode, value, len(instances)) if err != nil { return nil, err } - var filtered []*v1alpha1.AWSSelector + var filtered []*Instance for _, index := range indexes { index := index diff --git a/pkg/selector/aws/selector_test.go b/pkg/selector/aws/selector_test.go index 966e50ef7e..cba063aaca 100644 --- a/pkg/selector/aws/selector_test.go +++ b/pkg/selector/aws/selector_test.go @@ -72,7 +72,7 @@ func TestSelect(t *testing.T) { require.Len(t, result, 1) require.Subset(t, []string{"1111", "2222", "3333"}, - []string{result[0].(*v1alpha1.AWSSelector).Ec2Instance}, + []string{result[0].(*aws.Instance).InstanceID}, ) require.Equal(t, &ec2.DescribeInstancesInput{ Filters: []ec2types.Filter{{ From 48ebe2f7a615204fb2c7afe2bcb5e73c51955eed Mon Sep 17 00:00:00 2001 From: Andrius Navasaitis Date: Thu, 6 Jul 2023 13:22:03 +0100 Subject: [PATCH 17/27] fix: remove hardcoded tag version from release comment Removes hardcoded tag version in the release comment --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2a8b83e3a5..9565e7244f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -81,7 +81,7 @@ jobs: repo: context.repo.repo, body: `### Created new release based on commit https://github.com/${{ github.repository }}/pull/${{ github.event.number }}/commits/${{github.sha}} - **Release tag**: v2.6.1-f3-c64ec-builder + **Release tag**: ${{ needs.calculate-tag.outputs.tag }} [**Link to release**](https://github.com/${{ github.repository }}/releases/tag/${{ needs.calculate-tag.outputs.tag }})` }) From 843b8266c9bd015f5ef03f485219e8809067ec0a Mon Sep 17 00:00:00 2001 From: Andrius Navasaitis Date: Thu, 6 Jul 2023 15:30:13 +0100 Subject: [PATCH 18/27] feat: extends Task with additional PodSpec fields Adds the following fields from the corev1.PodSpec in order to make the task pod more configurable: * RestartPolicy * RestartPolicy * ActiveDeadlineSeconds * NodeSelector * ServiceAccountName * AutomountServiceAccountToken * SecurityContext * ImagePullSecrets * Affinity * Tolerations * TopologySpreadConstraints --- .github/.licenserc.yaml | 1 + api/v1alpha1/workflow_types.go | 59 +- api/v1alpha1/zz_generated.deepcopy.go | 51 + .../crd/bases/chaos-mesh.org_schedules.yaml | 1451 ++- .../bases/chaos-mesh.org_workflownodes.yaml | 3483 ++++- .../crd/bases/chaos-mesh.org_workflows.yaml | 1366 +- .../crds/chaos-mesh.org_schedules.yaml | 1451 ++- .../crds/chaos-mesh.org_workflownodes.yaml | 3483 ++++- .../crds/chaos-mesh.org_workflows.yaml | 1366 +- manifests/crd.yaml | 10670 ++++++++++++---- pkg/dashboard/swaggerdocs/docs.go | 355 +- pkg/dashboard/swaggerdocs/swagger.json | 355 +- pkg/dashboard/swaggerdocs/swagger.yaml | 548 +- pkg/workflow/task/pod.go | 21 +- 14 files changed, 21495 insertions(+), 3165 deletions(-) diff --git a/.github/.licenserc.yaml b/.github/.licenserc.yaml index d02b432401..92ed8ad008 100644 --- a/.github/.licenserc.yaml +++ b/.github/.licenserc.yaml @@ -13,6 +13,7 @@ header: - '**/*.json' - '**/*.log' - 'vendor/**' + - 'api/vendor/**' - '**/go.mod' - '**/go.sum' - '**/*.crt' diff --git a/api/v1alpha1/workflow_types.go b/api/v1alpha1/workflow_types.go index 932304e400..5bcd7e3e7e 100644 --- a/api/v1alpha1/workflow_types.go +++ b/api/v1alpha1/workflow_types.go @@ -158,12 +158,63 @@ type Task struct { // Container is the main container image to run in the pod Container *corev1.Container `json:"container,omitempty"` - // Volumes is a list of volumes that can be mounted by containers in a template. - // +patchStrategy=merge + // +optional // +patchMergeKey=name - Volumes []corev1.Volume `json:"volumes,omitempty" patchStrategy:"merge" patchMergeKey:"name"` + // +patchStrategy=merge,retainKeys + Volumes []corev1.Volume `json:"volumes,omitempty" patchStrategy:"merge,retainKeys" patchMergeKey:"name"` + + // +optional + TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty"` + + // +optional + ActiveDeadlineSeconds *int64 `json:"activeDeadlineSeconds,omitempty"` + + // +optional + // +mapType=atomic + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + + // +optional + ServiceAccountName string `json:"serviceAccountName,omitempty"` + + // +optional + AutomountServiceAccountToken *bool `json:"automountServiceAccountToken,omitempty"` + + // +optional + SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"` - // TODO: maybe we could specify parameters in other ways, like loading context from file + // +optional + // +patchMergeKey=name + // +patchStrategy=merge + ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name"` + + // +optional + Affinity *corev1.Affinity `json:"affinity,omitempty"` + + // +optional + Tolerations []corev1.Toleration `json:"tolerations,omitempty"` + + // +optional + // +patchMergeKey=topologyKey + // +patchStrategy=merge + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty" patchStrategy:"merge" patchMergeKey:"topologyKey"` +} + +func (t *Task) PodSpec() corev1.PodSpec { + return corev1.PodSpec{ + Volumes: t.Volumes, + TerminationGracePeriodSeconds: t.TerminationGracePeriodSeconds, + ActiveDeadlineSeconds: t.ActiveDeadlineSeconds, + NodeSelector: t.NodeSelector, + ServiceAccountName: t.ServiceAccountName, + AutomountServiceAccountToken: t.AutomountServiceAccountToken, + SecurityContext: t.SecurityContext, + ImagePullSecrets: t.ImagePullSecrets, + Affinity: t.Affinity, + TopologySpreadConstraints: t.TopologySpreadConstraints, + } } // +kubebuilder:object:root=true diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 83804288d3..46ded1b868 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -4707,6 +4707,57 @@ func (in *Task) DeepCopyInto(out *Task) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TerminationGracePeriodSeconds != nil { + in, out := &in.TerminationGracePeriodSeconds, &out.TerminationGracePeriodSeconds + *out = new(int64) + **out = **in + } + if in.ActiveDeadlineSeconds != nil { + in, out := &in.ActiveDeadlineSeconds, &out.ActiveDeadlineSeconds + *out = new(int64) + **out = **in + } + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.AutomountServiceAccountToken != nil { + in, out := &in.AutomountServiceAccountToken, &out.AutomountServiceAccountToken + *out = new(bool) + **out = **in + } + if in.SecurityContext != nil { + in, out := &in.SecurityContext, &out.SecurityContext + *out = new(v1.PodSecurityContext) + (*in).DeepCopyInto(*out) + } + if in.ImagePullSecrets != nil { + in, out := &in.ImagePullSecrets, &out.ImagePullSecrets + *out = make([]v1.LocalObjectReference, len(*in)) + copy(*out, *in) + } + if in.Affinity != nil { + in, out := &in.Affinity, &out.Affinity + *out = new(v1.Affinity) + (*in).DeepCopyInto(*out) + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Task. diff --git a/config/crd/bases/chaos-mesh.org_schedules.yaml b/config/crd/bases/chaos-mesh.org_schedules.yaml index 4484488d9b..47a8f398e2 100644 --- a/config/crd/bases/chaos-mesh.org_schedules.yaml +++ b/config/crd/bases/chaos-mesh.org_schedules.yaml @@ -10247,6 +10247,988 @@ spec: description: Task describes the behavior of the custom task. Only used when Type is TypeTask. properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + description: Affinity is a group of affinity scheduling + rules. + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most + preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit weight + 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to an update), the + system may or may not try to eventually evict + the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to a pod label update), + the system may or may not try to eventually + evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it + may choose a node that violates one or more + of the expressions. The node that is most + preferred is the one with the greatest sum + of weights, i.e. for each node that meets + all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the + node. If the anti-affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod label + update), the system may or may not try to + eventually evict the pod from its node. When + there are multiple elements, the lists of + nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean container: description: Container is the main container image to run in the pod @@ -11617,9 +12599,474 @@ spec: required: - name type: object + imagePullSecrets: + items: + description: LocalObjectReference contains enough + information to let you locate the referenced object + inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + type: array + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + securityContext: + description: PodSecurityContext holds pod-level security + attributes and common container settings. Some fields + are also present in container.securityContext. Field + values of container.securityContext take precedence + over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that + applies to all containers in a pod. Some volume + types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The + owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be + owned by FSGroup) 3. The permission bits are OR'd + with rw-rw---- \n If unset, the Kubelet will not + modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name + is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior + of changing ownership and permission of the volume + before being exposed inside Pod. This field will + only apply to volume types which support fsGroup + based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name + is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence + for that container. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + all containers. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot + be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set + when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file + on the node should be used. RuntimeDefault + - the container runtime default profile should + be used. Unconfined - no profile should be + applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first + process run in each container, in addition to + the container's primary GID, the fsGroup (if specified), + and group memberships defined in the container + image for the uid of the container process. If + unspecified, no additional groups are added to + any container. Note that group memberships defined + in the container image for the uid of the container + process are still effective, even if they are + not included in this list. Note that this field + cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls + (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name + is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be + honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. Defaults + to the user specified in image metadata if + unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + serviceAccountName: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + description: The pod this Toleration is attached to + tolerates any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must be + of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever + (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are + counted to determine the number of pods in their + corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select the pods over which spreading + will be calculated. The keys are used to lookup + values from the incoming pod labels, those key-value + labels are ANDed with labelSelector to select + the group of existing pods over which spreading + will be calculated for the incoming pod. Keys + that don't exist in the incoming pod labels + will be ignored. A null or empty list means + only match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to + which pods may be unevenly distributed. When + `whenUnsatisfiable=DoNotSchedule`, it is the + maximum permitted difference between the number + of matching pods in the target topology and + the global minimum. The global minimum is the + minimum number of matching pods in an eligible + domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 2/2/1: In this + case, the global minimum is 1. | zone1 | zone2 + | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number + of eligible domains. When the number of eligible + domains with matching topology keys is less + than minDomains, Pod Topology Spread treats + \"global minimum\" as 0, and then the calculation + of Skew is performed. And when the number of + eligible domains with matching topology keys + equals or greater than minDomains, this value + has no effect on scheduling. As a result, when + the number of eligible domains is less than + minDomains, scheduler won't schedule more than + maxSkew Pods to those domains. If value is nil, + the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than + 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a + 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 | | + \ P P | P P | P P | The number of domains + is less than 5(MinDomains), so \"global minimum\" + is treated as 0. In this situation, new pod + with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new + Pod is scheduled to any of the three zones, + it will violate MaxSkew. \n This is a beta field + and requires the MinDomainsInPodTopologySpread + feature gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how + we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options + are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: + nodeAffinity/nodeSelector are ignored. All nodes + are included in the calculations. \n If this + value is nil, the behavior is equivalent to + the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we + will treat node taints when calculating pod + topology spread skew. Options are: - Honor: + nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, + are included. - Ignore: node taints are ignored. + All nodes are included. \n If this value is + nil, the behavior is equivalent to the Ignore + policy. This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", + and try to put balanced number of pods into + each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible + domain as a domain whose nodes meet the requirements + of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, + if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's + a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how + to deal with a pod if it doesn''t satisfy the + spread constraint. - DoNotSchedule (default) + tells the scheduler not to schedule it. - ScheduleAnyway + tells the scheduler to schedule the pod in any + location, but giving higher precedence to + topologies that would help reduce the skew. + A constraint is considered "Unsatisfiable" for + an incoming pod if and only if every possible + node assignment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: | zone1 | zone2 + | zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only + be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can + still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map volumes: - description: Volumes is a list of volumes that can be - mounted by containers in a template. items: description: Volume represents a named volume in a pod that may be accessed by any container in the diff --git a/config/crd/bases/chaos-mesh.org_workflownodes.yaml b/config/crd/bases/chaos-mesh.org_workflownodes.yaml index 78b5f9fdca..e36de20b8a 100644 --- a/config/crd/bases/chaos-mesh.org_workflownodes.yaml +++ b/config/crd/bases/chaos-mesh.org_workflownodes.yaml @@ -13433,234 +13433,1321 @@ spec: description: Task describes the behavior of the custom task. Only used when Type is TypeTask. properties: - container: - description: Container is the main container image - to run in the pod + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + description: Affinity is a group of affinity scheduling + rules. properties: - args: - description: 'Arguments to the entrypoint. The - container image''s CMD is used if this is - not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed - within a shell. The container image''s ENTRYPOINT - is used if this is not provided. Variable - references $(VAR_NAME) are expanded using - the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to - set in the container. Cannot be updated. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with + the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a + sum by iterating through the elements + of this field and adding "weight" to the + sum if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no + objects (i.e. is also a no-op). properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its key must be - defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified API - version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + preference: + description: A node selector term, + associated with the corresponding + weight. properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array type: object - secretKeyRef: - description: Selects a key of a secret - in the pod's namespace + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to an update), the system may or may + not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. All - invalid keys will be reported as an event - when the container is starting. When a key - exists in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the - source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - prefix: - description: An optional identifier to - prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with + the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a + sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches + the corresponding podAffinityTerm; the + node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - must be defined - type: boolean - type: object - type: object - type: array - image: - description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override container - images in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always if - :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is + applied to the union of the + namespaces selected by this + field and the ones listed in + the namespaces field. null selector + and null or empty namespaces + list means "this pod's namespace". + An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union + of the namespaces listed in + this field and the ones selected + by namespaceSelector. null or + empty namespaces list and null + namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there are + multiple elements, the lists of nodes + corresponding to each podAffinityTerm + are intersected, i.e. all terms must be + satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by + this field, but it may choose a node that + violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of the + scheduling requirements (resource request, + requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and + adding "weight" to the sum if the node + has pods which matches the corresponding + podAffinityTerm; the node(s) with the + highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is + applied to the union of the + namespaces selected by this + field and the ones listed in + the namespaces field. null selector + and null or empty namespaces + list means "this pod's namespace". + An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union + of the namespaces listed in + this field and the ones selected + by namespaceSelector. null or + empty namespaces list and null + namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there are + multiple elements, the lists of nodes + corresponding to each podAffinityTerm + are intersected, i.e. all terms must be + satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + container: + description: Container is the main container image + to run in the pod + properties: + args: + description: 'Arguments to the entrypoint. The + container image''s CMD is used if this is + not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed + within a shell. The container image''s ENTRYPOINT + is used if this is not provided. Variable + references $(VAR_NAME) are expanded using + the container''s environment. If a variable + cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to + a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if + value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined + within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event + when the container is starting. When a key + exists in multiple sources, the value associated + with the last source will take precedence. + Values defined by an Env with a duplicate + key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the + source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to + prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level + config management to default or override container + images in workload controllers like Deployments + and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, + Never, IfNotPresent. Defaults to Always if + :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string lifecycle: description: Actions that the management system should take in response to container lifecycle @@ -14871,19 +15958,511 @@ spec: - mountPath - name type: object - type: array - workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might be configured - in the container image. Cannot be updated. - type: string - required: - - name - type: object + type: array + workingDir: + description: Container's working directory. + If not specified, the container runtime's + default will be used, which might be configured + in the container image. Cannot be updated. + type: string + required: + - name + type: object + imagePullSecrets: + items: + description: LocalObjectReference contains enough + information to let you locate the referenced + object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + type: array + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + securityContext: + description: PodSecurityContext holds pod-level + security attributes and common container settings. + Some fields are also present in container.securityContext. Field + values of container.securityContext take precedence + over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that + applies to all containers in a pod. Some volume + types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n + 1. The owning GID will be the FSGroup 2. The + setgid bit is set (new files created in the + volume will be owned by FSGroup) 3. The permission + bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership + and permissions of any volume. Note that this + field cannot be set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior + of changing ownership and permission of the + volume before being exposed inside Pod. This + field will only apply to volume types which + support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume + types such as: secret, configmaps and emptydir. + Valid values are "OnRootMismatch" and "Always". + If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name + is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of + the container process. Uses runtime default + if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must + run as a non-root user. If true, the Kubelet + will validate the image at runtime to ensure + that it does not run as UID 0 (root) and fail + to start the container if it does. If unset + or false, no such validation will be performed. + May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of + the container process. Defaults to user specified + in image metadata if unspecified. May also + be set in SecurityContext. If set in both + SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence + for that container. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to all containers. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the + containers in this pod. Note that this field + cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile defined in a file on the node + should be used. The profile must be preconfigured + on the node to work. Must be a descending + path, relative to the kubelet's configured + seccomp profile location. Must only be + set if type is "Localhost". + type: string + type: + description: "type indicates which kind + of seccomp profile will be applied. Valid + options are: \n Localhost - a profile + defined in a file on the node should be + used. RuntimeDefault - the container runtime + default profile should be used. Unconfined + - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the + first process run in each container, in addition + to the container's primary GID, the fsGroup + (if specified), and group memberships defined + in the container image for the uid of the + container process. If unspecified, no additional + groups are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are not + included in this list. Note that this field + cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced + sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail + to launch. Note that this field cannot be + set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + within a container's SecurityContext will + be used. If set in both SecurityContext and + PodSecurityContext, the value specified in + SecurityContext takes precedence. Note that + this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a + container should be run as a 'Host Process' + container. This field is alpha-level and + will only be honored by components that + enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed to + have a mix of HostProcess containers and + non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to + run the entrypoint of the container process. + Defaults to the user specified in image + metadata if unspecified. May also be set + in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the + toleration applies to. Empty means match + all taint keys. If the key is empty, operator + must be Exists; this combination means to + match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists + and Equal. Defaults to Equal. Exists is + equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By + default, it is not set, which means tolerate + the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the + toleration matches to. If the operator is + Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + items: + description: TopologySpreadConstraint specifies + how to spread matching pods among the given + topology. + properties: + labelSelector: + description: LabelSelector is used to find + matching pods. Pods that match this label + selector are counted to determine the number + of pods in their corresponding topology + domain. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + matchLabelKeys: + description: MatchLabelKeys is a set of pod + label keys to select the pods over which + spreading will be calculated. The keys are + used to lookup values from the incoming + pod labels, those key-value labels are ANDed + with labelSelector to select the group of + existing pods over which spreading will + be calculated for the incoming pod. Keys + that don't exist in the incoming pod labels + will be ignored. A null or empty list means + only match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree + to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between + the number of matching pods in the target + topology and the global minimum. The global + minimum is the minimum number of matching + pods in an eligible domain or zero if the + number of eligible domains is less than + MinDomains. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: In this case, + the global minimum is 1. | zone1 | zone2 + | zone3 | | P P | P P | P | - if + MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 2/2/2; scheduling it + onto zone1(zone2) would make the ActualSkew(3-1) + on zone1(zone2) violate MaxSkew(1). - if + MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to + topologies that satisfy it. It''s a required + field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum + number of eligible domains. When the number + of eligible domains with matching topology + keys is less than minDomains, Pod Topology + Spread treats \"global minimum\" as 0, and + then the calculation of Skew is performed. + And when the number of eligible domains + with matching topology keys equals or greater + than minDomains, this value has no effect + on scheduling. As a result, when the number + of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew + Pods to those domains. If value is nil, + the constraint behaves as if MinDomains + is equal to 1. Valid values are integers + greater than 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in + a 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 + | | P P | P P | P P | The number of + domains is less than 5(MinDomains), so \"global + minimum\" is treated as 0. In this situation, + new pod with the same labelSelector cannot + be scheduled, because computed skew will + be 3(3 - 0) if new Pod is scheduled to any + of the three zones, it will violate MaxSkew. + \n This is a beta field and requires the + MinDomainsInPodTopologySpread feature gate + to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates + how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. + Options are: - Honor: only nodes matching + nodeAffinity/nodeSelector are included in + the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the + calculations. \n If this value is nil, the + behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how + we will treat node taints when calculating + pod topology spread skew. Options are: - + Honor: nodes without taints, along with + tainted nodes for which the incoming pod + has a toleration, are included. - Ignore: + node taints are ignored. All nodes are included. + \n If this value is nil, the behavior is + equivalent to the Ignore policy. This is + a beta-level feature default enabled by + the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node + labels. Nodes that have a label with this + key and identical values are considered + to be in the same topology. We consider + each as a "bucket", and try + to put balanced number of pods into each + bucket. We define a domain as a particular + instance of a topology. Also, we define + an eligible domain as a domain whose nodes + meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey + is "kubernetes.io/hostname", each Node is + a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone + is a domain of that topology. It's a required + field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates + how to deal with a pod if it doesn''t satisfy + the spread constraint. - DoNotSchedule (default) + tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to + schedule the pod in any location, but + giving higher precedence to topologies that + would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming + pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on + some topology. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, + incoming pod can only be scheduled to zone2(zone3) + to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In + other words, the cluster can still be imbalanced, + but scheduler won''t make it *more* imbalanced. + It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map volumes: - description: Volumes is a list of volumes that can - be mounted by containers in a template. items: description: Volume represents a named volume in a pod that may be accessed by any container @@ -17198,93 +18777,955 @@ spec: that used to select pods. The key defines the namespace which pods belong, and the each values is a set of pod names. type: object - type: object - stressngStressors: - description: StressngStressors defines plenty of stressors just - like `Stressors` except that it's an experimental feature and - more powerful. You can define stressors in `stress-ng` (see - also `man stress-ng`) dialect, however not all of the supported - stressors are well tested. It maybe retired in later releases. - You should always use `Stressors` to define the stressors and - use this only when you want more stressors unsupported by `Stressors`. - When both `StressngStressors` and `Stressors` are defined, `StressngStressors` - wins. - type: string - stressors: - description: Stressors defines plenty of stressors supported to - stress system components out. You can use one or more of them - to make up various kinds of stresses. At least one of the stressors - should be specified. - properties: - cpu: - description: CPUStressor stresses CPU out + type: object + stressngStressors: + description: StressngStressors defines plenty of stressors just + like `Stressors` except that it's an experimental feature and + more powerful. You can define stressors in `stress-ng` (see + also `man stress-ng`) dialect, however not all of the supported + stressors are well tested. It maybe retired in later releases. + You should always use `Stressors` to define the stressors and + use this only when you want more stressors unsupported by `Stressors`. + When both `StressngStressors` and `Stressors` are defined, `StressngStressors` + wins. + type: string + stressors: + description: Stressors defines plenty of stressors supported to + stress system components out. You can use one or more of them + to make up various kinds of stresses. At least one of the stressors + should be specified. + properties: + cpu: + description: CPUStressor stresses CPU out + properties: + load: + description: Load specifies P percent loading per CPU + worker. 0 is effectively a sleep (no load) and 100 is + full loading. + maximum: 100 + minimum: 0 + type: integer + options: + description: extend stress-ng options + items: + type: string + type: array + workers: + description: Workers specifies N workers to apply the + stressor. Maximum 8192 workers can run by stress-ng + maximum: 8192 + type: integer + required: + - workers + type: object + memory: + description: MemoryStressor stresses virtual memory out + properties: + oomScoreAdj: + default: 0 + description: OOMScoreAdj sets the oom_score_adj of the + stress process. See `man 5 proc` to know more about + this option. + maximum: 1000 + minimum: -1000 + type: integer + options: + description: extend stress-ng options + items: + type: string + type: array + size: + description: Size specifies N bytes consumed per vm worker, + default is the total available memory. One can specify + the size as % of total available memory or in units + of B, KB/KiB, MB/MiB, GB/GiB, TB/TiB. + type: string + workers: + description: Workers specifies N workers to apply the + stressor. Maximum 8192 workers can run by stress-ng + maximum: 8192 + type: integer + required: + - workers + type: object + type: object + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. If `FixedPercentMode`, + provide a number from 0-100 to specify the percent of pods the + server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of pods to do + chaos action + type: string + required: + - mode + - selector + type: object + task: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + description: Affinity is a group of affinity scheduling rules. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). properties: - load: - description: Load specifies P percent loading per CPU - worker. 0 is effectively a sleep (no load) and 100 is - full loading. - maximum: 100 - minimum: 0 - type: integer - options: - description: extend stress-ng options + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. items: - type: string + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object type: array - workers: - description: Workers specifies N workers to apply the - stressor. Maximum 8192 workers can run by stress-ng - maximum: 8192 - type: integer - required: - - workers - type: object - memory: - description: MemoryStressor stresses virtual memory out - properties: - oomScoreAdj: - default: 0 - description: OOMScoreAdj sets the oom_score_adj of the - stress process. See `man 5 proc` to know more about - this option. - maximum: 1000 - minimum: -1000 - type: integer - options: - description: extend stress-ng options + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. items: - type: string + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object type: array - size: - description: Size specifies N bytes consumed per vm worker, - default is the total available memory. One can specify - the size as % of total available memory or in units - of B, KB/KiB, MB/MiB, GB/GiB, TB/TiB. - type: string - workers: - description: Workers specifies N workers to apply the - stressor. Maximum 8192 workers can run by stress-ng - maximum: 8192 - type: integer - required: - - workers type: object type: object - value: - description: Value is required when the mode is set to `FixedMode` - / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, - provide an integer of pods to do chaos action. If `FixedPercentMode`, - provide a number from 0-100 to specify the percent of pods the - server can do chaos action. IF `RandomMaxPercentMode`, provide - a number from 0-100 to specify the max percent of pods to do - chaos action - type: string - required: - - mode - - selector - type: object - task: - properties: + automountServiceAccountToken: + type: boolean container: description: Container is the main container image to run in the pod @@ -18536,9 +20977,421 @@ spec: required: - name type: object + imagePullSecrets: + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + securityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot be + set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is + windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID, the fsGroup (if specified), and group memberships defined + in the container image for the uid of the container process. + If unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image + for the uid of the container process are still effective, + even if they are not included in this list. Note that this + field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to + select the pods over which spreading will be calculated. + The keys are used to lookup values from the incoming pod + labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading + will be calculated for the incoming pod. Keys that don't + exist in the incoming pod labels will be ignored. A null + or empty list means only match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. The global minimum is the minimum number of matching + pods in an eligible domain or zero if the number of eligible + domains is less than MinDomains. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | | P P | P P | P | - + if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that + satisfy it. It''s a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number of eligible + domains. When the number of eligible domains with matching + topology keys is less than minDomains, Pod Topology Spread + treats \"global minimum\" as 0, and then the calculation + of Skew is performed. And when the number of eligible + domains with matching topology keys equals or greater + than minDomains, this value has no effect on scheduling. + As a result, when the number of eligible domains is less + than minDomains, scheduler won't schedule more than maxSkew + Pods to those domains. If value is nil, the constraint + behaves as if MinDomains is equal to 1. Valid values are + integers greater than 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a 3-zone cluster, + MaxSkew is set to 2, MinDomains is set to 5 and pods with + the same labelSelector spread as 2/2/2: | zone1 | zone2 + | zone3 | | P P | P P | P P | The number of domains + is less than 5(MinDomains), so \"global minimum\" is treated + as 0. In this situation, new pod with the same labelSelector + cannot be scheduled, because computed skew will be 3(3 + - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. \n This is a beta field and requires + the MinDomainsInPodTopologySpread feature gate to be enabled + (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat + Pod's nodeAffinity/nodeSelector when calculating pod topology + spread skew. Options are: - Honor: only nodes matching + nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes + are included in the calculations. \n If this value is + nil, the behavior is equivalent to the Honor policy. This + is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat + node taints when calculating pod topology spread skew. + Options are: - Honor: nodes without taints, along with + tainted nodes for which the incoming pod has a toleration, + are included. - Ignore: node taints are ignored. All nodes + are included. \n If this value is nil, the behavior is + equivalent to the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible domain + as a domain whose nodes meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain + of that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it. - ScheduleAnyway tells the scheduler to schedule the + pod in any location, but giving higher precedence to + topologies that would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming pod if and + only if every possible node assignment for that pod would + violate "MaxSkew" on some topology. For example, in a + 3-zone cluster, MaxSkew is set to 1, and pods with the + same labelSelector spread as 3/1/1: | zone1 | zone2 | + zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, + the cluster can still be imbalanced, but scheduler won''t + make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map volumes: - description: Volumes is a list of volumes that can be mounted - by containers in a template. items: description: Volume represents a named volume in a pod that may be accessed by any container in the pod. diff --git a/config/crd/bases/chaos-mesh.org_workflows.yaml b/config/crd/bases/chaos-mesh.org_workflows.yaml index acca343164..e1bb1c583c 100644 --- a/config/crd/bases/chaos-mesh.org_workflows.yaml +++ b/config/crd/bases/chaos-mesh.org_workflows.yaml @@ -6818,6 +6818,927 @@ spec: description: Task describes the behavior of the custom task. Only used when Type is TypeTask. properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + description: Affinity is a group of affinity scheduling + rules. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node matches the corresponding + matchExpressions; the node(s) with the highest + sum are the most preferred. + items: + description: An empty preferred scheduling term + matches all objects with implicit weight 0 (i.e. + it's a no-op). A null preferred scheduling term + matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to an update), the system may or may + not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may + or may not try to eventually evict the pod from + its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of + namespaces that the term applies to. The + term is applied to the union of the namespaces + selected by this field and the ones listed + in the namespaces field. null selector and + null or empty namespaces list means "this + pod's namespace". An empty selector ({}) + matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the anti-affinity requirements specified by this + field cease to be met at some point during pod + execution (e.g. due to a pod label update), the + system may or may not try to eventually evict + the pod from its node. When there are multiple + elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of + namespaces that the term applies to. The + term is applied to the union of the namespaces + selected by this field and the ones listed + in the namespaces field. null selector and + null or empty namespaces list means "this + pod's namespace". An empty selector ({}) + matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean container: description: Container is the main container image to run in the pod @@ -8128,9 +9049,450 @@ spec: required: - name type: object + imagePullSecrets: + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same + namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + type: array + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + securityContext: + description: PodSecurityContext holds pod-level security + attributes and common container settings. Some fields + are also present in container.securityContext. Field + values of container.securityContext take precedence over + field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies + to all containers in a pod. Some volume types allow + the Kubelet to change the ownership of that volume + to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files + created in the volume will be owned by FSGroup) 3. + The permission bits are OR'd with rw-rw---- \n If + unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot + be set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of + changing ownership and permission of the volume before + being exposed inside Pod. This field will only apply + to volume types which support fsGroup based ownership(and + permissions). It will have no effect on ephemeral + volume types such as: secret, configmaps and emptydir. + Valid values are "OnRootMismatch" and "Always". If + not specified, "Always" is used. Note that this field + cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if + it does. If unset or false, no such validation will + be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be + set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all + containers. If unspecified, the container runtime + will allocate a random SELinux context for each container. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when + spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative to + the kubelet's configured seccomp profile location. + Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: \n + Localhost - a profile defined in a file on the + node should be used. RuntimeDefault - the container + runtime default profile should be used. Unconfined + - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's + primary GID, the fsGroup (if specified), and group + memberships defined in the container image for the + uid of the container process. If unspecified, no additional + groups are added to any container. Note that group + memberships defined in the container image for the + uid of the container process are still effective, + even if they are not included in this list. Note that + this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls (by + the container runtime) might fail to launch. Note + that this field cannot be set when spec.os.name is + windows. + items: + description: Sysctl defines a kernel parameter to + be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options within + a container's SecurityContext will be used. If set + in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. This + field is alpha-level and will only be honored + by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature + flag will result in errors when validating the + Pod. All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true + then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. Defaults + to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to + match. Empty means match all taint effects. When + specified, allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If + the key is empty, operator must be Exists; this + combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect + NoExecute, otherwise this field is ignored) tolerates + the taint. By default, it is not set, which means + tolerate the taint forever (do not evict). Zero + and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + items: + description: TopologySpreadConstraint specifies how to + spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are counted + to determine the number of pods in their corresponding + topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select the pods over which spreading will + be calculated. The keys are used to lookup values + from the incoming pod labels, those key-value labels + are ANDed with labelSelector to select the group + of existing pods over which spreading will be calculated + for the incoming pod. Keys that don't exist in the + incoming pod labels will be ignored. A null or empty + list means only match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which + pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the + number of matching pods in the target topology and + the global minimum. The global minimum is the minimum + number of matching pods in an eligible domain or + zero if the number of eligible domains is less than + MinDomains. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum + is 1. | zone1 | zone2 | zone3 | | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can + be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number + of eligible domains. When the number of eligible + domains with matching topology keys is less than + minDomains, Pod Topology Spread treats \"global + minimum\" as 0, and then the calculation of Skew + is performed. And when the number of eligible domains + with matching topology keys equals or greater than + minDomains, this value has no effect on scheduling. + As a result, when the number of eligible domains + is less than minDomains, scheduler won't schedule + more than maxSkew Pods to those domains. If value + is nil, the constraint behaves as if MinDomains + is equal to 1. Valid values are integers greater + than 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a 3-zone + cluster, MaxSkew is set to 2, MinDomains is set + to 5 and pods with the same labelSelector spread + as 2/2/2: | zone1 | zone2 | zone3 | | P P | P + P | P P | The number of domains is less than + 5(MinDomains), so \"global minimum\" is treated + as 0. In this situation, new pod with the same labelSelector + cannot be scheduled, because computed skew will + be 3(3 - 0) if new Pod is scheduled to any of the + three zones, it will violate MaxSkew. \n This is + a beta field and requires the MinDomainsInPodTopologySpread + feature gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we + will treat Pod's nodeAffinity/nodeSelector when + calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. + \n If this value is nil, the behavior is equivalent + to the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will + treat node taints when calculating pod topology + spread skew. Options are: - Honor: nodes without + taints, along with tainted nodes for which the incoming + pod has a toleration, are included. - Ignore: node + taints are ignored. All nodes are included. \n If + this value is nil, the behavior is equivalent to + the Ignore policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", and + try to put balanced number of pods into each bucket. + We define a domain as a particular instance of a + topology. Also, we define an eligible domain as + a domain whose nodes meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if + TopologyKey is "topology.kubernetes.io/zone", each + zone is a domain of that topology. It's a required + field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not + to schedule it. - ScheduleAnyway tells the scheduler + to schedule the pod in any location, but giving + higher precedence to topologies that would help + reduce the skew. A constraint is considered "Unsatisfiable" + for an incoming pod if and only if every possible + node assignment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P + P | P | P | If WhenUnsatisfiable is set + to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, + the cluster can still be imbalanced, but scheduler + won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map volumes: - description: Volumes is a list of volumes that can be mounted - by containers in a template. items: description: Volume represents a named volume in a pod that may be accessed by any container in the pod. diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml index 4484488d9b..47a8f398e2 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml @@ -10247,6 +10247,988 @@ spec: description: Task describes the behavior of the custom task. Only used when Type is TypeTask. properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + description: Affinity is a group of affinity scheduling + rules. + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most + preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit weight + 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to an update), the + system may or may not try to eventually evict + the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to a pod label update), + the system may or may not try to eventually + evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it + may choose a node that violates one or more + of the expressions. The node that is most + preferred is the one with the greatest sum + of weights, i.e. for each node that meets + all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the + node. If the anti-affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod label + update), the system may or may not try to + eventually evict the pod from its node. When + there are multiple elements, the lists of + nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean container: description: Container is the main container image to run in the pod @@ -11617,9 +12599,474 @@ spec: required: - name type: object + imagePullSecrets: + items: + description: LocalObjectReference contains enough + information to let you locate the referenced object + inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + type: array + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + securityContext: + description: PodSecurityContext holds pod-level security + attributes and common container settings. Some fields + are also present in container.securityContext. Field + values of container.securityContext take precedence + over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that + applies to all containers in a pod. Some volume + types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The + owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be + owned by FSGroup) 3. The permission bits are OR'd + with rw-rw---- \n If unset, the Kubelet will not + modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name + is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior + of changing ownership and permission of the volume + before being exposed inside Pod. This field will + only apply to volume types which support fsGroup + based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name + is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence + for that container. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + all containers. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot + be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set + when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file + on the node should be used. RuntimeDefault + - the container runtime default profile should + be used. Unconfined - no profile should be + applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first + process run in each container, in addition to + the container's primary GID, the fsGroup (if specified), + and group memberships defined in the container + image for the uid of the container process. If + unspecified, no additional groups are added to + any container. Note that group memberships defined + in the container image for the uid of the container + process are still effective, even if they are + not included in this list. Note that this field + cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls + (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name + is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be + honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. Defaults + to the user specified in image metadata if + unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + serviceAccountName: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + description: The pod this Toleration is attached to + tolerates any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must be + of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever + (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are + counted to determine the number of pods in their + corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select the pods over which spreading + will be calculated. The keys are used to lookup + values from the incoming pod labels, those key-value + labels are ANDed with labelSelector to select + the group of existing pods over which spreading + will be calculated for the incoming pod. Keys + that don't exist in the incoming pod labels + will be ignored. A null or empty list means + only match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to + which pods may be unevenly distributed. When + `whenUnsatisfiable=DoNotSchedule`, it is the + maximum permitted difference between the number + of matching pods in the target topology and + the global minimum. The global minimum is the + minimum number of matching pods in an eligible + domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 2/2/1: In this + case, the global minimum is 1. | zone1 | zone2 + | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number + of eligible domains. When the number of eligible + domains with matching topology keys is less + than minDomains, Pod Topology Spread treats + \"global minimum\" as 0, and then the calculation + of Skew is performed. And when the number of + eligible domains with matching topology keys + equals or greater than minDomains, this value + has no effect on scheduling. As a result, when + the number of eligible domains is less than + minDomains, scheduler won't schedule more than + maxSkew Pods to those domains. If value is nil, + the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than + 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a + 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 | | + \ P P | P P | P P | The number of domains + is less than 5(MinDomains), so \"global minimum\" + is treated as 0. In this situation, new pod + with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new + Pod is scheduled to any of the three zones, + it will violate MaxSkew. \n This is a beta field + and requires the MinDomainsInPodTopologySpread + feature gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how + we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options + are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: + nodeAffinity/nodeSelector are ignored. All nodes + are included in the calculations. \n If this + value is nil, the behavior is equivalent to + the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we + will treat node taints when calculating pod + topology spread skew. Options are: - Honor: + nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, + are included. - Ignore: node taints are ignored. + All nodes are included. \n If this value is + nil, the behavior is equivalent to the Ignore + policy. This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", + and try to put balanced number of pods into + each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible + domain as a domain whose nodes meet the requirements + of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, + if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's + a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how + to deal with a pod if it doesn''t satisfy the + spread constraint. - DoNotSchedule (default) + tells the scheduler not to schedule it. - ScheduleAnyway + tells the scheduler to schedule the pod in any + location, but giving higher precedence to + topologies that would help reduce the skew. + A constraint is considered "Unsatisfiable" for + an incoming pod if and only if every possible + node assignment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: | zone1 | zone2 + | zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only + be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can + still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map volumes: - description: Volumes is a list of volumes that can be - mounted by containers in a template. items: description: Volume represents a named volume in a pod that may be accessed by any container in the diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml index 78b5f9fdca..e36de20b8a 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml @@ -13433,234 +13433,1321 @@ spec: description: Task describes the behavior of the custom task. Only used when Type is TypeTask. properties: - container: - description: Container is the main container image - to run in the pod + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + description: Affinity is a group of affinity scheduling + rules. properties: - args: - description: 'Arguments to the entrypoint. The - container image''s CMD is used if this is - not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed - within a shell. The container image''s ENTRYPOINT - is used if this is not provided. Variable - references $(VAR_NAME) are expanded using - the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to - set in the container. Cannot be updated. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with + the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a + sum by iterating through the elements + of this field and adding "weight" to the + sum if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no + objects (i.e. is also a no-op). properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its key must be - defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified API - version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + preference: + description: A node selector term, + associated with the corresponding + weight. properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array type: object - secretKeyRef: - description: Selects a key of a secret - in the pod's namespace + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to an update), the system may or may + not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. All - invalid keys will be reported as an event - when the container is starting. When a key - exists in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the - source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - prefix: - description: An optional identifier to - prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with + the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a + sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches + the corresponding podAffinityTerm; the + node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - must be defined - type: boolean - type: object - type: object - type: array - image: - description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override container - images in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always if - :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is + applied to the union of the + namespaces selected by this + field and the ones listed in + the namespaces field. null selector + and null or empty namespaces + list means "this pod's namespace". + An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union + of the namespaces listed in + this field and the ones selected + by namespaceSelector. null or + empty namespaces list and null + namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there are + multiple elements, the lists of nodes + corresponding to each podAffinityTerm + are intersected, i.e. all terms must be + satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by + this field, but it may choose a node that + violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of the + scheduling requirements (resource request, + requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and + adding "weight" to the sum if the node + has pods which matches the corresponding + podAffinityTerm; the node(s) with the + highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is + applied to the union of the + namespaces selected by this + field and the ones listed in + the namespaces field. null selector + and null or empty namespaces + list means "this pod's namespace". + An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union + of the namespaces listed in + this field and the ones selected + by namespaceSelector. null or + empty namespaces list and null + namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there are + multiple elements, the lists of nodes + corresponding to each podAffinityTerm + are intersected, i.e. all terms must be + satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + container: + description: Container is the main container image + to run in the pod + properties: + args: + description: 'Arguments to the entrypoint. The + container image''s CMD is used if this is + not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed + within a shell. The container image''s ENTRYPOINT + is used if this is not provided. Variable + references $(VAR_NAME) are expanded using + the container''s environment. If a variable + cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to + a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if + value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined + within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event + when the container is starting. When a key + exists in multiple sources, the value associated + with the last source will take precedence. + Values defined by an Env with a duplicate + key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the + source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to + prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level + config management to default or override container + images in workload controllers like Deployments + and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, + Never, IfNotPresent. Defaults to Always if + :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string lifecycle: description: Actions that the management system should take in response to container lifecycle @@ -14871,19 +15958,511 @@ spec: - mountPath - name type: object - type: array - workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might be configured - in the container image. Cannot be updated. - type: string - required: - - name - type: object + type: array + workingDir: + description: Container's working directory. + If not specified, the container runtime's + default will be used, which might be configured + in the container image. Cannot be updated. + type: string + required: + - name + type: object + imagePullSecrets: + items: + description: LocalObjectReference contains enough + information to let you locate the referenced + object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + type: array + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + securityContext: + description: PodSecurityContext holds pod-level + security attributes and common container settings. + Some fields are also present in container.securityContext. Field + values of container.securityContext take precedence + over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that + applies to all containers in a pod. Some volume + types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n + 1. The owning GID will be the FSGroup 2. The + setgid bit is set (new files created in the + volume will be owned by FSGroup) 3. The permission + bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership + and permissions of any volume. Note that this + field cannot be set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior + of changing ownership and permission of the + volume before being exposed inside Pod. This + field will only apply to volume types which + support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume + types such as: secret, configmaps and emptydir. + Valid values are "OnRootMismatch" and "Always". + If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name + is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of + the container process. Uses runtime default + if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must + run as a non-root user. If true, the Kubelet + will validate the image at runtime to ensure + that it does not run as UID 0 (root) and fail + to start the container if it does. If unset + or false, no such validation will be performed. + May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of + the container process. Defaults to user specified + in image metadata if unspecified. May also + be set in SecurityContext. If set in both + SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence + for that container. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to all containers. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the + containers in this pod. Note that this field + cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile defined in a file on the node + should be used. The profile must be preconfigured + on the node to work. Must be a descending + path, relative to the kubelet's configured + seccomp profile location. Must only be + set if type is "Localhost". + type: string + type: + description: "type indicates which kind + of seccomp profile will be applied. Valid + options are: \n Localhost - a profile + defined in a file on the node should be + used. RuntimeDefault - the container runtime + default profile should be used. Unconfined + - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the + first process run in each container, in addition + to the container's primary GID, the fsGroup + (if specified), and group memberships defined + in the container image for the uid of the + container process. If unspecified, no additional + groups are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are not + included in this list. Note that this field + cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced + sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail + to launch. Note that this field cannot be + set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + within a container's SecurityContext will + be used. If set in both SecurityContext and + PodSecurityContext, the value specified in + SecurityContext takes precedence. Note that + this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a + container should be run as a 'Host Process' + container. This field is alpha-level and + will only be honored by components that + enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed to + have a mix of HostProcess containers and + non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to + run the entrypoint of the container process. + Defaults to the user specified in image + metadata if unspecified. May also be set + in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the + toleration applies to. Empty means match + all taint keys. If the key is empty, operator + must be Exists; this combination means to + match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists + and Equal. Defaults to Equal. Exists is + equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By + default, it is not set, which means tolerate + the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the + toleration matches to. If the operator is + Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + items: + description: TopologySpreadConstraint specifies + how to spread matching pods among the given + topology. + properties: + labelSelector: + description: LabelSelector is used to find + matching pods. Pods that match this label + selector are counted to determine the number + of pods in their corresponding topology + domain. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + matchLabelKeys: + description: MatchLabelKeys is a set of pod + label keys to select the pods over which + spreading will be calculated. The keys are + used to lookup values from the incoming + pod labels, those key-value labels are ANDed + with labelSelector to select the group of + existing pods over which spreading will + be calculated for the incoming pod. Keys + that don't exist in the incoming pod labels + will be ignored. A null or empty list means + only match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree + to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between + the number of matching pods in the target + topology and the global minimum. The global + minimum is the minimum number of matching + pods in an eligible domain or zero if the + number of eligible domains is less than + MinDomains. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: In this case, + the global minimum is 1. | zone1 | zone2 + | zone3 | | P P | P P | P | - if + MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 2/2/2; scheduling it + onto zone1(zone2) would make the ActualSkew(3-1) + on zone1(zone2) violate MaxSkew(1). - if + MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to + topologies that satisfy it. It''s a required + field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum + number of eligible domains. When the number + of eligible domains with matching topology + keys is less than minDomains, Pod Topology + Spread treats \"global minimum\" as 0, and + then the calculation of Skew is performed. + And when the number of eligible domains + with matching topology keys equals or greater + than minDomains, this value has no effect + on scheduling. As a result, when the number + of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew + Pods to those domains. If value is nil, + the constraint behaves as if MinDomains + is equal to 1. Valid values are integers + greater than 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in + a 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 + | | P P | P P | P P | The number of + domains is less than 5(MinDomains), so \"global + minimum\" is treated as 0. In this situation, + new pod with the same labelSelector cannot + be scheduled, because computed skew will + be 3(3 - 0) if new Pod is scheduled to any + of the three zones, it will violate MaxSkew. + \n This is a beta field and requires the + MinDomainsInPodTopologySpread feature gate + to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates + how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. + Options are: - Honor: only nodes matching + nodeAffinity/nodeSelector are included in + the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the + calculations. \n If this value is nil, the + behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how + we will treat node taints when calculating + pod topology spread skew. Options are: - + Honor: nodes without taints, along with + tainted nodes for which the incoming pod + has a toleration, are included. - Ignore: + node taints are ignored. All nodes are included. + \n If this value is nil, the behavior is + equivalent to the Ignore policy. This is + a beta-level feature default enabled by + the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node + labels. Nodes that have a label with this + key and identical values are considered + to be in the same topology. We consider + each as a "bucket", and try + to put balanced number of pods into each + bucket. We define a domain as a particular + instance of a topology. Also, we define + an eligible domain as a domain whose nodes + meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey + is "kubernetes.io/hostname", each Node is + a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone + is a domain of that topology. It's a required + field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates + how to deal with a pod if it doesn''t satisfy + the spread constraint. - DoNotSchedule (default) + tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to + schedule the pod in any location, but + giving higher precedence to topologies that + would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming + pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on + some topology. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, + incoming pod can only be scheduled to zone2(zone3) + to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In + other words, the cluster can still be imbalanced, + but scheduler won''t make it *more* imbalanced. + It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map volumes: - description: Volumes is a list of volumes that can - be mounted by containers in a template. items: description: Volume represents a named volume in a pod that may be accessed by any container @@ -17198,93 +18777,955 @@ spec: that used to select pods. The key defines the namespace which pods belong, and the each values is a set of pod names. type: object - type: object - stressngStressors: - description: StressngStressors defines plenty of stressors just - like `Stressors` except that it's an experimental feature and - more powerful. You can define stressors in `stress-ng` (see - also `man stress-ng`) dialect, however not all of the supported - stressors are well tested. It maybe retired in later releases. - You should always use `Stressors` to define the stressors and - use this only when you want more stressors unsupported by `Stressors`. - When both `StressngStressors` and `Stressors` are defined, `StressngStressors` - wins. - type: string - stressors: - description: Stressors defines plenty of stressors supported to - stress system components out. You can use one or more of them - to make up various kinds of stresses. At least one of the stressors - should be specified. - properties: - cpu: - description: CPUStressor stresses CPU out + type: object + stressngStressors: + description: StressngStressors defines plenty of stressors just + like `Stressors` except that it's an experimental feature and + more powerful. You can define stressors in `stress-ng` (see + also `man stress-ng`) dialect, however not all of the supported + stressors are well tested. It maybe retired in later releases. + You should always use `Stressors` to define the stressors and + use this only when you want more stressors unsupported by `Stressors`. + When both `StressngStressors` and `Stressors` are defined, `StressngStressors` + wins. + type: string + stressors: + description: Stressors defines plenty of stressors supported to + stress system components out. You can use one or more of them + to make up various kinds of stresses. At least one of the stressors + should be specified. + properties: + cpu: + description: CPUStressor stresses CPU out + properties: + load: + description: Load specifies P percent loading per CPU + worker. 0 is effectively a sleep (no load) and 100 is + full loading. + maximum: 100 + minimum: 0 + type: integer + options: + description: extend stress-ng options + items: + type: string + type: array + workers: + description: Workers specifies N workers to apply the + stressor. Maximum 8192 workers can run by stress-ng + maximum: 8192 + type: integer + required: + - workers + type: object + memory: + description: MemoryStressor stresses virtual memory out + properties: + oomScoreAdj: + default: 0 + description: OOMScoreAdj sets the oom_score_adj of the + stress process. See `man 5 proc` to know more about + this option. + maximum: 1000 + minimum: -1000 + type: integer + options: + description: extend stress-ng options + items: + type: string + type: array + size: + description: Size specifies N bytes consumed per vm worker, + default is the total available memory. One can specify + the size as % of total available memory or in units + of B, KB/KiB, MB/MiB, GB/GiB, TB/TiB. + type: string + workers: + description: Workers specifies N workers to apply the + stressor. Maximum 8192 workers can run by stress-ng + maximum: 8192 + type: integer + required: + - workers + type: object + type: object + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. If `FixedPercentMode`, + provide a number from 0-100 to specify the percent of pods the + server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of pods to do + chaos action + type: string + required: + - mode + - selector + type: object + task: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + description: Affinity is a group of affinity scheduling rules. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). properties: - load: - description: Load specifies P percent loading per CPU - worker. 0 is effectively a sleep (no load) and 100 is - full loading. - maximum: 100 - minimum: 0 - type: integer - options: - description: extend stress-ng options + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. items: - type: string + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object type: array - workers: - description: Workers specifies N workers to apply the - stressor. Maximum 8192 workers can run by stress-ng - maximum: 8192 - type: integer - required: - - workers - type: object - memory: - description: MemoryStressor stresses virtual memory out - properties: - oomScoreAdj: - default: 0 - description: OOMScoreAdj sets the oom_score_adj of the - stress process. See `man 5 proc` to know more about - this option. - maximum: 1000 - minimum: -1000 - type: integer - options: - description: extend stress-ng options + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. items: - type: string + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object type: array - size: - description: Size specifies N bytes consumed per vm worker, - default is the total available memory. One can specify - the size as % of total available memory or in units - of B, KB/KiB, MB/MiB, GB/GiB, TB/TiB. - type: string - workers: - description: Workers specifies N workers to apply the - stressor. Maximum 8192 workers can run by stress-ng - maximum: 8192 - type: integer - required: - - workers type: object type: object - value: - description: Value is required when the mode is set to `FixedMode` - / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, - provide an integer of pods to do chaos action. If `FixedPercentMode`, - provide a number from 0-100 to specify the percent of pods the - server can do chaos action. IF `RandomMaxPercentMode`, provide - a number from 0-100 to specify the max percent of pods to do - chaos action - type: string - required: - - mode - - selector - type: object - task: - properties: + automountServiceAccountToken: + type: boolean container: description: Container is the main container image to run in the pod @@ -18536,9 +20977,421 @@ spec: required: - name type: object + imagePullSecrets: + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + securityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot be + set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is + windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID, the fsGroup (if specified), and group memberships defined + in the container image for the uid of the container process. + If unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image + for the uid of the container process are still effective, + even if they are not included in this list. Note that this + field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to + select the pods over which spreading will be calculated. + The keys are used to lookup values from the incoming pod + labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading + will be calculated for the incoming pod. Keys that don't + exist in the incoming pod labels will be ignored. A null + or empty list means only match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. The global minimum is the minimum number of matching + pods in an eligible domain or zero if the number of eligible + domains is less than MinDomains. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | | P P | P P | P | - + if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that + satisfy it. It''s a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number of eligible + domains. When the number of eligible domains with matching + topology keys is less than minDomains, Pod Topology Spread + treats \"global minimum\" as 0, and then the calculation + of Skew is performed. And when the number of eligible + domains with matching topology keys equals or greater + than minDomains, this value has no effect on scheduling. + As a result, when the number of eligible domains is less + than minDomains, scheduler won't schedule more than maxSkew + Pods to those domains. If value is nil, the constraint + behaves as if MinDomains is equal to 1. Valid values are + integers greater than 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a 3-zone cluster, + MaxSkew is set to 2, MinDomains is set to 5 and pods with + the same labelSelector spread as 2/2/2: | zone1 | zone2 + | zone3 | | P P | P P | P P | The number of domains + is less than 5(MinDomains), so \"global minimum\" is treated + as 0. In this situation, new pod with the same labelSelector + cannot be scheduled, because computed skew will be 3(3 + - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. \n This is a beta field and requires + the MinDomainsInPodTopologySpread feature gate to be enabled + (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat + Pod's nodeAffinity/nodeSelector when calculating pod topology + spread skew. Options are: - Honor: only nodes matching + nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes + are included in the calculations. \n If this value is + nil, the behavior is equivalent to the Honor policy. This + is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat + node taints when calculating pod topology spread skew. + Options are: - Honor: nodes without taints, along with + tainted nodes for which the incoming pod has a toleration, + are included. - Ignore: node taints are ignored. All nodes + are included. \n If this value is nil, the behavior is + equivalent to the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible domain + as a domain whose nodes meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain + of that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it. - ScheduleAnyway tells the scheduler to schedule the + pod in any location, but giving higher precedence to + topologies that would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming pod if and + only if every possible node assignment for that pod would + violate "MaxSkew" on some topology. For example, in a + 3-zone cluster, MaxSkew is set to 1, and pods with the + same labelSelector spread as 3/1/1: | zone1 | zone2 | + zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, + the cluster can still be imbalanced, but scheduler won''t + make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map volumes: - description: Volumes is a list of volumes that can be mounted - by containers in a template. items: description: Volume represents a named volume in a pod that may be accessed by any container in the pod. diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml index acca343164..e1bb1c583c 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml @@ -6818,6 +6818,927 @@ spec: description: Task describes the behavior of the custom task. Only used when Type is TypeTask. properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + description: Affinity is a group of affinity scheduling + rules. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node matches the corresponding + matchExpressions; the node(s) with the highest + sum are the most preferred. + items: + description: An empty preferred scheduling term + matches all objects with implicit weight 0 (i.e. + it's a no-op). A null preferred scheduling term + matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to an update), the system may or may + not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may + or may not try to eventually evict the pod from + its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of + namespaces that the term applies to. The + term is applied to the union of the namespaces + selected by this field and the ones listed + in the namespaces field. null selector and + null or empty namespaces list means "this + pod's namespace". An empty selector ({}) + matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the anti-affinity requirements specified by this + field cease to be met at some point during pod + execution (e.g. due to a pod label update), the + system may or may not try to eventually evict + the pod from its node. When there are multiple + elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of + namespaces that the term applies to. The + term is applied to the union of the namespaces + selected by this field and the ones listed + in the namespaces field. null selector and + null or empty namespaces list means "this + pod's namespace". An empty selector ({}) + matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean container: description: Container is the main container image to run in the pod @@ -8128,9 +9049,450 @@ spec: required: - name type: object + imagePullSecrets: + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same + namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + type: array + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + securityContext: + description: PodSecurityContext holds pod-level security + attributes and common container settings. Some fields + are also present in container.securityContext. Field + values of container.securityContext take precedence over + field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies + to all containers in a pod. Some volume types allow + the Kubelet to change the ownership of that volume + to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files + created in the volume will be owned by FSGroup) 3. + The permission bits are OR'd with rw-rw---- \n If + unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot + be set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of + changing ownership and permission of the volume before + being exposed inside Pod. This field will only apply + to volume types which support fsGroup based ownership(and + permissions). It will have no effect on ephemeral + volume types such as: secret, configmaps and emptydir. + Valid values are "OnRootMismatch" and "Always". If + not specified, "Always" is used. Note that this field + cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if + it does. If unset or false, no such validation will + be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be + set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all + containers. If unspecified, the container runtime + will allocate a random SELinux context for each container. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when + spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative to + the kubelet's configured seccomp profile location. + Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: \n + Localhost - a profile defined in a file on the + node should be used. RuntimeDefault - the container + runtime default profile should be used. Unconfined + - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's + primary GID, the fsGroup (if specified), and group + memberships defined in the container image for the + uid of the container process. If unspecified, no additional + groups are added to any container. Note that group + memberships defined in the container image for the + uid of the container process are still effective, + even if they are not included in this list. Note that + this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls (by + the container runtime) might fail to launch. Note + that this field cannot be set when spec.os.name is + windows. + items: + description: Sysctl defines a kernel parameter to + be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options within + a container's SecurityContext will be used. If set + in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. This + field is alpha-level and will only be honored + by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature + flag will result in errors when validating the + Pod. All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true + then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. Defaults + to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to + match. Empty means match all taint effects. When + specified, allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If + the key is empty, operator must be Exists; this + combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect + NoExecute, otherwise this field is ignored) tolerates + the taint. By default, it is not set, which means + tolerate the taint forever (do not evict). Zero + and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + items: + description: TopologySpreadConstraint specifies how to + spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are counted + to determine the number of pods in their corresponding + topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select the pods over which spreading will + be calculated. The keys are used to lookup values + from the incoming pod labels, those key-value labels + are ANDed with labelSelector to select the group + of existing pods over which spreading will be calculated + for the incoming pod. Keys that don't exist in the + incoming pod labels will be ignored. A null or empty + list means only match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which + pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the + number of matching pods in the target topology and + the global minimum. The global minimum is the minimum + number of matching pods in an eligible domain or + zero if the number of eligible domains is less than + MinDomains. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum + is 1. | zone1 | zone2 | zone3 | | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can + be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number + of eligible domains. When the number of eligible + domains with matching topology keys is less than + minDomains, Pod Topology Spread treats \"global + minimum\" as 0, and then the calculation of Skew + is performed. And when the number of eligible domains + with matching topology keys equals or greater than + minDomains, this value has no effect on scheduling. + As a result, when the number of eligible domains + is less than minDomains, scheduler won't schedule + more than maxSkew Pods to those domains. If value + is nil, the constraint behaves as if MinDomains + is equal to 1. Valid values are integers greater + than 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a 3-zone + cluster, MaxSkew is set to 2, MinDomains is set + to 5 and pods with the same labelSelector spread + as 2/2/2: | zone1 | zone2 | zone3 | | P P | P + P | P P | The number of domains is less than + 5(MinDomains), so \"global minimum\" is treated + as 0. In this situation, new pod with the same labelSelector + cannot be scheduled, because computed skew will + be 3(3 - 0) if new Pod is scheduled to any of the + three zones, it will violate MaxSkew. \n This is + a beta field and requires the MinDomainsInPodTopologySpread + feature gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we + will treat Pod's nodeAffinity/nodeSelector when + calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. + \n If this value is nil, the behavior is equivalent + to the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will + treat node taints when calculating pod topology + spread skew. Options are: - Honor: nodes without + taints, along with tainted nodes for which the incoming + pod has a toleration, are included. - Ignore: node + taints are ignored. All nodes are included. \n If + this value is nil, the behavior is equivalent to + the Ignore policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", and + try to put balanced number of pods into each bucket. + We define a domain as a particular instance of a + topology. Also, we define an eligible domain as + a domain whose nodes meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if + TopologyKey is "topology.kubernetes.io/zone", each + zone is a domain of that topology. It's a required + field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not + to schedule it. - ScheduleAnyway tells the scheduler + to schedule the pod in any location, but giving + higher precedence to topologies that would help + reduce the skew. A constraint is considered "Unsatisfiable" + for an incoming pod if and only if every possible + node assignment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P + P | P | P | If WhenUnsatisfiable is set + to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, + the cluster can still be imbalanced, but scheduler + won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map volumes: - description: Volumes is a list of volumes that can be mounted - by containers in a template. items: description: Volume represents a named volume in a pod that may be accessed by any container in the pod. diff --git a/manifests/crd.yaml b/manifests/crd.yaml index 5ed11c5be3..cdbf26b34c 100644 --- a/manifests/crd.yaml +++ b/manifests/crd.yaml @@ -15611,201 +15611,1183 @@ spec: description: Task describes the behavior of the custom task. Only used when Type is TypeTask. properties: - container: - description: Container is the main container image to - run in the pod + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + description: Affinity is a group of affinity scheduling + rules. properties: - args: - description: 'Arguments to the entrypoint. The container - image''s CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded using - the container''s environment. If a variable cannot - be resolved, the reference in the input string - will be unchanged. Double $$ are reduced to a - single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will - never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within - a shell. The container image''s ENTRYPOINT is - used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, - the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set - in the container. Cannot be updated. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container and - any service environment variables. If a - variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most + preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit weight + 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' + preference: + description: A node selector term, associated + with the corresponding weight. properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - required: - - fieldPath + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array type: object - resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and - requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to an update), the + system may or may not try to eventually evict + the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array type: object - secretKeyRef: - description: Selects a key of a secret - in the pod's namespace + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean required: - - key + - topologyKey type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined within - a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container - is starting. When a key exists in multiple sources, - the value associated with the last source will - take precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot be - updated. - items: - description: EnvFromSource represents the source - of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to a pod label update), + the system may or may not try to eventually + evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running properties: - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean + required: + - topologyKey type: object - prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a - C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it + may choose a node that violates one or more + of the expressions. The node that is most + preferred is the one with the greatest sum + of weights, i.e. for each node that meets + all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) properties: - name: - description: 'Name of the referent. More + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the + node. If the anti-affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod label + update), the system may or may not try to + eventually evict the pod from its node. When + there are multiple elements, the lists of + nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + container: + description: Container is the main container image to + run in the pod + properties: + args: + description: 'Arguments to the entrypoint. The container + image''s CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using + the container''s environment. If a variable cannot + be resolved, the reference in the input string + will be unchanged. Double $$ are reduced to a + single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will + never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The container image''s ENTRYPOINT is + used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container + is starting. When a key exists in multiple sources, + the value associated with the last source will + take precedence. Values defined by an Env with + a duplicate key will take precedence. Cannot be + updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a + C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' @@ -16981,9 +17963,474 @@ spec: required: - name type: object + imagePullSecrets: + items: + description: LocalObjectReference contains enough + information to let you locate the referenced object + inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + type: array + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + securityContext: + description: PodSecurityContext holds pod-level security + attributes and common container settings. Some fields + are also present in container.securityContext. Field + values of container.securityContext take precedence + over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that + applies to all containers in a pod. Some volume + types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The + owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be + owned by FSGroup) 3. The permission bits are OR'd + with rw-rw---- \n If unset, the Kubelet will not + modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name + is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior + of changing ownership and permission of the volume + before being exposed inside Pod. This field will + only apply to volume types which support fsGroup + based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name + is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence + for that container. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + all containers. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot + be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set + when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file + on the node should be used. RuntimeDefault + - the container runtime default profile should + be used. Unconfined - no profile should be + applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first + process run in each container, in addition to + the container's primary GID, the fsGroup (if specified), + and group memberships defined in the container + image for the uid of the container process. If + unspecified, no additional groups are added to + any container. Note that group memberships defined + in the container image for the uid of the container + process are still effective, even if they are + not included in this list. Note that this field + cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls + (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name + is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be + honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. Defaults + to the user specified in image metadata if + unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + serviceAccountName: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + description: The pod this Toleration is attached to + tolerates any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must be + of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever + (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are + counted to determine the number of pods in their + corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select the pods over which spreading + will be calculated. The keys are used to lookup + values from the incoming pod labels, those key-value + labels are ANDed with labelSelector to select + the group of existing pods over which spreading + will be calculated for the incoming pod. Keys + that don't exist in the incoming pod labels + will be ignored. A null or empty list means + only match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to + which pods may be unevenly distributed. When + `whenUnsatisfiable=DoNotSchedule`, it is the + maximum permitted difference between the number + of matching pods in the target topology and + the global minimum. The global minimum is the + minimum number of matching pods in an eligible + domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 2/2/1: In this + case, the global minimum is 1. | zone1 | zone2 + | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number + of eligible domains. When the number of eligible + domains with matching topology keys is less + than minDomains, Pod Topology Spread treats + \"global minimum\" as 0, and then the calculation + of Skew is performed. And when the number of + eligible domains with matching topology keys + equals or greater than minDomains, this value + has no effect on scheduling. As a result, when + the number of eligible domains is less than + minDomains, scheduler won't schedule more than + maxSkew Pods to those domains. If value is nil, + the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than + 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a + 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 | | + \ P P | P P | P P | The number of domains + is less than 5(MinDomains), so \"global minimum\" + is treated as 0. In this situation, new pod + with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new + Pod is scheduled to any of the three zones, + it will violate MaxSkew. \n This is a beta field + and requires the MinDomainsInPodTopologySpread + feature gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how + we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options + are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: + nodeAffinity/nodeSelector are ignored. All nodes + are included in the calculations. \n If this + value is nil, the behavior is equivalent to + the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we + will treat node taints when calculating pod + topology spread skew. Options are: - Honor: + nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, + are included. - Ignore: node taints are ignored. + All nodes are included. \n If this value is + nil, the behavior is equivalent to the Ignore + policy. This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", + and try to put balanced number of pods into + each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible + domain as a domain whose nodes meet the requirements + of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, + if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's + a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how + to deal with a pod if it doesn''t satisfy the + spread constraint. - DoNotSchedule (default) + tells the scheduler not to schedule it. - ScheduleAnyway + tells the scheduler to schedule the pod in any + location, but giving higher precedence to + topologies that would help reduce the skew. + A constraint is considered "Unsatisfiable" for + an incoming pod if and only if every possible + node assignment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: | zone1 | zone2 + | zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only + be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can + still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map volumes: - description: Volumes is a list of volumes that can be - mounted by containers in a template. items: description: Volume represents a named volume in a pod that may be accessed by any container in the @@ -33303,1014 +34750,2101 @@ spec: description: Task describes the behavior of the custom task. Only used when Type is TypeTask. properties: - container: - description: Container is the main container image - to run in the pod + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + description: Affinity is a group of affinity scheduling + rules. properties: - args: - description: 'Arguments to the entrypoint. The - container image''s CMD is used if this is - not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed - within a shell. The container image''s ENTRYPOINT - is used if this is not provided. Variable - references $(VAR_NAME) are expanded using - the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to - set in the container. Cannot be updated. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with + the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a + sum by iterating through the elements + of this field and adding "weight" to the + sum if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no + objects (i.e. is also a no-op). properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its key must be - defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' + preference: + description: A node selector term, + associated with the corresponding + weight. properties: - apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified API - version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array type: object - secretKeyRef: - description: Selects a key of a secret - in the pod's namespace + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to an update), the system may or may + not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. All - invalid keys will be reported as an event - when the container is starting. When a key - exists in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the - source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - prefix: - description: An optional identifier to - prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with + the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a + sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches + the corresponding podAffinityTerm; the + node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - must be defined - type: boolean - type: object - type: object - type: array - image: - description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override container - images in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always if - :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and - restarted according to its restart policy. - Other management of the container blocks - until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. properties: - name: - description: The header field - name - type: string - value: - description: The header field - value - type: string - required: - - name - - value + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object type: object - type: array - path: - description: Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately - before a container is terminated due to - an API request or management event such - as liveness/startup probe failure, preemption, - resource contention, etc. The handler - is not called if the container crashes - or exits. The Pod''s termination grace - period countdown begins before the PreStop - hook is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period (unless delayed by finalizers). - Other management of the container blocks - until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is + applied to the union of the + namespaces selected by this + field and the ones listed in + the namespaces field. null selector + and null or empty namespaces + list means "this pod's namespace". + An empty selector ({}) matches + all namespaces. properties: - name: - description: The header field - name - type: string - value: - description: The header field - value - type: string - required: - - name - - value + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object type: object - type: array - path: - description: Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. - properties: - port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes - properties: - name: - description: The header field - name - type: string - value: - description: The header field - value + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union + of the namespaces listed in + this field and the ones selected + by namespaceSelector. null or + empty namespaces list and null + namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. type: string required: - - name - - value + - topologyKey type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified - as a DNS_LABEL. Each container in a pod must - have a unique name (DNS_LABEL). Cannot be - updated. - type: string - ports: - description: List of ports to expose from the - container. Not specifying a port here DOES - NOT prevent that port from being exposed. - Any port which is listening on the default - "0.0.0.0" address inside a container will - be accessible from the network. Modifying - this array with strategic merge patch may - corrupt the data. For more information See - https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network - port in a single container. - properties: - containerPort: - description: Number of port to expose - on the pod's IP address. This must be - a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the - external port to. - type: string - hostPort: - description: Number of port to expose - on the host. If specified, this must - be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must - match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be - an IANA_SVC_NAME and unique within the - pod. Each named port in a pod must have - a unique name. Name for the port that - can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be - UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service - readiness. Container will be removed from - service endpoints if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. This is a beta field and - requires enabling GRPCContainerProbe feature - gate. - properties: - port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes - properties: - name: - description: The header field - name - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by - this container. Cannot be updated. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n This - is an alpha field and requires enabling - the DynamicResourceAllocation feature - gate. \n This field is immutable." + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there are + multiple elements, the lists of nodes + corresponding to each podAffinityTerm + are intersected, i.e. all terms must be + satisfied. items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available - inside a container. + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. type: string required: - - name + - topologyKey type: object type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object type: object - securityContext: - description: 'SecurityContext defines the security - options the container should be run with. - If set, the fields of SecurityContext override - the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the + same node, zone, etc. as some other pod(s)). properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when - spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by - the container runtime. Note that this - field cannot be set when spec.os.name - is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. - type: boolean - procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults for - readonly paths and masked paths. This - requires the ProcMountType feature flag - to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default is - false. Note that this field cannot be - set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by + this field, but it may choose a node that + violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of the + scheduling requirements (resource request, + requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and + adding "weight" to the sum if the node + has pods which matches the corresponding + podAffinityTerm; the node(s) with the + highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is + applied to the union of the + namespaces selected by this + field and the ones listed in + the namespaces field. null selector + and null or empty namespaces + list means "this pod's namespace". + An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union + of the namespaces listed in + this field and the ones selected + by namespaceSelector. null or + empty namespaces list and null + namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there are + multiple elements, the lists of nodes + corresponding to each podAffinityTerm + are intersected, i.e. all terms must be + satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + container: + description: Container is the main container image + to run in the pod + properties: + args: + description: 'Arguments to the entrypoint. The + container image''s CMD is used if this is + not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed + within a shell. The container image''s ENTRYPOINT + is used if this is not provided. Variable + references $(VAR_NAME) are expanded using + the container''s environment. If a variable + cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to + a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if + value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined + within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event + when the container is starting. When a key + exists in multiple sources, the value associated + with the last source will take precedence. + Values defined by an Env with a duplicate + key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the + source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to + prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level + config management to default or override container + images in workload controllers like Deployments + and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, + Never, IfNotPresent. Defaults to Always if + :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system + should take in response to container lifecycle + events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately + after a container is created. If the handler + fails, the container is terminated and + restarted according to its restart policy. + Other management of the container blocks + until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the + command is root ('/') in the + container's filesystem. The command + is simply exec'd, it is not run + inside a shell, so traditional + shell instructions ('|', etc) + won't work. To use a shell, you + need to explicitly call out to + that shell. Exit status of 0 is + treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the + port to access on the container. + Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the + port to access on the container. + Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately + before a container is terminated due to + an API request or management event such + as liveness/startup probe failure, preemption, + resource contention, etc. The handler + is not called if the container crashes + or exits. The Pod''s termination grace + period countdown begins before the PreStop + hook is executed. Regardless of the outcome + of the handler, the container will eventually + terminate within the Pod''s termination + grace period (unless delayed by finalizers). + Other management of the container blocks + until the hook completes or until the + termination grace period is reached. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the + command is root ('/') in the + container's filesystem. The command + is simply exec'd, it is not run + inside a shell, so traditional + shell instructions ('|', etc) + won't work. To use a shell, you + need to explicitly call out to + that shell. Exit status of 0 is + treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the + port to access on the container. + Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the + port to access on the container. + Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults to 3. + Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC + service. Number must be in the range + 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of + the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness + probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum + value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully + upon probe failure. The grace period is + the duration in seconds after the processes + running in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill signal. + Set this value longer than the expected + cleanup time for your process. If this + value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified + as a DNS_LABEL. Each container in a pod must + have a unique name (DNS_LABEL). Cannot be + updated. + type: string + ports: + description: List of ports to expose from the + container. Not specifying a port here DOES + NOT prevent that port from being exposed. + Any port which is listening on the default + "0.0.0.0" address inside a container will + be accessible from the network. Modifying + this array with strategic merge patch may + corrupt the data. For more information See + https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose + on the pod's IP address. This must be + a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the + external port to. + type: string + hostPort: + description: Number of port to expose + on the host. If specified, this must + be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must + match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be + an IANA_SVC_NAME and unique within the + pod. Each named port in a pod must have + a unique name. Name for the port that + can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be + UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service + readiness. Container will be removed from + service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults to 3. + Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and + requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC + service. Number must be in the range + 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of + the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness + probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum + value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully + upon probe failure. The grace period is + the duration in seconds after the processes + running in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill signal. + Set this value longer than the expected + cleanup time for your process. If this + value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by + this container. Cannot be updated. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n This + is an alpha field and requires enabling + the DynamicResourceAllocation feature + gate. \n This field is immutable." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security + options the container should be run with. + If set, the fields of SecurityContext override + the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges + than its parent process. This bool directly + controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: + 1) run as Privileged 2) has CAP_SYS_ADMIN + Note that this field cannot be set when + spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop + when running containers. Defaults to the + default set of capabilities granted by + the container runtime. Note that this + field cannot be set when spec.os.name + is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged + mode. Processes in privileged containers + are essentially equivalent to root on + the host. Defaults to false. Note that + this field cannot be set when spec.os.name + is windows. + type: boolean + procMount: + description: procMount denotes the type + of proc mount to use for the containers. + The default is DefaultProcMount which + uses the container runtime defaults for + readonly paths and masked paths. This + requires the ProcMountType feature flag + to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has + a read-only root filesystem. Default is + false. Note that this field cannot be + set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime + default if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If true, + the Kubelet will validate the image at + runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If @@ -34751,9 +37285,501 @@ spec: required: - name type: object + imagePullSecrets: + items: + description: LocalObjectReference contains enough + information to let you locate the referenced + object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + type: array + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + securityContext: + description: PodSecurityContext holds pod-level + security attributes and common container settings. + Some fields are also present in container.securityContext. Field + values of container.securityContext take precedence + over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that + applies to all containers in a pod. Some volume + types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n + 1. The owning GID will be the FSGroup 2. The + setgid bit is set (new files created in the + volume will be owned by FSGroup) 3. The permission + bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership + and permissions of any volume. Note that this + field cannot be set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior + of changing ownership and permission of the + volume before being exposed inside Pod. This + field will only apply to volume types which + support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume + types such as: secret, configmaps and emptydir. + Valid values are "OnRootMismatch" and "Always". + If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name + is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of + the container process. Uses runtime default + if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must + run as a non-root user. If true, the Kubelet + will validate the image at runtime to ensure + that it does not run as UID 0 (root) and fail + to start the container if it does. If unset + or false, no such validation will be performed. + May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of + the container process. Defaults to user specified + in image metadata if unspecified. May also + be set in SecurityContext. If set in both + SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence + for that container. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to all containers. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the + containers in this pod. Note that this field + cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile defined in a file on the node + should be used. The profile must be preconfigured + on the node to work. Must be a descending + path, relative to the kubelet's configured + seccomp profile location. Must only be + set if type is "Localhost". + type: string + type: + description: "type indicates which kind + of seccomp profile will be applied. Valid + options are: \n Localhost - a profile + defined in a file on the node should be + used. RuntimeDefault - the container runtime + default profile should be used. Unconfined + - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the + first process run in each container, in addition + to the container's primary GID, the fsGroup + (if specified), and group memberships defined + in the container image for the uid of the + container process. If unspecified, no additional + groups are added to any container. Note that + group memberships defined in the container + image for the uid of the container process + are still effective, even if they are not + included in this list. Note that this field + cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced + sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail + to launch. Note that this field cannot be + set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + within a container's SecurityContext will + be used. If set in both SecurityContext and + PodSecurityContext, the value specified in + SecurityContext takes precedence. Note that + this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a + container should be run as a 'Host Process' + container. This field is alpha-level and + will only be honored by components that + enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed to + have a mix of HostProcess containers and + non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to + run the entrypoint of the container process. + Defaults to the user specified in image + metadata if unspecified. May also be set + in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the + toleration applies to. Empty means match + all taint keys. If the key is empty, operator + must be Exists; this combination means to + match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists + and Equal. Defaults to Equal. Exists is + equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By + default, it is not set, which means tolerate + the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the + toleration matches to. If the operator is + Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + items: + description: TopologySpreadConstraint specifies + how to spread matching pods among the given + topology. + properties: + labelSelector: + description: LabelSelector is used to find + matching pods. Pods that match this label + selector are counted to determine the number + of pods in their corresponding topology + domain. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + matchLabelKeys: + description: MatchLabelKeys is a set of pod + label keys to select the pods over which + spreading will be calculated. The keys are + used to lookup values from the incoming + pod labels, those key-value labels are ANDed + with labelSelector to select the group of + existing pods over which spreading will + be calculated for the incoming pod. Keys + that don't exist in the incoming pod labels + will be ignored. A null or empty list means + only match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree + to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between + the number of matching pods in the target + topology and the global minimum. The global + minimum is the minimum number of matching + pods in an eligible domain or zero if the + number of eligible domains is less than + MinDomains. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: In this case, + the global minimum is 1. | zone1 | zone2 + | zone3 | | P P | P P | P | - if + MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 2/2/2; scheduling it + onto zone1(zone2) would make the ActualSkew(3-1) + on zone1(zone2) violate MaxSkew(1). - if + MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to + topologies that satisfy it. It''s a required + field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum + number of eligible domains. When the number + of eligible domains with matching topology + keys is less than minDomains, Pod Topology + Spread treats \"global minimum\" as 0, and + then the calculation of Skew is performed. + And when the number of eligible domains + with matching topology keys equals or greater + than minDomains, this value has no effect + on scheduling. As a result, when the number + of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew + Pods to those domains. If value is nil, + the constraint behaves as if MinDomains + is equal to 1. Valid values are integers + greater than 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in + a 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 + | | P P | P P | P P | The number of + domains is less than 5(MinDomains), so \"global + minimum\" is treated as 0. In this situation, + new pod with the same labelSelector cannot + be scheduled, because computed skew will + be 3(3 - 0) if new Pod is scheduled to any + of the three zones, it will violate MaxSkew. + \n This is a beta field and requires the + MinDomainsInPodTopologySpread feature gate + to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates + how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. + Options are: - Honor: only nodes matching + nodeAffinity/nodeSelector are included in + the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the + calculations. \n If this value is nil, the + behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how + we will treat node taints when calculating + pod topology spread skew. Options are: - + Honor: nodes without taints, along with + tainted nodes for which the incoming pod + has a toleration, are included. - Ignore: + node taints are ignored. All nodes are included. + \n If this value is nil, the behavior is + equivalent to the Ignore policy. This is + a beta-level feature default enabled by + the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node + labels. Nodes that have a label with this + key and identical values are considered + to be in the same topology. We consider + each as a "bucket", and try + to put balanced number of pods into each + bucket. We define a domain as a particular + instance of a topology. Also, we define + an eligible domain as a domain whose nodes + meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey + is "kubernetes.io/hostname", each Node is + a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone + is a domain of that topology. It's a required + field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates + how to deal with a pod if it doesn''t satisfy + the spread constraint. - DoNotSchedule (default) + tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to + schedule the pod in any location, but + giving higher precedence to topologies that + would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming + pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on + some topology. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, + incoming pod can only be scheduled to zone2(zone3) + to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In + other words, the cluster can still be imbalanced, + but scheduler won''t make it *more* imbalanced. + It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map volumes: - description: Volumes is a list of volumes that can - be mounted by containers in a template. items: description: Volume represents a named volume in a pod that may be accessed by any container @@ -35647,35 +38673,246 @@ spec: description: driver is the name of the driver to use for this volume. type: string - fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". The - default filesystem depends on FlexVolume - script. + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". The + default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this + field holds extra command options if + any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults + to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef + is reference to the secret object containing + sensitive information to pass to the + plugin scripts. This may be empty if + no secret object is specified. If the + secret object contains more than one + secret, all secrets are passed to the + plugin scripts.' + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: flocker represents a Flocker + volume attached to a kubelet's host machine. + This depends on the Flocker control service + being running + properties: + datasetName: + description: datasetName is Name of the + dataset stored as metadata -> name on + the dataset for Flocker should be considered + as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of + the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents + a GCE Disk resource that is attached to + a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type + of the volume that you want to mount. + Tip: Ensure that the filesystem type + is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + partition: + description: 'partition is the partition + in the volume that you want to mount. + If omitted, the default is to mount + by volume name. Examples: For volume + /dev/sda1, you specify the partition + as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave + the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of + the PD resource in GCE. Used to identify + the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force + the ReadOnly setting in VolumeMounts. + Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository + at a particular revision. DEPRECATED: GitRepo + is deprecated. To provision a container + with a git repo, mount an EmptyDir into + an InitContainer that clones the repo using + git, then mount the EmptyDir into the Pod''s + container.' + properties: + directory: + description: directory is the target directory + name. Must not contain or start with + '..'. If '.' is supplied, the volume + directory will be the git repository. Otherwise, + if specified, the volume will contain + the git repository in the subdirectory + with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash + for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs + mount on the host that shares a pod''s lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint + name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume + path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force + the Glusterfs volume to be mounted with + read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing + file or directory on the host machine that + is directly exposed to the container. This + is generally used for system agents or other + privileged things that are allowed to see + the host machine. Most containers will NOT + need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who + can use host directory mounts and who can/can + not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on + the host. If the path is a symlink, + it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume + Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk + resource that is attached to a kubelet''s + host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines + whether support iSCSI Discovery CHAP + authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem + type of the volume that you want to + mount. Tip: Ensure that the filesystem + type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if + unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom + iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, + new iSCSI interface : will be created for the connection. type: string - options: - additionalProperties: + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface + Name that uses an iSCSI transport. Defaults + to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target + Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target + Portal List. The portal is either an + IP or ip_addr:port if the port is other + than default (typically TCP ports 860 + and 3260). + items: type: string - description: 'options is Optional: this - field holds extra command options if - any.' - type: object + type: array readOnly: - description: 'readOnly is Optional: defaults - to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts.' + description: readOnly here will force + the ReadOnly setting in VolumeMounts. + Defaults to false. type: boolean secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the - plugin scripts. This may be empty if - no secret object is specified. If the - secret object contains more than one - secret, all secrets are passed to the - plugin scripts.' + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication properties: name: description: 'Name of the referent. @@ -35684,160 +38921,496 @@ spec: kind, uid?' type: string type: object + targetPortal: + description: targetPortal is iSCSI Target + Portal. The Portal is either an IP or + ip_addr:port if the port is other than + default (typically TCP ports 860 and + 3260). + type: string required: - - driver + - iqn + - lun + - targetPortal type: object - flocker: - description: flocker represents a Flocker - volume attached to a kubelet's host machine. - This depends on the Flocker control service - being running + name: + description: 'name of the volume. Must be + a DNS_LABEL and unique within the pod. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount + on the host that shares a pod''s lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: - datasetName: - description: datasetName is Name of the - dataset stored as metadata -> name on - the dataset for Flocker should be considered - as deprecated + path: + description: 'path that is exported by + the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string - datasetUUID: - description: datasetUUID is the UUID of - the dataset. This is unique identifier - of a Flocker dataset + readOnly: + description: 'readOnly here will force + the NFS export to be mounted with read-only + permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or + IP address of the NFS server. More info: + https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string + required: + - path + - server type: object - gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached to - a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource + represents a reference to a PersistentVolumeClaim + in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: - fsType: - description: 'fsType is filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type - is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave - the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'pdName is unique name of - the PD resource in GCE. Used to identify - the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + claimName: + description: 'claimName is the name of + a PersistentVolumeClaim in the same + namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: readOnly Will force the ReadOnly + setting in VolumeMounts. Default false. type: boolean required: - - pdName + - claimName type: object - gitRepo: - description: 'gitRepo represents a git repository - at a particular revision. DEPRECATED: GitRepo - is deprecated. To provision a container - with a git repo, mount an EmptyDir into - an InitContainer that clones the repo using - git, then mount the EmptyDir into the Pod''s - container.' + photonPersistentDisk: + description: photonPersistentDisk represents + a PhotonController persistent disk attached + and mounted on kubelets host machine properties: - directory: - description: directory is the target directory - name. Must not contain or start with - '..'. If '.' is supplied, the volume - directory will be the git repository. Otherwise, - if specified, the volume will contain - the git repository in the subdirectory - with the given name. + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. type: string - repository: - description: repository is the URL + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk type: string - revision: - description: revision is the commit hash - for the specified revision. + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets + host machine + properties: + fsType: + description: fSType represents the filesystem + type to mount Must be a filesystem type + supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to false + (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume type: string required: - - repository + - volumeID + type: object + projected: + description: projected items for all in one + resources secrets, configmaps, and downward + API + properties: + defaultMode: + description: defaultMode are the mode + bits used to set permissions on created + files by default. Must be an octal value + between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both + octal and decimal values, JSON requires + decimal values for mode bits. Directories + within the path are not affected by + this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume + projections + items: + description: Projection that may be + projected along with other supported + volume types + properties: + configMap: + description: configMap information + about the configMap data to project + properties: + items: + description: items if unspecified, + each key-value pair in the + Data field of the referenced + ConfigMap will be projected + into the volume as a file + whose name is the key and + content is the value. If specified, + the listed keys will be projected + into the specified paths, + and unlisted keys will not + be present. If a key is specified + which is not present in the + ConfigMap, the volume setup + will error unless it is marked + optional. Paths must be relative + and may not contain the '..' + path or start with '..'. + items: + description: Maps a string + key to a path within a volume. + properties: + key: + description: key is the + key to project. + type: string + mode: + description: 'mode is + Optional: mode bits + used to set permissions + on this file. Must be + an octal value between + 0000 and 0777 or a decimal + value between 0 and + 511. YAML accepts both + octal and decimal values, + JSON requires decimal + values for mode bits. + If not specified, the + volume defaultMode will + be used. This might + be in conflict with + other options that affect + the file mode, like + fsGroup, and the result + can be other mode bits + set.' + format: int32 + type: integer + path: + description: path is the + relative path of the + file to map the key + to. May not be an absolute + path. May not contain + the path element '..'. + May not start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: optional specify + whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: downwardAPI information + about the downwardAPI data to + project + properties: + items: + description: Items is a list + of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to + create the file containing + the pod field + properties: + fieldRef: + description: 'Required: + Selects a field of the + pod: only annotations, + labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version + of the schema the + FieldPath is written + in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path + of the field to + select in the specified + API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: + mode bits used to set + permissions on this + file, must be an octal + value between 0000 and + 0777 or a decimal value + between 0 and 511. YAML + accepts both octal and + decimal values, JSON + requires decimal values + for mode bits. If not + specified, the volume + defaultMode will be + used. This might be + in conflict with other + options that affect + the file mode, like + fsGroup, and the result + can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: + Path is the relative + path name of the file + to be created. Must + not be absolute or contain + the ''..'' path. Must + be utf-8 encoded. The + first item of the relative + path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects + a resource of the container: + only resources limits + and requests (limits.cpu, + limits.memory, requests.cpu + and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container + name: required for + volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format + of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: secret information + about the secret data to project + properties: + items: + description: items if unspecified, + each key-value pair in the + Data field of the referenced + Secret will be projected into + the volume as a file whose + name is the key and content + is the value. If specified, + the listed keys will be projected + into the specified paths, + and unlisted keys will not + be present. If a key is specified + which is not present in the + Secret, the volume setup will + error unless it is marked + optional. Paths must be relative + and may not contain the '..' + path or start with '..'. + items: + description: Maps a string + key to a path within a volume. + properties: + key: + description: key is the + key to project. + type: string + mode: + description: 'mode is + Optional: mode bits + used to set permissions + on this file. Must be + an octal value between + 0000 and 0777 or a decimal + value between 0 and + 511. YAML accepts both + octal and decimal values, + JSON requires decimal + values for mode bits. + If not specified, the + volume defaultMode will + be used. This might + be in conflict with + other options that affect + the file mode, like + fsGroup, and the result + can be other mode bits + set.' + format: int32 + type: integer + path: + description: path is the + relative path of the + file to map the key + to. May not be an absolute + path. May not contain + the path element '..'. + May not start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: optional field + specify whether the Secret + or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: serviceAccountToken + is information about the serviceAccountToken + data to project + properties: + audience: + description: audience is the + intended audience of the token. + A recipient of a token must + identify itself with an identifier + specified in the audience + of the token, and otherwise + should reject the token. The + audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds + is the requested duration + of validity of the service + account token. As the token + approaches expiration, the + kubelet volume plugin will + proactively rotate the service + account token. The kubelet + will start trying to rotate + the token if the token is + older than 80 percent of its + time to live or if the token + is older than 24 hours.Defaults + to 1 hour and must be at least + 10 minutes. + format: int64 + type: integer + path: + description: path is the path + relative to the mount point + of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array type: object - glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md' + quobyte: + description: quobyte represents a Quobyte + mount on the host that shares a pod's lifetime properties: - endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'path is the Glusterfs volume - path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + group: + description: group to map volume access + to Default is no group type: string readOnly: - description: 'readOnly here will force - the Glusterfs volume to be mounted with + description: readOnly here will force + the Quobyte volume to be mounted with read-only permissions. Defaults to false. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine that - is directly exposed to the container. This - is generally used for system agents or other - privileged things that are allowed to see - the host machine. Most containers will NOT - need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who - can use host directory mounts and who can/can - not mount host directories as read/write.' - properties: - path: - description: 'path of the directory on - the host. If the path is a symlink, - it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + registry: + description: registry represents a single + or multiple Quobyte Registry services + specified as a string as host:port pair + (multiple entries are separated with + commas) which acts as the central registry + for volumes type: string - type: - description: 'type for HostPath Volume - Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + tenant: + description: tenant owning the given Quobyte + volume in the Backend Used with dynamically + provisioned Quobyte volumes, value is + set by the plugin + type: string + user: + description: user to map volume access + to Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by + name. type: string required: - - path + - registry + - volume type: object - iscsi: - description: 'iscsi represents an ISCSI Disk - resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md' + rbd: + description: 'rbd represents a Rados Block + Device mount on the host that shares a pod''s + lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines - whether support iSCSI Discovery CHAP - authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether - support iSCSI Session CHAP authentication - type: boolean fsType: description: 'fsType is the filesystem type of the volume that you want to @@ -35845,48 +39418,39 @@ spec: type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' type: string - initiatorName: - description: initiatorName is the custom - iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, - new iSCSI interface : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified - Name. + image: + description: 'image is the rados image + name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string - iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. Defaults - to 'default' (tcp). + keyring: + description: 'keyring is the path to key + ring for RBDUser. Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string - lun: - description: lun represents iSCSI Target - Lun number. - format: int32 - type: integer - portals: - description: portals is the iSCSI Target - Portal List. The portal is either an - IP or ip_addr:port if the port is other - than default (typically TCP ports 860 - and 3260). + monitors: + description: 'monitors is a collection + of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array + pool: + description: 'pool is the rados pool name. + Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string readOnly: - description: readOnly here will force + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. + Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: secretRef is the CHAP Secret - for iSCSI target and initiator authentication + description: 'secretRef is name of the + authentication secret for RBDUser. If + provided overrides keyring. Default + is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: description: 'Name of the referent. @@ -35895,69 +39459,169 @@ spec: kind, uid?' type: string type: object - targetPortal: - description: targetPortal is iSCSI Target - Portal. The Portal is either an IP or - ip_addr:port if the port is other than - default (typically TCP ports 860 and - 3260). + user: + description: 'user is the rados user name. + Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - - iqn - - lun - - targetPortal + - image + - monitors type: object - name: - description: 'name of the volume. Must be - a DNS_LABEL and unique within the pod. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'nfs represents an NFS mount - on the host that shares a pod''s lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + scaleIO: + description: scaleIO represents a ScaleIO + persistent volume attached and mounted on + Kubernetes nodes. properties: - path: - description: 'path that is exported by - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Default + is "xfs". + type: string + gateway: + description: gateway is the host address + of the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for + the configured storage. type: string readOnly: - description: 'readOnly here will force - the NFS export to be mounted with read-only - permissions. Defaults to false. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: readOnly Defaults to false + (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean - server: - description: 'server is the hostname or - IP address of the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' + secretRef: + description: secretRef references to the + secret for ScaleIO user and other sensitive + information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + description: storageMode indicates whether + the storage for a volume should be ThickProvisioned + or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO + Storage Pool associated with the protection + domain. + type: string + system: + description: system is the name of the + storage system as configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of + a volume already created in the ScaleIO + system that is associated with this + volume source. type: string required: - - path - - server + - gateway + - secretRef + - system type: object - persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + secret: + description: 'secret represents a secret that + should populate this volume. More info: + https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: - claimName: - description: 'claimName is the name of - a PersistentVolumeClaim in the same - namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. + defaultMode: + description: 'defaultMode is Optional: + mode bits used to set permissions on + created files by default. Must be an + octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. Defaults to 0644. Directories + within the path are not affected by + this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each + key-value pair in the Data field of + the referenced Secret will be projected + into the volume as a file whose name + is the key and content is the value. + If specified, the listed keys will be + projected into the specified paths, + and unlisted keys will not be present. + If a key is specified which is not present + in the Secret, the volume setup will + error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an octal + value between 0000 and 0777 or + a decimal value between 0 and + 511. YAML accepts both octal and + decimal values, JSON requires + decimal values for mode bits. + If not specified, the volume defaultMode + will be used. This might be in + conflict with other options that + affect the file mode, like fsGroup, + and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the key + to. May not be an absolute path. + May not contain the path element + '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined type: boolean - required: - - claimName + secretName: + description: 'secretName is the name of + the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string type: object - photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes + nodes. properties: fsType: description: fsType is the filesystem @@ -35966,770 +39630,1349 @@ spec: system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string - pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk + readOnly: + description: readOnly defaults to false + (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret + to use for obtaining the StorageOS API + credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + volumeName: + description: volumeName is the human-readable + name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies + the scope of the volume within StorageOS. If + no namespace is specified then the Pod's + namespace will be used. This allows + the Kubernetes name scoping to be mirrored + within StorageOS for tighter integration. + Set VolumeName to any name to override + the default behaviour. Set to "default" + if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. type: string - required: - - pdID type: object - portworxVolume: - description: portworxVolume represents a portworx + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: - fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. + fsType: + description: fsType is filesystem type + to mount. Must be a filesystem type + supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the + storage Policy Based Management (SPBM) + profile name. + type: string + volumePath: + description: volumePath is the path that + identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + templateType: + type: string + timeChaos: + description: TimeChaosSpec defines the desired state + of TimeChaos + properties: + clockIds: + description: ClockIds defines all affected clock + id All available options are ["CLOCK_REALTIME","CLOCK_MONOTONIC","CLOCK_PROCESS_CPUTIME_ID","CLOCK_THREAD_CPUTIME_ID", + "CLOCK_MONOTONIC_RAW","CLOCK_REALTIME_COARSE","CLOCK_MONOTONIC_COARSE","CLOCK_BOOTTIME","CLOCK_REALTIME_ALARM", + "CLOCK_BOOTTIME_ALARM"] Default value is ["CLOCK_REALTIME"] + items: + type: string + type: array + containerNames: + description: ContainerNames indicates list of the + name of affected container. If not set, the first + container will be injected + items: + type: string + type: array + duration: + description: Duration represents the duration of + the chaos action + type: string + mode: + description: 'Mode defines the mode to run chaos + action. Supported mode: one / all / fixed / fixed-percent + / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string + remoteCluster: + description: RemoteCluster represents the remote + cluster where the chaos will be deployed + type: string + selector: + description: Selector is used to select pods that + are used to inject chaos action. + properties: + annotationSelectors: + additionalProperties: + type: string + description: Map of string keys and values that + can be used to select objects. A selector + based on annotations. + type: object + expressionSelectors: + description: a slice of label selector expressions + that can be used to select objects. A list + of selectors based on set-based label expressions. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. type: string - readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies - a Portworx volume + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array required: - - volumeID + - key + - operator type: object - projected: - description: projected items for all in one - resources secrets, configmaps, and downward - API - properties: - defaultMode: - description: defaultMode are the mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both - octal and decimal values, JSON requires - decimal values for mode bits. Directories - within the path are not affected by - this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set. - format: int32 - type: integer - sources: - description: sources is the list of volume - projections - items: - description: Projection that may be - projected along with other supported - volume types - properties: - configMap: - description: configMap information - about the configMap data to project - properties: - items: - description: items if unspecified, - each key-value pair in the - Data field of the referenced - ConfigMap will be projected - into the volume as a file - whose name is the key and - content is the value. If specified, - the listed keys will be projected - into the specified paths, - and unlisted keys will not - be present. If a key is specified - which is not present in the - ConfigMap, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. - items: - description: Maps a string - key to a path within a volume. - properties: - key: - description: key is the - key to project. - type: string - mode: - description: 'mode is - Optional: mode bits - used to set permissions - on this file. Must be - an octal value between - 0000 and 0777 or a decimal - value between 0 and - 511. YAML accepts both - octal and decimal values, - JSON requires decimal - values for mode bits. - If not specified, the - volume defaultMode will - be used. This might - be in conflict with - other options that affect - the file mode, like - fsGroup, and the result - can be other mode bits - set.' - format: int32 - type: integer - path: - description: path is the - relative path of the - file to map the key - to. May not be an absolute - path. May not contain - the path element '..'. - May not start with the - string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: optional specify - whether the ConfigMap or its - keys must be defined - type: boolean - type: object - downwardAPI: - description: downwardAPI information - about the downwardAPI data to - project - properties: - items: - description: Items is a list - of DownwardAPIVolume file - items: - description: DownwardAPIVolumeFile - represents information to - create the file containing - the pod field - properties: - fieldRef: - description: 'Required: - Selects a field of the - pod: only annotations, - labels, name and namespace - are supported.' - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path - of the field to - select in the specified - API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: - mode bits used to set - permissions on this - file, must be an octal - value between 0000 and - 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and - decimal values, JSON - requires decimal values - for mode bits. If not - specified, the volume - defaultMode will be - used. This might be - in conflict with other - options that affect - the file mode, like - fsGroup, and the result - can be other mode bits - set.' - format: int32 - type: integer - path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must - not be absolute or contain - the ''..'' path. Must - be utf-8 encoded. The - first item of the relative - path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects - a resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - description: secret information - about the secret data to project - properties: - items: - description: items if unspecified, - each key-value pair in the - Data field of the referenced - Secret will be projected into - the volume as a file whose - name is the key and content - is the value. If specified, - the listed keys will be projected - into the specified paths, - and unlisted keys will not - be present. If a key is specified - which is not present in the - Secret, the volume setup will - error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. - items: - description: Maps a string - key to a path within a volume. - properties: - key: - description: key is the - key to project. - type: string - mode: - description: 'mode is - Optional: mode bits - used to set permissions - on this file. Must be - an octal value between - 0000 and 0777 or a decimal - value between 0 and - 511. YAML accepts both - octal and decimal values, - JSON requires decimal - values for mode bits. - If not specified, the - volume defaultMode will - be used. This might - be in conflict with - other options that affect - the file mode, like - fsGroup, and the result - can be other mode bits - set.' - format: int32 - type: integer - path: - description: path is the - relative path of the - file to map the key - to. May not be an absolute - path. May not contain - the path element '..'. - May not start with the - string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: optional field - specify whether the Secret - or its key must be defined - type: boolean - type: object - serviceAccountToken: - description: serviceAccountToken - is information about the serviceAccountToken - data to project - properties: - audience: - description: audience is the - intended audience of the token. - A recipient of a token must - identify itself with an identifier - specified in the audience - of the token, and otherwise - should reject the token. The - audience defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the service - account token. As the token - approaches expiration, the - kubelet volume plugin will - proactively rotate the service - account token. The kubelet - will start trying to rotate - the token if the token is - older than 80 percent of its - time to live or if the token - is older than 24 hours.Defaults - to 1 hour and must be at least - 10 minutes. - format: int64 - type: integer - path: - description: path is the path - relative to the mount point - of the file to project the - token into. - type: string - required: - - path - type: object - type: object + type: array + fieldSelectors: + additionalProperties: + type: string + description: Map of string keys and values that + can be used to select objects. A selector + based on fields. + type: object + labelSelectors: + additionalProperties: + type: string + description: Map of string keys and values that + can be used to select objects. A selector + based on labels. + type: object + namespaces: + description: Namespaces is a set of namespace + to which objects belong. + items: + type: string + type: array + nodeSelectors: + additionalProperties: + type: string + description: Map of string keys and values that + can be used to select nodes. Selector which + must match a node's labels, and objects must + belong to these selected nodes. + type: object + nodes: + description: Nodes is a set of node name and + objects must belong to these nodes. + items: + type: string + type: array + podPhaseSelectors: + description: 'PodPhaseSelectors is a set of + condition of a pod at the current time. supported + value: Pending / Running / Succeeded / Failed + / Unknown' + items: + type: string + type: array + pods: + additionalProperties: + items: + type: string + type: array + description: Pods is a map of string keys and + a set values that used to select pods. The + key defines the namespace which pods belong, + and the each values is a set of pod names. + type: object + type: object + timeOffset: + description: TimeOffset defines the delta time of + injected program. It's a possibly signed sequence + of decimal numbers, such as "300ms", "-1.5h" or + "2h45m". Valid time units are "ns", "us" (or "µs"), + "ms", "s", "m", "h". + type: string + value: + description: Value is required when the mode is + set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`. + If `FixedMode`, provide an integer of pods to + do chaos action. If `FixedPercentMode`, provide + a number from 0-100 to specify the percent of + pods the server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent + of pods to do chaos action + type: string + required: + - mode + - selector + - timeOffset + type: object + required: + - name + - templateType + type: object + type: array + required: + - entry + - templates + type: object + required: + - schedule + - type + type: object + startTime: + format: date-time + type: string + statusCheck: + description: StatusCheck describe the behavior of StatusCheck. Only + used when Type is TypeStatusCheck. + properties: + duration: + description: Duration defines the duration of the whole status + check if the number of failed execution does not exceed the + failure threshold. Duration is available to both `Synchronous` + and `Continuous` mode. A duration string is a possibly signed + sequence of decimal numbers, each with optional fraction and + a unit suffix, such as "300ms", "-1.5h" or "2h45m". Valid time + units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + type: string + failureThreshold: + default: 3 + description: FailureThreshold defines the minimum consecutive + failure for the status check to be considered failed. + minimum: 1 + type: integer + http: + properties: + body: + type: string + criteria: + description: Criteria defines how to determine the result + of the status check. + properties: + statusCode: + description: StatusCode defines the expected http status + code for the request. A statusCode string could be a + single code (e.g. 200), or an inclusive range (e.g. + 200-400, both `200` and `400` are included). + type: string + required: + - statusCode + type: object + headers: + additionalProperties: + items: + type: string + type: array + description: "A Header represents the key-value pairs in an + HTTP header. \n The keys should be in canonical form, as + returned by CanonicalHeaderKey." + type: object + method: + default: GET + enum: + - GET + - POST + type: string + url: + type: string + required: + - criteria + - url + type: object + intervalSeconds: + default: 10 + description: IntervalSeconds defines how often (in seconds) to + perform an execution of status check. + minimum: 1 + type: integer + mode: + description: 'Mode defines the execution mode of the status check. + Support type: Synchronous / Continuous' + enum: + - Synchronous + - Continuous + type: string + recordsHistoryLimit: + default: 100 + description: RecordsHistoryLimit defines the number of record + to retain. + maximum: 1000 + minimum: 1 + type: integer + successThreshold: + default: 1 + description: SuccessThreshold defines the minimum consecutive + successes for the status check to be considered successful. + SuccessThreshold only works for `Synchronous` mode. + minimum: 1 + type: integer + timeoutSeconds: + default: 1 + description: TimeoutSeconds defines the number of seconds after + which an execution of status check times out. + minimum: 1 + type: integer + type: + default: HTTP + description: 'Type defines the specific status check type. Support + type: HTTP' + enum: + - HTTP + type: string + required: + - type + type: object + stressChaos: + description: StressChaosSpec defines the desired state of StressChaos + properties: + containerNames: + description: ContainerNames indicates list of the name of affected + container. If not set, the first container will be injected + items: + type: string + type: array + duration: + description: Duration represents the duration of the chaos action + type: string + mode: + description: 'Mode defines the mode to run chaos action. Supported + mode: one / all / fixed / fixed-percent / random-max-percent' + enum: + - one + - all + - fixed + - fixed-percent + - random-max-percent + type: string + remoteCluster: + description: RemoteCluster represents the remote cluster where + the chaos will be deployed + type: string + selector: + description: Selector is used to select pods that are used to + inject chaos action. + properties: + annotationSelectors: + additionalProperties: + type: string + description: Map of string keys and values that can be used + to select objects. A selector based on annotations. + type: object + expressionSelectors: + description: a slice of label selector expressions that can + be used to select objects. A list of selectors based on + set-based label expressions. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + fieldSelectors: + additionalProperties: + type: string + description: Map of string keys and values that can be used + to select objects. A selector based on fields. + type: object + labelSelectors: + additionalProperties: + type: string + description: Map of string keys and values that can be used + to select objects. A selector based on labels. + type: object + namespaces: + description: Namespaces is a set of namespace to which objects + belong. + items: + type: string + type: array + nodeSelectors: + additionalProperties: + type: string + description: Map of string keys and values that can be used + to select nodes. Selector which must match a node's labels, + and objects must belong to these selected nodes. + type: object + nodes: + description: Nodes is a set of node name and objects must + belong to these nodes. + items: + type: string + type: array + podPhaseSelectors: + description: 'PodPhaseSelectors is a set of condition of a + pod at the current time. supported value: Pending / Running + / Succeeded / Failed / Unknown' + items: + type: string + type: array + pods: + additionalProperties: + items: + type: string + type: array + description: Pods is a map of string keys and a set values + that used to select pods. The key defines the namespace + which pods belong, and the each values is a set of pod names. + type: object + type: object + stressngStressors: + description: StressngStressors defines plenty of stressors just + like `Stressors` except that it's an experimental feature and + more powerful. You can define stressors in `stress-ng` (see + also `man stress-ng`) dialect, however not all of the supported + stressors are well tested. It maybe retired in later releases. + You should always use `Stressors` to define the stressors and + use this only when you want more stressors unsupported by `Stressors`. + When both `StressngStressors` and `Stressors` are defined, `StressngStressors` + wins. + type: string + stressors: + description: Stressors defines plenty of stressors supported to + stress system components out. You can use one or more of them + to make up various kinds of stresses. At least one of the stressors + should be specified. + properties: + cpu: + description: CPUStressor stresses CPU out + properties: + load: + description: Load specifies P percent loading per CPU + worker. 0 is effectively a sleep (no load) and 100 is + full loading. + maximum: 100 + minimum: 0 + type: integer + options: + description: extend stress-ng options + items: + type: string + type: array + workers: + description: Workers specifies N workers to apply the + stressor. Maximum 8192 workers can run by stress-ng + maximum: 8192 + type: integer + required: + - workers + type: object + memory: + description: MemoryStressor stresses virtual memory out + properties: + oomScoreAdj: + default: 0 + description: OOMScoreAdj sets the oom_score_adj of the + stress process. See `man 5 proc` to know more about + this option. + maximum: 1000 + minimum: -1000 + type: integer + options: + description: extend stress-ng options + items: + type: string + type: array + size: + description: Size specifies N bytes consumed per vm worker, + default is the total available memory. One can specify + the size as % of total available memory or in units + of B, KB/KiB, MB/MiB, GB/GiB, TB/TiB. + type: string + workers: + description: Workers specifies N workers to apply the + stressor. Maximum 8192 workers can run by stress-ng + maximum: 8192 + type: integer + required: + - workers + type: object + type: object + value: + description: Value is required when the mode is set to `FixedMode` + / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, + provide an integer of pods to do chaos action. If `FixedPercentMode`, + provide a number from 0-100 to specify the percent of pods the + server can do chaos action. IF `RandomMaxPercentMode`, provide + a number from 0-100 to specify the max percent of pods to do + chaos action + type: string + required: + - mode + - selector + type: object + task: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + description: Affinity is a group of affinity scheduling rules. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string type: array + required: + - key + - operator type: object - quobyte: - description: quobyte represents a Quobyte - mount on the host that shares a pod's lifetime + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. properties: - group: - description: group to map volume access - to Default is no group - type: string - readOnly: - description: readOnly here will force - the Quobyte volume to be mounted with - read-only permissions. Defaults to false. - type: boolean - registry: - description: registry represents a single - or multiple Quobyte Registry services - specified as a string as host:port pair - (multiple entries are separated with - commas) which acts as the central registry - for volumes + key: + description: The label key that the selector + applies to. type: string - tenant: - description: tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is - set by the plugin + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. type: string - user: - description: user to map volume access - to Defaults to serivceaccount user + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. type: string - volume: - description: volume is a string that references - an already created Quobyte volume by - name. + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array required: - - registry - - volume + - key + - operator type: object - rbd: - description: 'rbd represents a Rados Block - Device mount on the host that shares a pod''s - lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. properties: - fsType: - description: 'fsType is the filesystem - type of the volume that you want to - mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if - unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the - filesystem from compromising the machine' + key: + description: The label key that the selector + applies to. type: string - image: - description: 'image is the rados image - name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. type: string - keyring: - description: 'keyring is the path to key - ring for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string - monitors: - description: 'monitors is a collection - of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array - pool: - description: 'pool is the rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'secretRef is name of the - authentication secret for RBDUser. If - provided overrides keyring. Default - is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - user: - description: 'user is the rados user name. - Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string required: - - image - - monitors + - key + - operator type: object - scaleIO: - description: scaleIO represents a ScaleIO - persistent volume attached and mounted on - Kubernetes nodes. + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. properties: - fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Default - is "xfs". - type: string - gateway: - description: gateway is the host address - of the ScaleIO API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name - of the ScaleIO Protection Domain for - the configured storage. - type: string - readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef references to the - secret for ScaleIO user and other sensitive - information. If this is not provided, - Login operation will fail. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default - false - type: boolean - storageMode: - description: storageMode indicates whether - the storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the protection - domain. - type: string - system: - description: system is the name of the - storage system as configured in ScaleIO. + key: + description: key is the label key that + the selector applies to. type: string - volumeName: - description: volumeName is the name of - a volume already created in the ScaleIO - system that is associated with this - volume source. + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array required: - - gateway - - secretRef - - system + - key + - operator type: object - secret: - description: 'secret represents a secret that - should populate this volume. More info: - https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions on - created files by default. Must be an - octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. Defaults to 0644. Directories - within the path are not affected by - this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. items: - description: items If unspecified, each - key-value pair in the Data field of - the referenced Secret will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will be - projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not present - in the Secret, the volume setup will - error unless it is marked optional. - Paths must be relative and may not contain - the '..' path or start with '..'. - items: - description: Maps a string key to a - path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 or - a decimal value between 0 and - 511. YAML accepts both octal and - decimal values, JSON requires - decimal values for mode bits. - If not specified, the volume defaultMode - will be used. This might be in - conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode - bits set.' - format: int32 - type: integer - path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: type: string - required: - - key - - path - type: object - type: array - optional: - description: optional field specify whether - the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of - the secret in the pod''s namespace to - use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. - properties: - fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: type: string - readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef specifies the secret - to use for obtaining the StorageOS API - credentials. If not specified, default - values will be attempted. + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator type: object - volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within StorageOS. If - no namespace is specified then the Pod's - namespace will be used. This allows - the Kubernetes name scoping to be mirrored - within StorageOS for tighter integration. - Set VolumeName to any name to override - the default behaviour. Set to "default" - if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist - within StorageOS will be created. + type: array + matchLabels: + additionalProperties: type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets - host machine + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. properties: - fsType: - description: fsType is filesystem type - to mount. Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage - Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the - storage Policy Based Management (SPBM) - profile name. + key: + description: key is the label key that + the selector applies to. type: string - volumePath: - description: volumePath is the path that - identifies vSphere volume vmdk + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array required: - - volumePath + - key + - operator type: object - required: - - name - type: object - type: array - type: object - templateType: - type: string - timeChaos: - description: TimeChaosSpec defines the desired state - of TimeChaos - properties: - clockIds: - description: ClockIds defines all affected clock - id All available options are ["CLOCK_REALTIME","CLOCK_MONOTONIC","CLOCK_PROCESS_CPUTIME_ID","CLOCK_THREAD_CPUTIME_ID", - "CLOCK_MONOTONIC_RAW","CLOCK_REALTIME_COARSE","CLOCK_MONOTONIC_COARSE","CLOCK_BOOTTIME","CLOCK_REALTIME_ALARM", - "CLOCK_BOOTTIME_ALARM"] Default value is ["CLOCK_REALTIME"] - items: - type: string - type: array - containerNames: - description: ContainerNames indicates list of the - name of affected container. If not set, the first - container will be injected - items: - type: string - type: array - duration: - description: Duration represents the duration of - the chaos action - type: string - mode: - description: 'Mode defines the mode to run chaos - action. Supported mode: one / all / fixed / fixed-percent - / random-max-percent' - enum: - - one - - all - - fixed - - fixed-percent - - random-max-percent - type: string - remoteCluster: - description: RemoteCluster represents the remote - cluster where the chaos will be deployed - type: string - selector: - description: Selector is used to select pods that - are used to inject chaos action. - properties: - annotationSelectors: + type: array + matchLabels: additionalProperties: type: string - description: Map of string keys and values that - can be used to select objects. A selector - based on annotations. + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. type: object - expressionSelectors: - description: a slice of label selector expressions - that can be used to select objects. A list - of selectors based on set-based label expressions. + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: description: A label selector requirement is a selector that contains values, a key, @@ -36762,399 +41005,44 @@ spec: - operator type: object type: array - fieldSelectors: - additionalProperties: - type: string - description: Map of string keys and values that - can be used to select objects. A selector - based on fields. - type: object - labelSelectors: - additionalProperties: - type: string - description: Map of string keys and values that - can be used to select objects. A selector - based on labels. - type: object - namespaces: - description: Namespaces is a set of namespace - to which objects belong. - items: - type: string - type: array - nodeSelectors: + matchLabels: additionalProperties: type: string - description: Map of string keys and values that - can be used to select nodes. Selector which - must match a node's labels, and objects must - belong to these selected nodes. - type: object - nodes: - description: Nodes is a set of node name and - objects must belong to these nodes. - items: - type: string - type: array - podPhaseSelectors: - description: 'PodPhaseSelectors is a set of - condition of a pod at the current time. supported - value: Pending / Running / Succeeded / Failed - / Unknown' - items: - type: string - type: array - pods: - additionalProperties: - items: - type: string - type: array - description: Pods is a map of string keys and - a set values that used to select pods. The - key defines the namespace which pods belong, - and the each values is a set of pod names. + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. type: object type: object - timeOffset: - description: TimeOffset defines the delta time of - injected program. It's a possibly signed sequence - of decimal numbers, such as "300ms", "-1.5h" or - "2h45m". Valid time units are "ns", "us" (or "µs"), - "ms", "s", "m", "h". - type: string - value: - description: Value is required when the mode is - set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`. - If `FixedMode`, provide an integer of pods to - do chaos action. If `FixedPercentMode`, provide - a number from 0-100 to specify the percent of - pods the server can do chaos action. IF `RandomMaxPercentMode`, provide - a number from 0-100 to specify the max percent - of pods to do chaos action + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. type: string required: - - mode - - selector - - timeOffset + - topologyKey type: object - required: - - name - - templateType - type: object - type: array - required: - - entry - - templates - type: object - required: - - schedule - - type - type: object - startTime: - format: date-time - type: string - statusCheck: - description: StatusCheck describe the behavior of StatusCheck. Only - used when Type is TypeStatusCheck. - properties: - duration: - description: Duration defines the duration of the whole status - check if the number of failed execution does not exceed the - failure threshold. Duration is available to both `Synchronous` - and `Continuous` mode. A duration string is a possibly signed - sequence of decimal numbers, each with optional fraction and - a unit suffix, such as "300ms", "-1.5h" or "2h45m". Valid time - units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - type: string - failureThreshold: - default: 3 - description: FailureThreshold defines the minimum consecutive - failure for the status check to be considered failed. - minimum: 1 - type: integer - http: - properties: - body: - type: string - criteria: - description: Criteria defines how to determine the result - of the status check. - properties: - statusCode: - description: StatusCode defines the expected http status - code for the request. A statusCode string could be a - single code (e.g. 200), or an inclusive range (e.g. - 200-400, both `200` and `400` are included). - type: string - required: - - statusCode - type: object - headers: - additionalProperties: - items: - type: string - type: array - description: "A Header represents the key-value pairs in an - HTTP header. \n The keys should be in canonical form, as - returned by CanonicalHeaderKey." - type: object - method: - default: GET - enum: - - GET - - POST - type: string - url: - type: string - required: - - criteria - - url - type: object - intervalSeconds: - default: 10 - description: IntervalSeconds defines how often (in seconds) to - perform an execution of status check. - minimum: 1 - type: integer - mode: - description: 'Mode defines the execution mode of the status check. - Support type: Synchronous / Continuous' - enum: - - Synchronous - - Continuous - type: string - recordsHistoryLimit: - default: 100 - description: RecordsHistoryLimit defines the number of record - to retain. - maximum: 1000 - minimum: 1 - type: integer - successThreshold: - default: 1 - description: SuccessThreshold defines the minimum consecutive - successes for the status check to be considered successful. - SuccessThreshold only works for `Synchronous` mode. - minimum: 1 - type: integer - timeoutSeconds: - default: 1 - description: TimeoutSeconds defines the number of seconds after - which an execution of status check times out. - minimum: 1 - type: integer - type: - default: HTTP - description: 'Type defines the specific status check type. Support - type: HTTP' - enum: - - HTTP - type: string - required: - - type - type: object - stressChaos: - description: StressChaosSpec defines the desired state of StressChaos - properties: - containerNames: - description: ContainerNames indicates list of the name of affected - container. If not set, the first container will be injected - items: - type: string - type: array - duration: - description: Duration represents the duration of the chaos action - type: string - mode: - description: 'Mode defines the mode to run chaos action. Supported - mode: one / all / fixed / fixed-percent / random-max-percent' - enum: - - one - - all - - fixed - - fixed-percent - - random-max-percent - type: string - remoteCluster: - description: RemoteCluster represents the remote cluster where - the chaos will be deployed - type: string - selector: - description: Selector is used to select pods that are used to - inject chaos action. - properties: - annotationSelectors: - additionalProperties: - type: string - description: Map of string keys and values that can be used - to select objects. A selector based on annotations. - type: object - expressionSelectors: - description: a slice of label selector expressions that can - be used to select objects. A list of selectors based on - set-based label expressions. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - fieldSelectors: - additionalProperties: - type: string - description: Map of string keys and values that can be used - to select objects. A selector based on fields. - type: object - labelSelectors: - additionalProperties: - type: string - description: Map of string keys and values that can be used - to select objects. A selector based on labels. - type: object - namespaces: - description: Namespaces is a set of namespace to which objects - belong. - items: - type: string - type: array - nodeSelectors: - additionalProperties: - type: string - description: Map of string keys and values that can be used - to select nodes. Selector which must match a node's labels, - and objects must belong to these selected nodes. - type: object - nodes: - description: Nodes is a set of node name and objects must - belong to these nodes. - items: - type: string - type: array - podPhaseSelectors: - description: 'PodPhaseSelectors is a set of condition of a - pod at the current time. supported value: Pending / Running - / Succeeded / Failed / Unknown' - items: - type: string - type: array - pods: - additionalProperties: - items: - type: string - type: array - description: Pods is a map of string keys and a set values - that used to select pods. The key defines the namespace - which pods belong, and the each values is a set of pod names. - type: object - type: object - stressngStressors: - description: StressngStressors defines plenty of stressors just - like `Stressors` except that it's an experimental feature and - more powerful. You can define stressors in `stress-ng` (see - also `man stress-ng`) dialect, however not all of the supported - stressors are well tested. It maybe retired in later releases. - You should always use `Stressors` to define the stressors and - use this only when you want more stressors unsupported by `Stressors`. - When both `StressngStressors` and `Stressors` are defined, `StressngStressors` - wins. - type: string - stressors: - description: Stressors defines plenty of stressors supported to - stress system components out. You can use one or more of them - to make up various kinds of stresses. At least one of the stressors - should be specified. - properties: - cpu: - description: CPUStressor stresses CPU out - properties: - load: - description: Load specifies P percent loading per CPU - worker. 0 is effectively a sleep (no load) and 100 is - full loading. - maximum: 100 - minimum: 0 - type: integer - options: - description: extend stress-ng options - items: - type: string type: array - workers: - description: Workers specifies N workers to apply the - stressor. Maximum 8192 workers can run by stress-ng - maximum: 8192 - type: integer - required: - - workers - type: object - memory: - description: MemoryStressor stresses virtual memory out - properties: - oomScoreAdj: - default: 0 - description: OOMScoreAdj sets the oom_score_adj of the - stress process. See `man 5 proc` to know more about - this option. - maximum: 1000 - minimum: -1000 - type: integer - options: - description: extend stress-ng options - items: - type: string - type: array - size: - description: Size specifies N bytes consumed per vm worker, - default is the total available memory. One can specify - the size as % of total available memory or in units - of B, KB/KiB, MB/MiB, GB/GiB, TB/TiB. - type: string - workers: - description: Workers specifies N workers to apply the - stressor. Maximum 8192 workers can run by stress-ng - maximum: 8192 - type: integer - required: - - workers type: object type: object - value: - description: Value is required when the mode is set to `FixedMode` - / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, - provide an integer of pods to do chaos action. If `FixedPercentMode`, - provide a number from 0-100 to specify the percent of pods the - server can do chaos action. IF `RandomMaxPercentMode`, provide - a number from 0-100 to specify the max percent of pods to do - chaos action - type: string - required: - - mode - - selector - type: object - task: - properties: + automountServiceAccountToken: + type: boolean container: description: Container is the main container image to run in the pod @@ -38406,9 +42294,421 @@ spec: required: - name type: object + imagePullSecrets: + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + securityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot be + set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is + windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID, the fsGroup (if specified), and group memberships defined + in the container image for the uid of the container process. + If unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image + for the uid of the container process are still effective, + even if they are not included in this list. Note that this + field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to + select the pods over which spreading will be calculated. + The keys are used to lookup values from the incoming pod + labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading + will be calculated for the incoming pod. Keys that don't + exist in the incoming pod labels will be ignored. A null + or empty list means only match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. The global minimum is the minimum number of matching + pods in an eligible domain or zero if the number of eligible + domains is less than MinDomains. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | | P P | P P | P | - + if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that + satisfy it. It''s a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number of eligible + domains. When the number of eligible domains with matching + topology keys is less than minDomains, Pod Topology Spread + treats \"global minimum\" as 0, and then the calculation + of Skew is performed. And when the number of eligible + domains with matching topology keys equals or greater + than minDomains, this value has no effect on scheduling. + As a result, when the number of eligible domains is less + than minDomains, scheduler won't schedule more than maxSkew + Pods to those domains. If value is nil, the constraint + behaves as if MinDomains is equal to 1. Valid values are + integers greater than 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a 3-zone cluster, + MaxSkew is set to 2, MinDomains is set to 5 and pods with + the same labelSelector spread as 2/2/2: | zone1 | zone2 + | zone3 | | P P | P P | P P | The number of domains + is less than 5(MinDomains), so \"global minimum\" is treated + as 0. In this situation, new pod with the same labelSelector + cannot be scheduled, because computed skew will be 3(3 + - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. \n This is a beta field and requires + the MinDomainsInPodTopologySpread feature gate to be enabled + (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat + Pod's nodeAffinity/nodeSelector when calculating pod topology + spread skew. Options are: - Honor: only nodes matching + nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes + are included in the calculations. \n If this value is + nil, the behavior is equivalent to the Honor policy. This + is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat + node taints when calculating pod topology spread skew. + Options are: - Honor: nodes without taints, along with + tainted nodes for which the incoming pod has a toleration, + are included. - Ignore: node taints are ignored. All nodes + are included. \n If this value is nil, the behavior is + equivalent to the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible domain + as a domain whose nodes meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain + of that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it. - ScheduleAnyway tells the scheduler to schedule the + pod in any location, but giving higher precedence to + topologies that would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming pod if and + only if every possible node assignment for that pod would + violate "MaxSkew" on some topology. For example, in a + 3-zone cluster, MaxSkew is set to 1, and pods with the + same labelSelector spread as 3/1/1: | zone1 | zone2 | + zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, + the cluster can still be imbalanced, but scheduler won''t + make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map volumes: - description: Volumes is a list of volumes that can be mounted - by containers in a template. items: description: Volume represents a named volume in a pod that may be accessed by any container in the pod. @@ -47085,6 +51385,927 @@ spec: description: Task describes the behavior of the custom task. Only used when Type is TypeTask. properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + description: Affinity is a group of affinity scheduling + rules. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node matches the corresponding + matchExpressions; the node(s) with the highest + sum are the most preferred. + items: + description: An empty preferred scheduling term + matches all objects with implicit weight 0 (i.e. + it's a no-op). A null preferred scheduling term + matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to an update), the system may or may + not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may + or may not try to eventually evict the pod from + its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of + namespaces that the term applies to. The + term is applied to the union of the namespaces + selected by this field and the ones listed + in the namespaces field. null selector and + null or empty namespaces list means "this + pod's namespace". An empty selector ({}) + matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the anti-affinity requirements specified by this + field cease to be met at some point during pod + execution (e.g. due to a pod label update), the + system may or may not try to eventually evict + the pod from its node. When there are multiple + elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of + namespaces that the term applies to. The + term is applied to the union of the namespaces + selected by this field and the ones listed + in the namespaces field. null selector and + null or empty namespaces list means "this + pod's namespace". An empty selector ({}) + matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean container: description: Container is the main container image to run in the pod @@ -48395,9 +53616,450 @@ spec: required: - name type: object + imagePullSecrets: + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same + namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + type: array + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + securityContext: + description: PodSecurityContext holds pod-level security + attributes and common container settings. Some fields + are also present in container.securityContext. Field + values of container.securityContext take precedence over + field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies + to all containers in a pod. Some volume types allow + the Kubelet to change the ownership of that volume + to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files + created in the volume will be owned by FSGroup) 3. + The permission bits are OR'd with rw-rw---- \n If + unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot + be set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of + changing ownership and permission of the volume before + being exposed inside Pod. This field will only apply + to volume types which support fsGroup based ownership(and + permissions). It will have no effect on ephemeral + volume types such as: secret, configmaps and emptydir. + Valid values are "OnRootMismatch" and "Always". If + not specified, "Always" is used. Note that this field + cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if + it does. If unset or false, no such validation will + be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be + set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all + containers. If unspecified, the container runtime + will allocate a random SELinux context for each container. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when + spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative to + the kubelet's configured seccomp profile location. + Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: \n + Localhost - a profile defined in a file on the + node should be used. RuntimeDefault - the container + runtime default profile should be used. Unconfined + - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's + primary GID, the fsGroup (if specified), and group + memberships defined in the container image for the + uid of the container process. If unspecified, no additional + groups are added to any container. Note that group + memberships defined in the container image for the + uid of the container process are still effective, + even if they are not included in this list. Note that + this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls (by + the container runtime) might fail to launch. Note + that this field cannot be set when spec.os.name is + windows. + items: + description: Sysctl defines a kernel parameter to + be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options within + a container's SecurityContext will be used. If set + in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. This + field is alpha-level and will only be honored + by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature + flag will result in errors when validating the + Pod. All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true + then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. Defaults + to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to + match. Empty means match all taint effects. When + specified, allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If + the key is empty, operator must be Exists; this + combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect + NoExecute, otherwise this field is ignored) tolerates + the taint. By default, it is not set, which means + tolerate the taint forever (do not evict). Zero + and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + items: + description: TopologySpreadConstraint specifies how to + spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are counted + to determine the number of pods in their corresponding + topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select the pods over which spreading will + be calculated. The keys are used to lookup values + from the incoming pod labels, those key-value labels + are ANDed with labelSelector to select the group + of existing pods over which spreading will be calculated + for the incoming pod. Keys that don't exist in the + incoming pod labels will be ignored. A null or empty + list means only match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which + pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the + number of matching pods in the target topology and + the global minimum. The global minimum is the minimum + number of matching pods in an eligible domain or + zero if the number of eligible domains is less than + MinDomains. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum + is 1. | zone1 | zone2 | zone3 | | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can + be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number + of eligible domains. When the number of eligible + domains with matching topology keys is less than + minDomains, Pod Topology Spread treats \"global + minimum\" as 0, and then the calculation of Skew + is performed. And when the number of eligible domains + with matching topology keys equals or greater than + minDomains, this value has no effect on scheduling. + As a result, when the number of eligible domains + is less than minDomains, scheduler won't schedule + more than maxSkew Pods to those domains. If value + is nil, the constraint behaves as if MinDomains + is equal to 1. Valid values are integers greater + than 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a 3-zone + cluster, MaxSkew is set to 2, MinDomains is set + to 5 and pods with the same labelSelector spread + as 2/2/2: | zone1 | zone2 | zone3 | | P P | P + P | P P | The number of domains is less than + 5(MinDomains), so \"global minimum\" is treated + as 0. In this situation, new pod with the same labelSelector + cannot be scheduled, because computed skew will + be 3(3 - 0) if new Pod is scheduled to any of the + three zones, it will violate MaxSkew. \n This is + a beta field and requires the MinDomainsInPodTopologySpread + feature gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we + will treat Pod's nodeAffinity/nodeSelector when + calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. + \n If this value is nil, the behavior is equivalent + to the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will + treat node taints when calculating pod topology + spread skew. Options are: - Honor: nodes without + taints, along with tainted nodes for which the incoming + pod has a toleration, are included. - Ignore: node + taints are ignored. All nodes are included. \n If + this value is nil, the behavior is equivalent to + the Ignore policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", and + try to put balanced number of pods into each bucket. + We define a domain as a particular instance of a + topology. Also, we define an eligible domain as + a domain whose nodes meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if + TopologyKey is "topology.kubernetes.io/zone", each + zone is a domain of that topology. It's a required + field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not + to schedule it. - ScheduleAnyway tells the scheduler + to schedule the pod in any location, but giving + higher precedence to topologies that would help + reduce the skew. A constraint is considered "Unsatisfiable" + for an incoming pod if and only if every possible + node assignment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P + P | P | P | If WhenUnsatisfiable is set + to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, + the cluster can still be imbalanced, but scheduler + won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map volumes: - description: Volumes is a list of volumes that can be mounted - by containers in a template. items: description: Volume represents a named volume in a pod that may be accessed by any container in the pod. diff --git a/pkg/dashboard/swaggerdocs/docs.go b/pkg/dashboard/swaggerdocs/docs.go index 3ac4d88c01..1faea1ecd9 100644 --- a/pkg/dashboard/swaggerdocs/docs.go +++ b/pkg/dashboard/swaggerdocs/docs.go @@ -3020,6 +3020,23 @@ const docTemplate = `{ } } }, + "v1.Affinity": { + "type": "object", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.\n+optional", + "$ref": "#/definitions/v1.NodeAffinity" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).\n+optional", + "$ref": "#/definitions/v1.PodAffinity" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).\n+optional", + "$ref": "#/definitions/v1.PodAntiAffinity" + } + } + }, "v1.AzureDiskVolumeSource": { "type": "object", "properties": { @@ -3911,6 +3928,73 @@ const docTemplate = `{ } } }, + "v1.NodeAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.\n+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.PreferredSchedulingTerm" + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.\n+optional", + "$ref": "#/definitions/v1.NodeSelector" + } + } + }, + "v1.NodeSelector": { + "type": "object", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "type": "array", + "items": { + "$ref": "#/definitions/v1.NodeSelectorTerm" + } + } + } + }, + "v1.NodeSelectorRequirement": { + "type": "object", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.\n+optional", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "v1.NodeSelectorTerm": { + "type": "object", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.\n+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.NodeSelectorRequirement" + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.\n+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.NodeSelectorRequirement" + } + } + } + }, "v1.ObjectFieldSelector": { "type": "object", "properties": { @@ -4136,6 +4220,119 @@ const docTemplate = `{ } } }, + "v1.PodAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.\n+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.WeightedPodAffinityTerm" + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.\n+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.PodAffinityTerm" + } + } + } + }, + "v1.PodAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\n+optional", + "$ref": "#/definitions/v1.LabelSelector" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.\n+optional", + "$ref": "#/definitions/v1.LabelSelector" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".\n+optional", + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + } + }, + "v1.PodAntiAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.\n+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.WeightedPodAffinityTerm" + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.\n+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.PodAffinityTerm" + } + } + } + }, + "v1.PodSecurityContext": { + "type": "object", + "properties": { + "fsGroup": { + "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.\n+optional", + "type": "integer" + }, + "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.\n+optional", + "type": "string" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.\n+optional", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\n+optional", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.\n+optional", + "type": "integer" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.\n+optional", + "$ref": "#/definitions/v1.SELinuxOptions" + }, + "seccompProfile": { + "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.\n+optional", + "$ref": "#/definitions/v1.SeccompProfile" + }, + "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows.\n+optional", + "type": "array", + "items": { + "type": "integer" + } + }, + "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.\n+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.Sysctl" + } + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.\n+optional", + "$ref": "#/definitions/v1.WindowsSecurityContextOptions" + } + } + }, "v1.PortworxVolumeSource": { "type": "object", "properties": { @@ -4153,6 +4350,19 @@ const docTemplate = `{ } } }, + "v1.PreferredSchedulingTerm": { + "type": "object", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "$ref": "#/definitions/v1.NodeSelectorTerm" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer" + } + } + }, "v1.Probe": { "type": "object", "properties": { @@ -4579,6 +4789,19 @@ const docTemplate = `{ } } }, + "v1.Sysctl": { + "type": "object", + "properties": { + "name": { + "description": "Name of a property to set", + "type": "string" + }, + "value": { + "description": "Value of a property to set", + "type": "string" + } + } + }, "v1.TCPSocketAction": { "type": "object", "properties": { @@ -4592,6 +4815,71 @@ const docTemplate = `{ } } }, + "v1.Toleration": { + "type": "object", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.\n+optional", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.\n+optional", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.\n+optional", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.\n+optional", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.\n+optional", + "type": "string" + } + } + }, + "v1.TopologySpreadConstraint": { + "type": "object", + "properties": { + "labelSelector": { + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.\n+optional", + "$ref": "#/definitions/v1.LabelSelector" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. Keys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n+listType=atomic\n+optional", + "type": "array", + "items": { + "type": "string" + } + }, + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen ` + "`" + `whenUnsatisfiable=DoNotSchedule` + "`" + `, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n+-------+-------+-------+\n| zone1 | zone2 | zone3 |\n+-------+-------+-------+\n| P P | P P | P |\n+-------+-------+-------+\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen ` + "`" + `whenUnsatisfiable=ScheduleAnyway` + "`" + `, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", + "type": "integer" + }, + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n+-------+-------+-------+\n| zone1 | zone2 | zone3 |\n+-------+-------+-------+\n| P P | P P | P P |\n+-------+-------+-------+\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).\n+optional", + "type": "integer" + }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.\n+optional", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.\n+optional", + "type": "string" + }, + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each \u003ckey, value\u003e as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", + "type": "string" + }, + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n+-------+-------+-------+\n| zone1 | zone2 | zone3 |\n+-------+-------+-------+\n| P P P | P | P |\n+-------+-------+-------+\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", + "type": "string" + } + } + }, "v1.TypedLocalObjectReference": { "type": "object", "properties": { @@ -4839,6 +5127,19 @@ const docTemplate = `{ } } }, + "v1.WeightedPodAffinityTerm": { + "type": "object", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "$ref": "#/definitions/v1.PodAffinityTerm" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "type": "integer" + } + } + }, "v1.WindowsSecurityContextOptions": { "type": "object", "properties": { @@ -7563,12 +7864,64 @@ const docTemplate = `{ "v1alpha1.Task": { "type": "object", "properties": { + "activeDeadlineSeconds": { + "description": "+optional", + "type": "integer" + }, + "affinity": { + "description": "+optional", + "$ref": "#/definitions/v1.Affinity" + }, + "automountServiceAccountToken": { + "description": "+optional", + "type": "boolean" + }, "container": { "description": "Container is the main container image to run in the pod", "$ref": "#/definitions/v1.Container" }, + "imagePullSecrets": { + "description": "+optional\n+patchMergeKey=name\n+patchStrategy=merge", + "type": "array", + "items": { + "$ref": "#/definitions/v1.LocalObjectReference" + } + }, + "nodeSelector": { + "description": "+optional\n+mapType=atomic", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "securityContext": { + "description": "+optional", + "$ref": "#/definitions/v1.PodSecurityContext" + }, + "serviceAccountName": { + "description": "+optional", + "type": "string" + }, + "terminationGracePeriodSeconds": { + "description": "+optional", + "type": "integer" + }, + "tolerations": { + "description": "+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.Toleration" + } + }, + "topologySpreadConstraints": { + "description": "+optional\n+patchMergeKey=topologyKey\n+patchStrategy=merge\n+listType=map\n+listMapKey=topologyKey\n+listMapKey=whenUnsatisfiable", + "type": "array", + "items": { + "$ref": "#/definitions/v1.TopologySpreadConstraint" + } + }, "volumes": { - "description": "Volumes is a list of volumes that can be mounted by containers in a template.\n+patchStrategy=merge\n+patchMergeKey=name", + "description": "+optional\n+patchMergeKey=name\n+patchStrategy=merge,retainKeys", "type": "array", "items": { "$ref": "#/definitions/v1.Volume" diff --git a/pkg/dashboard/swaggerdocs/swagger.json b/pkg/dashboard/swaggerdocs/swagger.json index 54ea4c803a..1d44200962 100644 --- a/pkg/dashboard/swaggerdocs/swagger.json +++ b/pkg/dashboard/swaggerdocs/swagger.json @@ -3012,6 +3012,23 @@ } } }, + "v1.Affinity": { + "type": "object", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.\n+optional", + "$ref": "#/definitions/v1.NodeAffinity" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).\n+optional", + "$ref": "#/definitions/v1.PodAffinity" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).\n+optional", + "$ref": "#/definitions/v1.PodAntiAffinity" + } + } + }, "v1.AzureDiskVolumeSource": { "type": "object", "properties": { @@ -3903,6 +3920,73 @@ } } }, + "v1.NodeAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.\n+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.PreferredSchedulingTerm" + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.\n+optional", + "$ref": "#/definitions/v1.NodeSelector" + } + } + }, + "v1.NodeSelector": { + "type": "object", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "type": "array", + "items": { + "$ref": "#/definitions/v1.NodeSelectorTerm" + } + } + } + }, + "v1.NodeSelectorRequirement": { + "type": "object", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.\n+optional", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "v1.NodeSelectorTerm": { + "type": "object", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.\n+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.NodeSelectorRequirement" + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.\n+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.NodeSelectorRequirement" + } + } + } + }, "v1.ObjectFieldSelector": { "type": "object", "properties": { @@ -4128,6 +4212,119 @@ } } }, + "v1.PodAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.\n+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.WeightedPodAffinityTerm" + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.\n+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.PodAffinityTerm" + } + } + } + }, + "v1.PodAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\n+optional", + "$ref": "#/definitions/v1.LabelSelector" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.\n+optional", + "$ref": "#/definitions/v1.LabelSelector" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".\n+optional", + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + } + }, + "v1.PodAntiAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.\n+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.WeightedPodAffinityTerm" + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.\n+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.PodAffinityTerm" + } + } + } + }, + "v1.PodSecurityContext": { + "type": "object", + "properties": { + "fsGroup": { + "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.\n+optional", + "type": "integer" + }, + "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.\n+optional", + "type": "string" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.\n+optional", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\n+optional", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.\n+optional", + "type": "integer" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.\n+optional", + "$ref": "#/definitions/v1.SELinuxOptions" + }, + "seccompProfile": { + "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.\n+optional", + "$ref": "#/definitions/v1.SeccompProfile" + }, + "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows.\n+optional", + "type": "array", + "items": { + "type": "integer" + } + }, + "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.\n+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.Sysctl" + } + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.\n+optional", + "$ref": "#/definitions/v1.WindowsSecurityContextOptions" + } + } + }, "v1.PortworxVolumeSource": { "type": "object", "properties": { @@ -4145,6 +4342,19 @@ } } }, + "v1.PreferredSchedulingTerm": { + "type": "object", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "$ref": "#/definitions/v1.NodeSelectorTerm" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer" + } + } + }, "v1.Probe": { "type": "object", "properties": { @@ -4571,6 +4781,19 @@ } } }, + "v1.Sysctl": { + "type": "object", + "properties": { + "name": { + "description": "Name of a property to set", + "type": "string" + }, + "value": { + "description": "Value of a property to set", + "type": "string" + } + } + }, "v1.TCPSocketAction": { "type": "object", "properties": { @@ -4584,6 +4807,71 @@ } } }, + "v1.Toleration": { + "type": "object", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.\n+optional", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.\n+optional", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.\n+optional", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.\n+optional", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.\n+optional", + "type": "string" + } + } + }, + "v1.TopologySpreadConstraint": { + "type": "object", + "properties": { + "labelSelector": { + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.\n+optional", + "$ref": "#/definitions/v1.LabelSelector" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. Keys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n+listType=atomic\n+optional", + "type": "array", + "items": { + "type": "string" + } + }, + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n+-------+-------+-------+\n| zone1 | zone2 | zone3 |\n+-------+-------+-------+\n| P P | P P | P |\n+-------+-------+-------+\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", + "type": "integer" + }, + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n+-------+-------+-------+\n| zone1 | zone2 | zone3 |\n+-------+-------+-------+\n| P P | P P | P P |\n+-------+-------+-------+\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).\n+optional", + "type": "integer" + }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.\n+optional", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.\n+optional", + "type": "string" + }, + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each \u003ckey, value\u003e as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", + "type": "string" + }, + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n+-------+-------+-------+\n| zone1 | zone2 | zone3 |\n+-------+-------+-------+\n| P P P | P | P |\n+-------+-------+-------+\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", + "type": "string" + } + } + }, "v1.TypedLocalObjectReference": { "type": "object", "properties": { @@ -4831,6 +5119,19 @@ } } }, + "v1.WeightedPodAffinityTerm": { + "type": "object", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "$ref": "#/definitions/v1.PodAffinityTerm" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "type": "integer" + } + } + }, "v1.WindowsSecurityContextOptions": { "type": "object", "properties": { @@ -7555,12 +7856,64 @@ "v1alpha1.Task": { "type": "object", "properties": { + "activeDeadlineSeconds": { + "description": "+optional", + "type": "integer" + }, + "affinity": { + "description": "+optional", + "$ref": "#/definitions/v1.Affinity" + }, + "automountServiceAccountToken": { + "description": "+optional", + "type": "boolean" + }, "container": { "description": "Container is the main container image to run in the pod", "$ref": "#/definitions/v1.Container" }, + "imagePullSecrets": { + "description": "+optional\n+patchMergeKey=name\n+patchStrategy=merge", + "type": "array", + "items": { + "$ref": "#/definitions/v1.LocalObjectReference" + } + }, + "nodeSelector": { + "description": "+optional\n+mapType=atomic", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "securityContext": { + "description": "+optional", + "$ref": "#/definitions/v1.PodSecurityContext" + }, + "serviceAccountName": { + "description": "+optional", + "type": "string" + }, + "terminationGracePeriodSeconds": { + "description": "+optional", + "type": "integer" + }, + "tolerations": { + "description": "+optional", + "type": "array", + "items": { + "$ref": "#/definitions/v1.Toleration" + } + }, + "topologySpreadConstraints": { + "description": "+optional\n+patchMergeKey=topologyKey\n+patchStrategy=merge\n+listType=map\n+listMapKey=topologyKey\n+listMapKey=whenUnsatisfiable", + "type": "array", + "items": { + "$ref": "#/definitions/v1.TopologySpreadConstraint" + } + }, "volumes": { - "description": "Volumes is a list of volumes that can be mounted by containers in a template.\n+patchStrategy=merge\n+patchMergeKey=name", + "description": "+optional\n+patchMergeKey=name\n+patchStrategy=merge,retainKeys", "type": "array", "items": { "$ref": "#/definitions/v1.Volume" diff --git a/pkg/dashboard/swaggerdocs/swagger.yaml b/pkg/dashboard/swaggerdocs/swagger.yaml index 4cda2cfe9b..e662c554f4 100644 --- a/pkg/dashboard/swaggerdocs/swagger.yaml +++ b/pkg/dashboard/swaggerdocs/swagger.yaml @@ -472,6 +472,24 @@ definitions: More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore type: string type: object + v1.Affinity: + properties: + nodeAffinity: + $ref: '#/definitions/v1.NodeAffinity' + description: |- + Describes node affinity scheduling rules for the pod. + +optional + podAffinity: + $ref: '#/definitions/v1.PodAffinity' + description: |- + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + +optional + podAntiAffinity: + $ref: '#/definitions/v1.PodAntiAffinity' + description: |- + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + +optional + type: object v1.AzureDiskVolumeSource: properties: cachingMode: @@ -1669,6 +1687,80 @@ definitions: More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: string type: object + v1.NodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + +optional + items: + $ref: '#/definitions/v1.PreferredSchedulingTerm' + type: array + requiredDuringSchedulingIgnoredDuringExecution: + $ref: '#/definitions/v1.NodeSelector' + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + +optional + type: object + v1.NodeSelector: + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + $ref: '#/definitions/v1.NodeSelectorTerm' + type: array + type: object + v1.NodeSelectorRequirement: + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + +optional + items: + type: string + type: array + type: object + v1.NodeSelectorTerm: + properties: + matchExpressions: + description: |- + A list of node selector requirements by node's labels. + +optional + items: + $ref: '#/definitions/v1.NodeSelectorRequirement' + type: array + matchFields: + description: |- + A list of node selector requirements by node's fields. + +optional + items: + $ref: '#/definitions/v1.NodeSelectorRequirement' + type: array + type: object v1.ObjectFieldSelector: properties: apiVersion: @@ -2067,6 +2159,207 @@ definitions: description: pdID is the ID that identifies Photon Controller persistent disk type: string type: object + v1.PodAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + +optional + items: + $ref: '#/definitions/v1.WeightedPodAffinityTerm' + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + +optional + items: + $ref: '#/definitions/v1.PodAffinityTerm' + type: array + type: object + v1.PodAffinityTerm: + properties: + labelSelector: + $ref: '#/definitions/v1.LabelSelector' + description: |- + A label query over a set of resources, in this case pods. + +optional + namespaceSelector: + $ref: '#/definitions/v1.LabelSelector' + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + +optional + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + +optional + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + type: object + v1.PodAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + +optional + items: + $ref: '#/definitions/v1.WeightedPodAffinityTerm' + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + +optional + items: + $ref: '#/definitions/v1.PodAffinityTerm' + type: array + type: object + v1.PodSecurityContext: + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + +optional + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + +optional + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + +optional + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + +optional + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + +optional + type: integer + seLinuxOptions: + $ref: '#/definitions/v1.SELinuxOptions' + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + +optional + seccompProfile: + $ref: '#/definitions/v1.SeccompProfile' + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + +optional + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + +optional + items: + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + +optional + items: + $ref: '#/definitions/v1.Sysctl' + type: array + windowsOptions: + $ref: '#/definitions/v1.WindowsSecurityContextOptions' + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + +optional + type: object v1.PortworxVolumeSource: properties: fsType: @@ -2085,6 +2378,16 @@ definitions: description: volumeID uniquely identifies a Portworx volume type: string type: object + v1.PreferredSchedulingTerm: + properties: + preference: + $ref: '#/definitions/v1.NodeSelectorTerm' + description: A node selector term, associated with the corresponding weight. + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + type: integer + type: object v1.Probe: properties: exec: @@ -2694,6 +2997,15 @@ definitions: +optional type: string type: object + v1.Sysctl: + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + type: object v1.TCPSocketAction: properties: host: @@ -2708,6 +3020,177 @@ definitions: Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. type: object + v1.Toleration: + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + +optional + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + +optional + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + +optional + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + +optional + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + +optional + type: string + type: object + v1.TopologySpreadConstraint: + properties: + labelSelector: + $ref: '#/definitions/v1.LabelSelector' + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + +optional + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + +listType=atomic + +optional + items: + type: string + type: array + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + +-------+-------+-------+ + | zone1 | zone2 | zone3 | + +-------+-------+-------+ + | P P | P P | P | + +-------+-------+-------+ + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + +-------+-------+-------+ + | zone1 | zone2 | zone3 | + +-------+-------+-------+ + | P P | P P | P P | + +-------+-------+-------+ + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + +optional + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + +optional + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + +optional + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + +-------+-------+-------+ + | zone1 | zone2 | zone3 | + +-------+-------+-------+ + | P P P | P | P | + +-------+-------+-------+ + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + type: object v1.TypedLocalObjectReference: properties: apiGroup: @@ -3044,6 +3527,18 @@ definitions: description: volumePath is the path that identifies vSphere volume vmdk type: string type: object + v1.WeightedPodAffinityTerm: + properties: + podAffinityTerm: + $ref: '#/definitions/v1.PodAffinityTerm' + description: Required. A pod affinity term, associated with the corresponding + weight. + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + type: integer + type: object v1.WindowsSecurityContextOptions: properties: gmsaCredentialSpec: @@ -5982,14 +6477,63 @@ definitions: type: object v1alpha1.Task: properties: + activeDeadlineSeconds: + description: +optional + type: integer + affinity: + $ref: '#/definitions/v1.Affinity' + description: +optional + automountServiceAccountToken: + description: +optional + type: boolean container: $ref: '#/definitions/v1.Container' description: Container is the main container image to run in the pod - volumes: + imagePullSecrets: description: |- - Volumes is a list of volumes that can be mounted by containers in a template. + +optional + +patchMergeKey=name +patchStrategy=merge + items: + $ref: '#/definitions/v1.LocalObjectReference' + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + +optional + +mapType=atomic + type: object + securityContext: + $ref: '#/definitions/v1.PodSecurityContext' + description: +optional + serviceAccountName: + description: +optional + type: string + terminationGracePeriodSeconds: + description: +optional + type: integer + tolerations: + description: +optional + items: + $ref: '#/definitions/v1.Toleration' + type: array + topologySpreadConstraints: + description: |- + +optional + +patchMergeKey=topologyKey + +patchStrategy=merge + +listType=map + +listMapKey=topologyKey + +listMapKey=whenUnsatisfiable + items: + $ref: '#/definitions/v1.TopologySpreadConstraint' + type: array + volumes: + description: |- + +optional +patchMergeKey=name + +patchStrategy=merge,retainKeys items: $ref: '#/definitions/v1.Volume' type: array diff --git a/pkg/workflow/task/pod.go b/pkg/workflow/task/pod.go index 3135d1e0c0..c107c8ec36 100644 --- a/pkg/workflow/task/pod.go +++ b/pkg/workflow/task/pod.go @@ -33,21 +33,12 @@ func SpawnPodForTask(task v1alpha1.Task) (corev1.PodSpec, error) { deepCopiedContainer.Resources.Limits.Cpu().SetMilli(1000) deepCopiedContainer.Resources.Limits.Memory().Set(1000) } - result := corev1.PodSpec{ - RestartPolicy: corev1.RestartPolicyNever, - Volumes: attachVolumes(task), - Containers: []corev1.Container{ - *deepCopiedContainer, - }, - } - return result, nil -} -func attachVolumes(task v1alpha1.Task) []corev1.Volume { - var result []corev1.Volume - - // TODO: downwards API and configmaps + spec := task.PodSpec() + spec.RestartPolicy = corev1.RestartPolicyNever + spec.Containers = []corev1.Container{ + *deepCopiedContainer, + } - result = append(result, task.Volumes...) - return result + return spec, nil } From 85887c484968e3307c32716eb38e11c629a45e0a Mon Sep 17 00:00:00 2001 From: Andrius Navasaitis Date: Thu, 6 Jul 2023 17:16:10 +0100 Subject: [PATCH 19/27] fix: use github.tag instead of github.event.after --- .github/workflows/calculate_tag.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/calculate_tag.yaml b/.github/workflows/calculate_tag.yaml index ec05814deb..1ae420c25d 100644 --- a/.github/workflows/calculate_tag.yaml +++ b/.github/workflows/calculate_tag.yaml @@ -20,7 +20,7 @@ on: f3_tag: description: "Additional tag to be prefixed to the latest upstream release tag" type: string - default: "${{ github.event.after }}" + default: "${{ github.sha }}" jobs: calculate-tag: From 2588bd9ec4b870ecaff9008e192959259f0e847a Mon Sep 17 00:00:00 2001 From: Andrius Navasaitis Date: Fri, 7 Jul 2023 12:41:34 +0100 Subject: [PATCH 20/27] fix: build UI when building images --- .github/workflows/build_targets.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build_targets.yaml b/.github/workflows/build_targets.yaml index bcf4af3125..f442b52572 100644 --- a/.github/workflows/build_targets.yaml +++ b/.github/workflows/build_targets.yaml @@ -76,6 +76,7 @@ jobs: - name: Build e2e images env: + UI: 1 DOCKER_CACHE: 1 DOCKER_CACHE_DIR: ${{github.workspace}}/cache GO_BUILD_CACHE: ${{github.workspace}}/cache From cea85b74992cc73d9a79aee410a79e95fa8e009a Mon Sep 17 00:00:00 2001 From: Andrius Navasaitis Date: Fri, 7 Jul 2023 14:11:26 +0100 Subject: [PATCH 21/27] feat: refactor AWSAzChaos field names Renames fields to be more descriptive and makes RemoteCluster optional for AWSAzChaos. --- api/v1alpha1/awsazchaos_types.go | 14 +++-- api/v1alpha1/awschaos_types.go | 6 ++- .../crd/bases/chaos-mesh.org_awsazchaos.yaml | 5 +- .../crd/bases/chaos-mesh.org_schedules.yaml | 17 ++++-- .../bases/chaos-mesh.org_workflownodes.yaml | 23 +++++--- .../crd/bases/chaos-mesh.org_workflows.yaml | 12 +++-- controllers/chaosimpl/awsazchaos/impl.go | 10 ++-- controllers/chaosimpl/fx.go | 2 +- .../crds/chaos-mesh.org_awsazchaos.yaml | 5 +- .../crds/chaos-mesh.org_schedules.yaml | 17 ++++-- .../crds/chaos-mesh.org_workflownodes.yaml | 23 +++++--- .../crds/chaos-mesh.org_workflows.yaml | 12 +++-- manifests/crd.yaml | 52 +++++++++++++------ pkg/dashboard/swaggerdocs/docs.go | 3 +- pkg/dashboard/swaggerdocs/swagger.json | 3 +- pkg/dashboard/swaggerdocs/swagger.yaml | 5 +- ui/app/src/components/NewExperiment/types.ts | 6 +++ .../NewExperimentNext/data/types.ts | 23 ++++++++ 18 files changed, 172 insertions(+), 66 deletions(-) diff --git a/api/v1alpha1/awsazchaos_types.go b/api/v1alpha1/awsazchaos_types.go index 68dd9728f4..90a1a9d645 100644 --- a/api/v1alpha1/awsazchaos_types.go +++ b/api/v1alpha1/awsazchaos_types.go @@ -19,9 +19,11 @@ type AWSAzChaos struct { Status AWSAzChaosStatus `json:"status,omitempty"` } -var _ InnerObjectWithCustomStatus = (*AWSAzChaos)(nil) -var _ InnerObjectWithSelector = (*AWSAzChaos)(nil) -var _ InnerObject = (*AWSAzChaos)(nil) +var ( + _ InnerObjectWithCustomStatus = (*AWSAzChaos)(nil) + _ InnerObjectWithSelector = (*AWSAzChaos)(nil) + _ InnerObject = (*AWSAzChaos)(nil) +) // AWSAzChaosSpec is the content of the specification for a AWSAzChaos type AWSAzChaosSpec struct { @@ -32,6 +34,8 @@ type AWSAzChaosSpec struct { // +optional Duration *string `json:"duration,omitempty"` + // RemoteCluster represents the remote cluster where the chaos will be deployed + // +optional RemoteCluster string `json:"remoteCluster,omitempty"` } @@ -49,8 +53,8 @@ type AWSAZSelector struct { // AWSRegion defines the region of aws. Stack string `json:"stack"` - // AZ indicates the Availability zone to be taken down - AZ string `json:"az"` + // AvailabilityZone indicates the Availability zone to be taken down + AvailabilityZone string `json:"az"` } // GetSelectorSpecs is a getter for selectors diff --git a/api/v1alpha1/awschaos_types.go b/api/v1alpha1/awschaos_types.go index 09061517cd..7aa76766ab 100644 --- a/api/v1alpha1/awschaos_types.go +++ b/api/v1alpha1/awschaos_types.go @@ -36,8 +36,10 @@ type AWSChaos struct { Status AWSChaosStatus `json:"status,omitempty"` } -var _ InnerObjectWithSelector = (*AWSChaos)(nil) -var _ InnerObject = (*AWSChaos)(nil) +var ( + _ InnerObjectWithSelector = (*AWSChaos)(nil) + _ InnerObject = (*AWSChaos)(nil) +) // AWSChaosAction represents the chaos action about aws. type AWSChaosAction string diff --git a/config/crd/bases/chaos-mesh.org_awsazchaos.yaml b/config/crd/bases/chaos-mesh.org_awsazchaos.yaml index 1a0f72de69..9a446d6086 100644 --- a/config/crd/bases/chaos-mesh.org_awsazchaos.yaml +++ b/config/crd/bases/chaos-mesh.org_awsazchaos.yaml @@ -42,12 +42,15 @@ spec: AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be taken down + description: AvailabilityZone indicates the Availability zone to be + taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster where the + chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. diff --git a/config/crd/bases/chaos-mesh.org_schedules.yaml b/config/crd/bases/chaos-mesh.org_schedules.yaml index 9327aac830..7369b28be7 100644 --- a/config/crd/bases/chaos-mesh.org_schedules.yaml +++ b/config/crd/bases/chaos-mesh.org_schedules.yaml @@ -87,12 +87,15 @@ spec: a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be taken down + description: AvailabilityZone indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster where + the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -3350,14 +3353,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be - taken down + description: AvailabilityZone indicates the Availability + zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster + where the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -6464,14 +6469,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone - to be taken down + description: AvailabilityZone indicates the Availability + zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote + cluster where the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. diff --git a/config/crd/bases/chaos-mesh.org_workflownodes.yaml b/config/crd/bases/chaos-mesh.org_workflownodes.yaml index 76c32f149d..ed389f06de 100644 --- a/config/crd/bases/chaos-mesh.org_workflownodes.yaml +++ b/config/crd/bases/chaos-mesh.org_workflownodes.yaml @@ -93,12 +93,15 @@ spec: a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be taken down + description: AvailabilityZone indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster where + the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -3004,14 +3007,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be taken - down + description: AvailabilityZone indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster where + the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -6339,14 +6344,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone - to be taken down + description: AvailabilityZone indicates the Availability + zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote + cluster where the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -9548,14 +9555,16 @@ spec: specification for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone - to be taken down + description: AvailabilityZone indicates the + Availability zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote + cluster where the chaos will be deployed type: string stack: description: AWSRegion defines the region of diff --git a/config/crd/bases/chaos-mesh.org_workflows.yaml b/config/crd/bases/chaos-mesh.org_workflows.yaml index a61c811057..11e2af9b09 100644 --- a/config/crd/bases/chaos-mesh.org_workflows.yaml +++ b/config/crd/bases/chaos-mesh.org_workflows.yaml @@ -99,14 +99,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be taken - down + description: AvailabilityZone indicates the Availability + zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster + where the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -3125,14 +3127,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be - taken down + description: AvailabilityZone indicates the Availability + zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster + where the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. diff --git a/controllers/chaosimpl/awsazchaos/impl.go b/controllers/chaosimpl/awsazchaos/impl.go index dfe7544aac..a62b372630 100644 --- a/controllers/chaosimpl/awsazchaos/impl.go +++ b/controllers/chaosimpl/awsazchaos/impl.go @@ -38,7 +38,7 @@ func (impl *Impl) Apply(ctx context.Context, index int, records []*v1alpha1.Reco return v1alpha1.NotInjected, err } - azLoss, err := subnetloss.NewAWSAzLoss(ctx, selected.Stack, selected.AZ, impl.Log) + azLoss, err := subnetloss.NewAWSAzLoss(ctx, selected.Stack, selected.AvailabilityZone, impl.Log) if err != nil { impl.Log.Error(err, "fail to create NewAWSAzLoss") return v1alpha1.NotInjected, err @@ -46,7 +46,7 @@ func (impl *Impl) Apply(ctx context.Context, index int, records []*v1alpha1.Reco phase := record.Phase if phase == waitForApplySync { - impl.Log.Info(fmt.Sprintf("Applying awsazchaos chaos for stack (%s) and AZ (%s)", selected.Stack, selected.AZ)) + impl.Log.Info(fmt.Sprintf("Applying awsazchaos chaos for stack (%s) and AZ (%s)", selected.Stack, selected.AvailabilityZone)) err := azLoss.Start(ctx, awsAZChaos.Status.SubnetToACL) if err != nil { impl.Log.Error(err, "fail to start NewAWSAzLoss") @@ -78,15 +78,15 @@ func (impl *Impl) Recover(ctx context.Context, index int, records []*v1alpha1.Re return v1alpha1.Injected, err } - azLoss, err := subnetloss.NewAWSAzLoss(ctx, selected.Stack, selected.AZ, impl.Log) + azLoss, err := subnetloss.NewAWSAzLoss(ctx, selected.Stack, selected.AvailabilityZone, impl.Log) if err != nil { impl.Log.Error(err, "fail to create NewAWSAzLoss") return v1alpha1.Injected, err } - impl.Log.Info(fmt.Sprintf("Recovering awsazchaos chaos for stack (%s) and AZ (%s)", selected.Stack, selected.AZ)) + impl.Log.Info(fmt.Sprintf("Recovering awsazchaos chaos for stack (%s) and AZ (%s)", selected.Stack, selected.AvailabilityZone)) err = azLoss.Stop(ctx, awsAZChaos.Status.SubnetToACL) if err != nil { - impl.Log.Error(err, fmt.Sprintf("failed to recover awsazchaos chaos for stack (%s) and AZ (%s)", selected.Stack, selected.AZ)) + impl.Log.Error(err, fmt.Sprintf("failed to recover awsazchaos chaos for stack (%s) and AZ (%s)", selected.Stack, selected.AvailabilityZone)) return v1alpha1.Injected, err } return v1alpha1.NotInjected, nil diff --git a/controllers/chaosimpl/fx.go b/controllers/chaosimpl/fx.go index a15d232e7a..6b07ad47ff 100644 --- a/controllers/chaosimpl/fx.go +++ b/controllers/chaosimpl/fx.go @@ -16,9 +16,9 @@ package chaosimpl import ( - "github.com/chaos-mesh/chaos-mesh/controllers/chaosimpl/awsazchaos" "go.uber.org/fx" + "github.com/chaos-mesh/chaos-mesh/controllers/chaosimpl/awsazchaos" "github.com/chaos-mesh/chaos-mesh/controllers/chaosimpl/awschaos" "github.com/chaos-mesh/chaos-mesh/controllers/chaosimpl/azurechaos" "github.com/chaos-mesh/chaos-mesh/controllers/chaosimpl/blockchaos" diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_awsazchaos.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_awsazchaos.yaml index 1a0f72de69..9a446d6086 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_awsazchaos.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_awsazchaos.yaml @@ -42,12 +42,15 @@ spec: AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be taken down + description: AvailabilityZone indicates the Availability zone to be + taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster where the + chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml index 9327aac830..7369b28be7 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_schedules.yaml @@ -87,12 +87,15 @@ spec: a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be taken down + description: AvailabilityZone indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster where + the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -3350,14 +3353,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be - taken down + description: AvailabilityZone indicates the Availability + zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster + where the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -6464,14 +6469,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone - to be taken down + description: AvailabilityZone indicates the Availability + zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote + cluster where the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml index 76c32f149d..ed389f06de 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml @@ -93,12 +93,15 @@ spec: a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be taken down + description: AvailabilityZone indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster where + the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -3004,14 +3007,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be taken - down + description: AvailabilityZone indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster where + the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -6339,14 +6344,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone - to be taken down + description: AvailabilityZone indicates the Availability + zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote + cluster where the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -9548,14 +9555,16 @@ spec: specification for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone - to be taken down + description: AvailabilityZone indicates the + Availability zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote + cluster where the chaos will be deployed type: string stack: description: AWSRegion defines the region of diff --git a/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml b/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml index a61c811057..11e2af9b09 100644 --- a/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml +++ b/helm/chaos-mesh/crds/chaos-mesh.org_workflows.yaml @@ -99,14 +99,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be taken - down + description: AvailabilityZone indicates the Availability + zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster + where the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -3125,14 +3127,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be - taken down + description: AvailabilityZone indicates the Availability + zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster + where the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. diff --git a/manifests/crd.yaml b/manifests/crd.yaml index 03bd2a806a..23adab39ea 100644 --- a/manifests/crd.yaml +++ b/manifests/crd.yaml @@ -5448,12 +5448,15 @@ spec: a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be taken down + description: AvailabilityZone indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster where + the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -8711,14 +8714,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be - taken down + description: AvailabilityZone indicates the Availability + zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster + where the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -11825,14 +11830,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone - to be taken down + description: AvailabilityZone indicates the Availability + zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote + cluster where the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -20021,12 +20028,15 @@ spec: a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be taken down + description: AvailabilityZone indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster where + the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -22932,14 +22942,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be taken - down + description: AvailabilityZone indicates the Availability zone + to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster where + the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -26267,14 +26279,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone - to be taken down + description: AvailabilityZone indicates the Availability + zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote + cluster where the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -29476,14 +29490,16 @@ spec: specification for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone - to be taken down + description: AvailabilityZone indicates the + Availability zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote + cluster where the chaos will be deployed type: string stack: description: AWSRegion defines the region of @@ -40507,14 +40523,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be taken - down + description: AvailabilityZone indicates the Availability + zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster + where the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. @@ -43533,14 +43551,16 @@ spec: for a AWSAzChaos properties: az: - description: AZ indicates the Availability zone to be - taken down + description: AvailabilityZone indicates the Availability + zone to be taken down type: string duration: description: Duration represents the duration of the chaos action type: string remoteCluster: + description: RemoteCluster represents the remote cluster + where the chaos will be deployed type: string stack: description: AWSRegion defines the region of aws. diff --git a/pkg/dashboard/swaggerdocs/docs.go b/pkg/dashboard/swaggerdocs/docs.go index 0d179d184b..027026e303 100644 --- a/pkg/dashboard/swaggerdocs/docs.go +++ b/pkg/dashboard/swaggerdocs/docs.go @@ -4864,7 +4864,7 @@ const docTemplate = `{ "type": "object", "properties": { "az": { - "description": "Ec2Instance indicates the ID of the ec2 instance.", + "description": "AZ indicates the Availability zone to be taken down", "type": "string" }, "duration": { @@ -4872,6 +4872,7 @@ const docTemplate = `{ "type": "string" }, "remoteCluster": { + "description": "RemoteCluster represents the remote cluster where the chaos will be deployed\n+optional", "type": "string" }, "stack": { diff --git a/pkg/dashboard/swaggerdocs/swagger.json b/pkg/dashboard/swaggerdocs/swagger.json index 41d98475e7..66359ebabd 100644 --- a/pkg/dashboard/swaggerdocs/swagger.json +++ b/pkg/dashboard/swaggerdocs/swagger.json @@ -4856,7 +4856,7 @@ "type": "object", "properties": { "az": { - "description": "Ec2Instance indicates the ID of the ec2 instance.", + "description": "AZ indicates the Availability zone to be taken down", "type": "string" }, "duration": { @@ -4864,6 +4864,7 @@ "type": "string" }, "remoteCluster": { + "description": "RemoteCluster represents the remote cluster where the chaos will be deployed\n+optional", "type": "string" }, "stack": { diff --git a/pkg/dashboard/swaggerdocs/swagger.yaml b/pkg/dashboard/swaggerdocs/swagger.yaml index a1c0ae8fbb..7bbd06ab9e 100644 --- a/pkg/dashboard/swaggerdocs/swagger.yaml +++ b/pkg/dashboard/swaggerdocs/swagger.yaml @@ -3081,7 +3081,7 @@ definitions: v1alpha1.AWSAzChaosSpec: properties: az: - description: Ec2Instance indicates the ID of the ec2 instance. + description: AZ indicates the Availability zone to be taken down type: string duration: description: |- @@ -3089,6 +3089,9 @@ definitions: +optional type: string remoteCluster: + description: |- + RemoteCluster represents the remote cluster where the chaos will be deployed + +optional type: string stack: description: AWSRegion defines the region of aws. diff --git a/ui/app/src/components/NewExperiment/types.ts b/ui/app/src/components/NewExperiment/types.ts index 12b492e5b9..04654a84f7 100644 --- a/ui/app/src/components/NewExperiment/types.ts +++ b/ui/app/src/components/NewExperiment/types.ts @@ -46,6 +46,11 @@ export interface AWS { deviceName?: string } +export interface AWSAzChaos { + stack: string + availablityZone: string +} + export interface DNS { action: 'error' | 'random' patterns: string[] @@ -160,6 +165,7 @@ export interface Time { export interface ExperimentType { AWSChaos: AWS + AWSAzChaos: AWSAzChaos AzureChaos?: unknown DNSChaos: DNS GCPChaos: GCP diff --git a/ui/app/src/components/NewExperimentNext/data/types.ts b/ui/app/src/components/NewExperimentNext/data/types.ts index 8d14bc1ff6..a766020d73 100644 --- a/ui/app/src/components/NewExperimentNext/data/types.ts +++ b/ui/app/src/components/NewExperimentNext/data/types.ts @@ -339,6 +339,23 @@ const data: Record = { }, ], }, + // AWSAzChaos + AWSAzChaos: { + spec: { + stack: { + field: 'text', + label: 'Stack name', + value: '', + helperText: 'The name of the stack', + }, + availabilityZone: { + field: 'text', + label: 'Availability zone', + value: '', + helperText: 'The name of the availability zone', + }, + } as any, + }, BlockChaos: { categories: [ { @@ -1385,6 +1402,12 @@ export const schema: Partial>> = { volumeID: Yup.string().required('The ID of the EBS volume is required'), }), }, + AWSAzChaos: { + default: Yup.object({ + stack: Yup.string().required('The stack name is required'), + availabilityZone: Yup.string().required('The availability zone is required'), + }), + }, DNSChaos: { error: Yup.object({ patterns: patternsSchema, From f714d95eb28a7b49aa9dfe7c69cf4427abb0b3f4 Mon Sep 17 00:00:00 2001 From: Andrius Navasaitis Date: Fri, 7 Jul 2023 14:44:01 +0100 Subject: [PATCH 22/27] fix: checkout code when checking for changes --- .github/workflows/unit_test.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/unit_test.yaml b/.github/workflows/unit_test.yaml index cd09cecefc..c4f0aad0b1 100644 --- a/.github/workflows/unit_test.yaml +++ b/.github/workflows/unit_test.yaml @@ -12,7 +12,9 @@ jobs: go: ${{ steps.filter.outputs.go }} ui: ${{ steps.filter.outputs.ui }} steps: - # For pull requests it's not necessary to checkout the code + - name: checkout codes + uses: actions/checkout@v2 + - uses: dorny/paths-filter@v2 id: filter with: From d671d104545e89bb2cf4f8523e2fcc1a75054b9a Mon Sep 17 00:00:00 2001 From: Andrius Navasaitis Date: Fri, 7 Jul 2023 14:52:25 +0100 Subject: [PATCH 23/27] fix: check for all ui code for testing --- .github/workflows/unit_test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/unit_test.yaml b/.github/workflows/unit_test.yaml index c4f0aad0b1..2bceac74fc 100644 --- a/.github/workflows/unit_test.yaml +++ b/.github/workflows/unit_test.yaml @@ -25,9 +25,9 @@ jobs: - '**.go' - 'helm/**' ui: - - 'ui/pnpm-lock.yaml' + - 'ui/**' - '**.js' - - '**.ts?(x)' + - '**.ts' go: needs: changes if: ${{ needs.changes.outputs.go == 'true' }} From 6bfa42258784818bd9b69c2e80bdf9ecee224593 Mon Sep 17 00:00:00 2001 From: Andrius Navasaitis Date: Fri, 7 Jul 2023 14:56:44 +0100 Subject: [PATCH 24/27] fix: mock --- pkg/mock/mock.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/mock/mock.go b/pkg/mock/mock.go index c0d97cb5e0..5721dbd3b3 100755 --- a/pkg/mock/mock.go +++ b/pkg/mock/mock.go @@ -57,9 +57,9 @@ var points = mockPoints{m: make(map[string]interface{})} // On inject a failpoint func On(fpname string) interface{} { var ret interface{} - if _, ok := failpoint.Eval(_curpkg_(fpname)); ok { + failpoint.Inject(fpname, func() { ret = points.get(fpname) - } + }) return ret } From 874999afe1a44a5fc3c373a2692c99807ca8dfee Mon Sep 17 00:00:00 2001 From: Andrius Navasaitis Date: Tue, 11 Jul 2023 15:11:58 +0100 Subject: [PATCH 25/27] trigger ci From 7ff75e4e99030292442b6d284237df26d924b3de Mon Sep 17 00:00:00 2001 From: Andrius Navasaitis Date: Tue, 11 Jul 2023 16:16:30 +0100 Subject: [PATCH 26/27] trigger ci From 91398ccee4803ff850bf487fd2494de09bc64149 Mon Sep 17 00:00:00 2001 From: Andrius Navasaitis Date: Tue, 11 Jul 2023 16:38:27 +0100 Subject: [PATCH 27/27] trigger ci